last executing test programs: 17.367465286s ago: executing program 4 (id=2240): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async, rerun: 64) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) (rerun: 64) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) (async) r2 = fsopen(&(0x7f0000000280)='ntfs3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000040)=0x4d) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r0, 0x0) syz_clone(0x9f872791, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r5 = eventfd(0x0) io_setup(0x61, &(0x7f0000000100)=0x0) io_submit(r6, 0x2, &(0x7f0000000440)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7ff, r5, &(0x7f0000000180)="0000fd6000000000", 0x8, 0x36, 0x0, 0x2, r5}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r5, 0x0, 0x0, 0x7, 0x0, 0x3, r5}]) (async) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000540)="6bf8b5b4b98699c3d3314cdcbd", 0xd}], 0x1, 0x0, 0x0, 0x881}, 0x404c804) (async) mknod$loop(&(0x7f0000002180)='./file0\x00', 0x800, 0x0) r7 = inotify_init() (async) r8 = inotify_init1(0x80000) inotify_add_watch(r8, &(0x7f0000000080)='.\x00', 0x2000775) (async) inotify_add_watch(r7, &(0x7f0000000000)='./file0\x00', 0x84000b8a) (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000580)={@flat=@binder={0x73622a85, 0x101e, 0x1}, @fda={0x66646185, 0x8, 0x2, 0x400008}, @fd={0x66642a85, 0x0, r8}}, &(0x7f0000000140)={0x0, 0x18, 0x38}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000c80)={0x44, 0x0, &(0x7f0000000ac0)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x2, 0xfdfdffff, &(0x7f0000000bc0)='IC'}) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x11, &(0x7f0000000480)="685e1e5ad5244bd7097bab1c847a361c6686bcd50d06f70ef4764c15212865a46d4998b7b8ce9b5b2f477138239cc18c01782cba06d57cc7f44d3552aca54809d0316191bcef4d69a21f98a20c340993fe2f8cfab8f46b298403e29d98abd478e78ddbcd0233c9f212880894e8ec2f309f078779cc48a3f1e5c5c455094cd85655c4f5fcfecb0bbb8d3813d0452578f1dfd3f430f02b1cfe2e00f743a385762e34c8fd304318c3f36f98ff2b3c7e40021b94bb37a2c0d42a6d30", 0xba) (async, rerun: 32) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netpci0\x00', 0x2}) (rerun: 32) 14.399501535s ago: executing program 4 (id=2245): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 11.254372838s ago: executing program 4 (id=2251): r0 = socket$inet6_sctp(0xa, 0x4, 0x84) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x1, 0x200, 0x9, 0x7ff, r3}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000440)={r3, 0x0, 0x6a5, 0x6c1c7186, 0x4}, &(0x7f0000000540)=0x14) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r5], 0x50) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x8}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r7, 0x84, 0x1b, &(0x7f0000000380)={r8, 0x7b, "a8f1df71a1a835473e2411db22abe7a990c384bb216ed18f5c216308e7979019acb485d07e13e18c957efd28603450712984d20c56564e46e2a1b366ffaee9624cc2134ad78efddcb92c236ccc02eba384f40e66951d6fa9e0e513e87bcba597c16b9411a8c334111ee6cb47479b3586a029d95bb24f4d2883a1ae"}, &(0x7f0000000300)=0x83) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x16a) mount(&(0x7f0000000040)=@filename='./file1\x00', &(0x7f0000000080)='./file1\x00', &(0x7f0000000100)='nilfs2\x00', 0x800000, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000580)={r4, 0x19f, 0x7ff, 0xffff}, &(0x7f00000005c0)=0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r6, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%-5lx \x00'}, 0x20) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x41da}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x480}}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r9}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xae}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffeffff}, 0x94) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x7, 0x5, 0x16, 0x5, 0x5, 0x6, 0x3, 0xe, 0xfd, 0x2, 0xffffffff, 0x1, 0x1, 0x4, 0x5, 0xfffffffe, 0x7f, 0x0, 0x40000003, 0x89, 0x3, 0x3, 0x20001e58, 0x9, 0xe66, 0x400003, 0x995d000, 0x0, 0x0, 0xfffffff8]}) 9.623639693s ago: executing program 4 (id=2254): syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x1000}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) r0 = getpid() (async) sched_setscheduler(0x0, 0x3, &(0x7f0000000280)=0x5) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r4) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0025e8", @ANYRESHEX=r3, @ANYRESOCT, @ANYRESHEX=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10) (async) sched_setscheduler(r0, 0x5, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4001, &(0x7f0000000000)=0x1, 0x7, 0x0) (async) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r5, &(0x7f0000000000), 0xd) socket$phonet_pipe(0x23, 0x5, 0x2) (async) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd_index=0x8, 0x10, 0x20000000, 0x20001, 0x0, 0x0, {0x1}}) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000)) process_mrelease(0xffffffffffffffff, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0xd8}, 0x1, 0x0, 0x0, 0x800}, 0x0) 8.031753123s ago: executing program 1 (id=2259): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) getsockopt$bt_hci(r2, 0x29, 0x1, 0x0, &(0x7f0000000300)) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) readv(r3, &(0x7f0000001580)=[{&(0x7f00000010c0)=""/122, 0x7a}, {&(0x7f0000001140)=""/172, 0xac}, {&(0x7f0000001200)=""/118, 0x76}, {&(0x7f0000000040)}, {&(0x7f0000001280)=""/240, 0xf0}, {&(0x7f0000001380)=""/143, 0x8f}, {&(0x7f0000001480)=""/120, 0x78}, {&(0x7f0000001500)=""/104, 0x68}], 0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x42f9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x3}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0xf}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8004001}, 0x0) r7 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000040)='pim6reg1\x00') readv(r7, &(0x7f0000001080)=[{&(0x7f0000000080)=""/4096, 0x1000}], 0x1) 7.767891695s ago: executing program 1 (id=2261): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000050000000300000000ff001103000000000000000000000000000004000000000000000001000004000000000800000002000000000000000000002e"], 0x0, 0x51}, 0x28) r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x200000) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) socket(0x1d, 0x2, 0x6) timerfd_create(0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xts-twofish-avx,camellia-asm,cbcmac(aes))\x00'}, 0x58) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x800}) poll(&(0x7f00000000c0)=[{r0, 0xe7d4c009da6c1985}, {r0, 0x201}], 0x2, 0x4) 5.780616114s ago: executing program 0 (id=2263): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_FORWARD(0xffffffffffffffff, 0x40084149, &(0x7f0000000300)=0xcf) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003400000000808000740000000310800064000000000700100000c0a01010000000000000000070000050900020073797a31000000000900010073797a3000000000440103804001008008000340000000020900090073797a31000000000900090073797a3100000000100102"], 0x20c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.435148377s ago: executing program 0 (id=2264): prlimit64(0x0, 0x9, &(0x7f0000000140)={0xa39b, 0x200000000102}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000a00)=@name={0x1e, 0x2, 0x2, {{}, 0x1}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x4) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f00000003c0)={{0x80, 0x7}, 'port1\x00', 0xe3, 0xc06, 0x800, 0x80000, 0x0, 0x3, 0x3, 0x0, 0x2}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) connect$inet(r5, 0x0, 0x0) 5.240498001s ago: executing program 0 (id=2265): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400)='cgroup2\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56e, 0x10c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xee}}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)={0x0, 0x0, 0x3, {0x3, 0x0, '\x00'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x9}, 0x28) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, 0x0}}], 0x1, 0x20000802) shutdown(0xffffffffffffffff, 0x1000000) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0x9}}}, 0x24}}, 0x0) recvmmsg(r7, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x2100, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'}) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, 0x0) 5.103899203s ago: executing program 1 (id=2266): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0xc0045543, &(0x7f0000000100)=0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0) syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000a00)=ANY=[@ANYBLOB="12010003000000106b1d01014000010203010902a000030156c0020904000000010100000a24010101bb02010211240601040507000300080003000200050524050e0f0f2406000504020002000a000900070a24050201cdddb1f4120924060502010600000924030303030505"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) fcntl$getown(0xffffffffffffffff, 0x9) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000a00806e08000000000000f60300018014000280b4e275519d8873a6168059e656"], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x20048800) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)='D', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="bae4e6c90e2c2528899c4dafaadec1", 0xf}, {&(0x7f0000000380)="863df713b27092133340e45590eac45df1f0a54f", 0x14}, {&(0x7f0000000900)="5e9a96da6c96c227926d725c264c8db1743e2a714194d97fd4a96b32f3a0cc57ff3d188ab8257403ab87aac73e", 0x2d}, {&(0x7f0000001000)="5e48212599327704ccc5ca940f85ce93d081835a8f8ce527ba414eeb2fac35952374361fa3fe455eae90ef6636e089eeae608c4bb2a0cae5f3d8ebe5294f272023815eacab65c0a92cd792cae6645dcef01758183b1dab679fc8bccc9b2a7c95efda137f6f80e4159ff6295a35f2516454afb609ce2bc852ece0d2234e63a4cfcceb2f628f6425b0b5dd6ba4c20e250c72f658b059079271c6f206a758e87784fd6256d1ee6cd55ea723631572ba4729109fa114f7240bb6776054d1fa9b5c3114debca30e4196223e3f6fcbf715c61e62f3702e1a43c72c114587e1eb727a458aba50fe0da0523b0f24", 0xea}], 0x4}}], 0x3, 0x4004) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x1, 0x100080d5, 0x0, 0x0) 4.593060664s ago: executing program 4 (id=2272): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000100)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x861}}, 0x0, 0x0}, &(0x7f0000000600)={0x2c, &(0x7f0000000500)={0x0, 0xe, 0xc5, "d7eabe0a8a32586a8cb1d570c78bbb9dbd5be64d7a76800c373816798d6ae15ca8722d021b00ba7eee215d448768e5a6b63380adcce184536d2ac72257ab524e26dec5c4f2d91656b6f031e8b301f4b9d29287db58835c2d197eb7cc0a388637beabc3346843b59c279230928b4a3bab163b462bbbdfee5e5021f72e3196490f3c30f7b85267e761f210ea724ca26df0eb15c0f8b89a170b4e065e72b3abff1c6d2e113ebdd025479c15a7ea748f7417b247a5be9c6c60a68704793d226fab48192601728b"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000800)=ANY=[@ANYRESHEX], &(0x7f0000000480)={0x20, 0x3, 0x1, 0x2}}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) getpriority(0x1, 0x0) 4.343953471s ago: executing program 2 (id=2274): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_FORWARD(0xffffffffffffffff, 0x40084149, &(0x7f0000000300)=0xcf) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003400000000808000740000000310800064000000000700100000c0a01010000000000000000070000050900020073797a31000000000900010073797a3000000000440103804001008008000340000000020900090073797a31000000000900090073797a3100000000100102"], 0x20c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.302531253s ago: executing program 2 (id=2275): prlimit64(0x0, 0x9, &(0x7f0000000140)={0xa39b, 0x200000000102}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000a00)=@name={0x1e, 0x2, 0x2, {{}, 0x1}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x4) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80, 0x7}, 'port1\x00', 0xe3, 0xc06, 0x800, 0x80000, 0x0, 0x3, 0x3, 0x0, 0x2}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) connect$inet(r4, 0x0, 0x0) 4.160334463s ago: executing program 2 (id=2276): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000050000000300000000ff001103000000000000000000000000000004000000000000000001000004000000000800000002000000000000000000002e"], 0x0, 0x51}, 0x28) r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x200000) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) socket(0x1d, 0x2, 0x6) timerfd_create(0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xts-twofish-avx,camellia-asm,cbcmac(aes))\x00'}, 0x58) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x800}) poll(&(0x7f00000000c0)=[{r0, 0xe7d4c009da6c1985}, {r0, 0x201}], 0x2, 0x4) 3.867858096s ago: executing program 3 (id=2277): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xa, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000006110a1000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x98}}, 0x0) ioctl(0xffffffffffffffff, 0xb8, &(0x7f0000000000)="15e0185428227964d1") r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0x4, 0x0, 0x80000004000000, 0x200000000c], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.256251567s ago: executing program 3 (id=2278): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000deffffff6a0a00ff00000000850000002b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c5c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f772fd0e17c9b9101644f8c06b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583f76e412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19002cc93c1c13ca67fdc6c238342033070000004a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000140eb2e9c15b6c8f6198282df27badac8500bc7d202e099009ca515007e5f009735200040000001896d46cdac0abb841d9f96e2e6a19b7bf661c01800000d77d6165f253683cd8dc926518c699a2b14fb2bb40425dee631368340711a8c47318d5d13085938c3ec5c39b540b34157b0330aa16bd0998607f0ecea84919712d36"], &(0x7f0000000340)='GPL\x00'}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x5, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f}, [@call={0x85, 0x0, 0x0, 0x61}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0xe, 0x0, &(0x7f00000001c0)="e30080670000ec67838717bd86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0xffff0000, 0xe, 0x0, &(0x7f00000003c0)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.05134974s ago: executing program 0 (id=2279): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.639817315s ago: executing program 0 (id=2280): r0 = socket(0x2, 0x2, 0x0) setsockopt(r0, 0x0, 0x21, &(0x7f0000000140), 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000009003940422c021664da010203010902120001000000040904"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 2.631279601s ago: executing program 3 (id=2281): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000000c0)={0x7, @pix={0x5, 0x0, 0x3131354f, 0x5, 0x1, 0x1, 0x0, 0x200, 0x1, 0x6, 0x2, 0x1}}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r1, 0x2) recvmmsg(r2, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/30, 0x1e}], 0x1, &(0x7f0000003780)=""/4078, 0xfee}, 0x404}], 0x1, 0x2040, 0x0) 2.415914248s ago: executing program 2 (id=2282): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) chdir(&(0x7f0000000100)='./file0\x00') syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0a056020"], 0xd) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) 2.369164524s ago: executing program 1 (id=2283): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x0, @local}, 0x40, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) 2.086239511s ago: executing program 3 (id=2284): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38) 2.021557407s ago: executing program 2 (id=2285): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_FORWARD(0xffffffffffffffff, 0x40084149, &(0x7f0000000300)=0xcf) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003400000000808000740000000310800064000000000700100000c0a01010000000000000000070000050900020073797a31000000000900010073797a3000000000440103804001008008000340000000020900090073797a31000000000900090073797a3100000000100102"], 0x20c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.002882766s ago: executing program 1 (id=2286): prlimit64(0x0, 0x9, &(0x7f0000000140)={0xa39b, 0x200000000102}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000a00)=@name={0x1e, 0x2, 0x2, {{}, 0x1}}, 0x10) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x4) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80, 0x7}, 'port1\x00', 0xe3, 0xc06, 0x800, 0x80000, 0x0, 0x3, 0x3, 0x0, 0x2}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) connect$inet(r2, 0x0, 0x0) 1.904791573s ago: executing program 1 (id=2287): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000440)={{0x0, 0x5, 0x0, 0x25}, 'syz0\x00', 0x53}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) 1.903161434s ago: executing program 3 (id=2288): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0a0000000c000000d30000004000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000001000000000000000000000000001928833419fab404c2266e595a720d69c02977d648ccc1964e168bcd2801f03763e27b515ad21caaa24a164f10457aba521d704fc3489c2781027cdea8a5ea29b03f7329100bf2de74aa5480da90ae45479a8e5a48ceb1454f2fd18d461588f32d6c787bf61e76dfcc642cc9efc010cae2b4eaf8ce1971d2281937e0cf81972852d090122149b993a40cd1ebf92270719245b265187a4b18081d3561e4541bce2c98"], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000f300000000000000000400000000400000000000000000"], 0x50) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r1}, 0x38) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x18) r4 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)}}], 0x1, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES16, @ANYRES16=r4], 0x1000f) setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f00000000c0)=0x9, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYRES64=r3, @ANYRES32=0x0, @ANYBLOB="0003000002800000140012800a00010069706f696200000004000280080005"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) setsockopt$inet6_int(r5, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4) setsockopt$inet6_int(r5, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) 256.387469ms ago: executing program 4 (id=2289): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xa, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000006110a1000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x98}}, 0x0) ioctl(0xffffffffffffffff, 0xb8, &(0x7f0000000000)="15e0185428227964d1") r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0x4, 0x0, 0x80000004000000, 0x200000000c], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 84.697265ms ago: executing program 0 (id=2290): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$inet6(r4, &(0x7f0000002580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4048c2d) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r5, 0x3) r6 = accept4(r5, 0x0, 0x0, 0x800) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) open(0x0, 0xc162, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 45.081793ms ago: executing program 2 (id=2291): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 3 (id=2292): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000050000000300000000ff001103000000000000000000000000000004000000000000000001000004000000000800000002000000000000000000002e"], 0x0, 0x51}, 0x28) r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x200000) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) socket(0x1d, 0x2, 0x6) timerfd_create(0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xts-twofish-avx,camellia-asm,cbcmac(aes))\x00'}, 0x58) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x800}) poll(&(0x7f00000000c0)=[{r0, 0xe7d4c009da6c1985}, {r0, 0x201}], 0x2, 0x4) kernel console output (not intermixed with test programs): yte read [ 435.992860][T11064] kvm: pic: level sensitive irq not supported [ 435.992923][T11064] kvm: pic: non byte read [ 435.995525][T11064] kvm: pic: level sensitive irq not supported [ 435.996710][T11064] kvm: pic: non byte read [ 435.997020][T11064] kvm: pic: level sensitive irq not supported [ 435.997070][T11064] kvm: pic: non byte read [ 435.997283][T11064] kvm: pic: level sensitive irq not supported [ 435.997332][T11064] kvm: pic: non byte read [ 435.997628][T11064] kvm: pic: level sensitive irq not supported [ 435.997676][T11064] kvm: pic: non byte read [ 436.289971][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 436.477562][T10698] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.477577][T10698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 436.477597][T10698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.701578][T11085] loop6: detected capacity change from 0 to 524287999 [ 436.770066][T10698] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.770082][T10698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 436.770102][T10698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.039506][T11087] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1771'. [ 437.330098][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 437.566792][T10698] hsr_slave_0: entered promiscuous mode [ 437.582185][T10698] hsr_slave_1: entered promiscuous mode [ 437.583292][T10698] debugfs: 'hsr0' already exists in 'hsr' [ 437.583316][T10698] Cannot create hsr debugfs directory [ 437.629888][T11108] fuse: Bad value for 'fd' [ 437.664410][ T37] kauditd_printk_skb: 73 callbacks suppressed [ 437.664428][ T37] audit: type=1326 audit(2000000028.879:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.664473][ T37] audit: type=1326 audit(2000000028.879:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.664517][ T37] audit: type=1326 audit(2000000028.879:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.666742][ T37] audit: type=1326 audit(2000000028.879:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.667027][ T37] audit: type=1326 audit(2000000028.879:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.667336][ T37] audit: type=1326 audit(2000000028.879:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.667578][ T37] audit: type=1326 audit(2000000028.879:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.667873][ T37] audit: type=1326 audit(2000000028.879:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.668131][ T37] audit: type=1326 audit(2000000028.879:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 437.677230][ T37] audit: type=1326 audit(2000000028.889:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11105 comm="syz.0.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a9c3ef749 code=0x7ffc0000 [ 439.232242][ T6071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 439.232465][ T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 439.331206][ T5991] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 439.571560][ T1157] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 440.214190][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.214286][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.375174][ T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 440.740315][ T5801] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 441.450096][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 441.985409][T11169] FAULT_INJECTION: forcing a failure. [ 441.985409][T11169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 441.985442][T11169] CPU: 0 UID: 0 PID: 11169 Comm: syz.4.1781 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 441.985462][T11169] Tainted: [L]=SOFTLOCKUP [ 441.985467][T11169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.985476][T11169] Call Trace: [ 441.985482][T11169] [ 441.985488][T11169] dump_stack_lvl+0xe8/0x150 [ 441.985513][T11169] should_fail_ex+0x46c/0x600 [ 441.985537][T11169] _copy_to_user+0x31/0xb0 [ 441.985554][T11169] simple_read_from_buffer+0xe1/0x170 [ 441.985579][T11169] proc_fail_nth_read+0x1b6/0x220 [ 441.985603][T11169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 441.985626][T11169] ? rw_verify_area+0x2ac/0x4e0 [ 441.985645][T11169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 441.985666][T11169] vfs_read+0x206/0xa30 [ 441.985693][T11169] ? __pfx_vfs_read+0x10/0x10 [ 441.985715][T11169] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 441.985732][T11169] ? lockdep_hardirqs_on+0x7b/0x110 [ 441.985748][T11169] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 441.985763][T11169] ? mutex_lock_nested+0x154/0x1d0 [ 441.985780][T11169] ? fdget_pos+0x253/0x320 [ 441.985801][T11169] ksys_read+0x14b/0x260 [ 441.985821][T11169] ? __pfx_ksys_read+0x10/0x10 [ 441.985838][T11169] ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0 [ 441.985855][T11169] ? syscall_user_dispatch+0x4f/0x90 [ 441.985880][T11169] do_syscall_64+0xec/0xf80 [ 441.985894][T11169] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.985908][T11169] ? trace_irq_disable+0x37/0x100 [ 441.985922][T11169] ? clear_bhb_loop+0x60/0xb0 [ 441.985940][T11169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.985954][T11169] RIP: 0033:0x7fb915cae15c [ 441.985969][T11169] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 441.985983][T11169] RSP: 002b:00007fb913f0e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 441.986011][T11169] RAX: ffffffffffffffda RBX: 00007fb915f05fa0 RCX: 00007fb915cae15c [ 441.986021][T11169] RDX: 000000000000000f RSI: 00007fb913f0e0a0 RDI: 0000000000000004 [ 441.986031][T11169] RBP: 00007fb913f0e090 R08: 0000000000000000 R09: 0000000000000000 [ 441.986041][T11169] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 441.986051][T11169] R13: 00007fb915f06038 R14: 00007fb915f05fa0 R15: 00007ffd03ef55d8 [ 441.986077][T11169] [ 443.333176][ T5808] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 443.659703][ T37] kauditd_printk_skb: 31 callbacks suppressed [ 443.659746][ T37] audit: type=1326 audit(2000000034.519:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.659936][ T37] audit: type=1326 audit(2000000034.519:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.659978][ T37] audit: type=1326 audit(2000000034.519:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.660018][ T37] audit: type=1326 audit(2000000034.519:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f580eacdf90 code=0x7ffc0000 [ 443.660108][ T37] audit: type=1326 audit(2000000034.529:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.660315][ T37] audit: type=1326 audit(2000000034.529:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.660587][ T37] audit: type=1326 audit(2000000034.529:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.661397][ T37] audit: type=1326 audit(2000000034.529:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.661700][ T37] audit: type=1326 audit(2000000034.529:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 443.661765][ T37] audit: type=1326 audit(2000000034.529:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 444.019693][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 444.227719][T11208] FAULT_INJECTION: forcing a failure. [ 444.227719][T11208] name failslab, interval 1, probability 0, space 0, times 0 [ 444.227757][T11208] CPU: 0 UID: 0 PID: 11208 Comm: syz.4.1803 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 444.227784][T11208] Tainted: [L]=SOFTLOCKUP [ 444.227792][T11208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 444.227804][T11208] Call Trace: [ 444.227812][T11208] [ 444.227820][T11208] dump_stack_lvl+0xe8/0x150 [ 444.227851][T11208] should_fail_ex+0x46c/0x600 [ 444.227881][T11208] ? __alloc_skb+0x1dc/0x3a0 [ 444.227909][T11208] should_failslab+0xa8/0x100 [ 444.227929][T11208] ? __alloc_skb+0x1dc/0x3a0 [ 444.227946][T11208] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 444.227981][T11208] __alloc_skb+0x1dc/0x3a0 [ 444.228007][T11208] tipc_buf_acquire+0x2b/0xe0 [ 444.228033][T11208] tipc_named_withdraw+0x203/0x790 [ 444.228065][T11208] tipc_nametbl_withdraw+0xd5/0x2c0 [ 444.228087][T11208] ? tipc_nametbl_withdraw+0x70/0x2c0 [ 444.228111][T11208] tipc_sk_withdraw+0x2f6/0x630 [ 444.228143][T11208] ? __pfx_tipc_sk_withdraw+0x10/0x10 [ 444.228167][T11208] ? __local_bh_enable_ip+0x1af/0x2c0 [ 444.228189][T11208] ? lockdep_hardirqs_on+0x7b/0x110 [ 444.228214][T11208] tipc_sk_bind+0x234/0x300 [ 444.228234][T11208] ? tipc_bind+0x6c/0x260 [ 444.228259][T11208] __sys_bind+0x2cc/0x3e0 [ 444.228282][T11208] ? __pfx___sys_bind+0x10/0x10 [ 444.228315][T11208] ? __pfx_ksys_write+0x10/0x10 [ 444.228350][T11208] __x64_sys_bind+0x7a/0x90 [ 444.228370][T11208] do_syscall_64+0xec/0xf80 [ 444.228388][T11208] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.228406][T11208] ? trace_irq_disable+0x37/0x100 [ 444.228425][T11208] ? clear_bhb_loop+0x60/0xb0 [ 444.228449][T11208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.228467][T11208] RIP: 0033:0x7fb915caf749 [ 444.228485][T11208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.228501][T11208] RSP: 002b:00007fb913f0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 444.228521][T11208] RAX: ffffffffffffffda RBX: 00007fb915f05fa0 RCX: 00007fb915caf749 [ 444.228535][T11208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 444.228547][T11208] RBP: 00007fb913f0e090 R08: 0000000000000000 R09: 0000000000000000 [ 444.228559][T11208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.228570][T11208] R13: 00007fb915f06038 R14: 00007fb915f05fa0 R15: 00007ffd03ef55d8 [ 444.228605][T11208] [ 444.228613][T11208] tipc: Withdrawal distribution failure [ 444.637776][T11215] loop6: detected capacity change from 0 to 524287999 [ 444.689881][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 444.708922][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 445.739109][ T1157] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 446.020979][ T5801] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 446.139095][T11215] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1808'. [ 447.172013][T11241] FAULT_INJECTION: forcing a failure. [ 447.172013][T11241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.172074][T11241] CPU: 1 UID: 0 PID: 11241 Comm: syz.3.1816 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 447.172102][T11241] Tainted: [L]=SOFTLOCKUP [ 447.172109][T11241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 447.172121][T11241] Call Trace: [ 447.172129][T11241] [ 447.172137][T11241] dump_stack_lvl+0xe8/0x150 [ 447.172167][T11241] should_fail_ex+0x46c/0x600 [ 447.172198][T11241] _copy_from_iter+0x1cd/0x1630 [ 447.172236][T11241] ? __pfx__copy_from_iter+0x10/0x10 [ 447.172259][T11241] ? __build_skb_around+0x22d/0x3c0 [ 447.172286][T11241] ? __alloc_skb+0x198/0x3a0 [ 447.172312][T11241] ? netlink_sendmsg+0x642/0xb30 [ 447.172335][T11241] ? skb_put+0x11b/0x210 [ 447.172359][T11241] netlink_sendmsg+0x6b2/0xb30 [ 447.172382][T11241] ? irqentry_exit+0x5e8/0x670 [ 447.172399][T11241] ? rcu_is_watching+0x15/0xb0 [ 447.172424][T11241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.172458][T11241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.172483][T11241] __sock_sendmsg+0x21c/0x270 [ 447.172513][T11241] ____sys_sendmsg+0x508/0x810 [ 447.172541][T11241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 447.172573][T11241] ? import_iovec+0x74/0xa0 [ 447.172594][T11241] ___sys_sendmsg+0x21f/0x2a0 [ 447.172620][T11241] ? __pfx____sys_sendmsg+0x10/0x10 [ 447.172678][T11241] ? __fget_files+0x2a/0x420 [ 447.172697][T11241] ? __fget_files+0x3a6/0x420 [ 447.172727][T11241] __x64_sys_sendmsg+0x1a1/0x260 [ 447.172753][T11241] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 447.172785][T11241] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 447.172818][T11241] do_syscall_64+0xec/0xf80 [ 447.172836][T11241] ? rcu_is_watching+0x15/0xb0 [ 447.172852][T11241] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.172870][T11241] ? clear_bhb_loop+0x60/0xb0 [ 447.172893][T11241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.172912][T11241] RIP: 0033:0x7feef67ff749 [ 447.172929][T11241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.172946][T11241] RSP: 002b:00007feef4a24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 447.172967][T11241] RAX: ffffffffffffffda RBX: 00007feef6a56180 RCX: 00007feef67ff749 [ 447.172981][T11241] RDX: 0000000020048010 RSI: 0000200000000240 RDI: 0000000000000007 [ 447.172994][T11241] RBP: 00007feef4a24090 R08: 0000000000000000 R09: 0000000000000000 [ 447.173006][T11241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.173018][T11241] R13: 00007feef6a56218 R14: 00007feef6a56180 R15: 00007fff45586df8 [ 447.173050][T11241] [ 447.872104][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 448.176298][T10698] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 448.284219][T10698] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 448.650187][T10698] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 448.801842][T10698] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 451.239697][T11299] vivid-009: kernel_thread() failed [ 451.311355][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 451.320614][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 451.321109][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.111934][T10698] 8021q: adding VLAN 0 to HW filter on device bond0 [ 453.195783][T10698] 8021q: adding VLAN 0 to HW filter on device team0 [ 453.291638][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.291788][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 453.329242][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.351500][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 453.640258][ T37] kauditd_printk_skb: 38 callbacks suppressed [ 453.640279][ T37] audit: type=1326 audit(2000000044.839:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11329 comm="syz.2.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 453.640728][ T37] audit: type=1326 audit(2000000044.859:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11329 comm="syz.2.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 453.641033][ T37] audit: type=1326 audit(2000000044.859:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11329 comm="syz.2.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 453.641468][ T37] audit: type=1326 audit(2000000044.859:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11329 comm="syz.2.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 453.658569][ T1157] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 453.684156][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 454.334156][T11356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1849'. [ 454.531999][T10698] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 454.585897][ T37] audit: type=1326 audit(2000000045.789:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11361 comm="syz.2.1851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 454.968003][T10698] veth0_vlan: entered promiscuous mode [ 454.990829][T10698] veth1_vlan: entered promiscuous mode [ 455.196136][T10698] veth0_macvtap: entered promiscuous mode [ 455.245706][T10698] veth1_macvtap: entered promiscuous mode [ 455.350768][T10698] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.430155][T10698] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.482079][ T1412] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.482596][ T1412] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.484236][ T1412] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.484399][ T1412] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.585158][ T37] audit: type=1326 audit(2000000046.799:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11389 comm="syz.2.1858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 455.585211][ T37] audit: type=1326 audit(2000000046.799:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11389 comm="syz.2.1858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 455.585253][ T37] audit: type=1326 audit(2000000046.799:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11389 comm="syz.2.1858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 455.585293][ T37] audit: type=1326 audit(2000000046.799:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11389 comm="syz.2.1858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 455.585334][ T37] audit: type=1326 audit(2000000046.799:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11389 comm="syz.2.1858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 456.609705][T11395] vivid-007: kernel_thread() failed [ 457.016705][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 457.017181][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 457.018729][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 457.700656][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 457.700679][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 457.813375][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 457.813398][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.839609][ T6216] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 458.998691][ T6216] usb 2-1: unable to get BOS descriptor or descriptor too short [ 459.007550][ T6216] usb 2-1: not running at top speed; connect to a high speed hub [ 459.025009][ T6216] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 459.025034][ T6216] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 459.050598][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 459.058399][ T6216] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 459.058759][ T6216] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.058781][ T6216] usb 2-1: Product: syz [ 459.058795][ T6216] usb 2-1: Manufacturer: syz [ 459.058809][ T6216] usb 2-1: SerialNumber: syz [ 459.422752][ T6216] usb 2-1: 0:2 : does not exist [ 459.422846][ T6216] usb 2-1: unit 205 not found! [ 459.475578][ T6216] usb 2-1: USB disconnect, device number 11 [ 459.578560][T11437] udevd[11437]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 460.224556][ T5959] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 460.369568][ T5869] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 460.389452][ T5959] usb 4-1: Using ep0 maxpacket: 8 [ 460.406119][ T5959] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 460.406147][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.406165][ T5959] usb 4-1: Product: syz [ 460.406177][ T5959] usb 4-1: Manufacturer: syz [ 460.406185][ T5959] usb 4-1: SerialNumber: syz [ 460.417282][ T5959] usb 4-1: config 0 descriptor?? [ 460.433377][ T37] kauditd_printk_skb: 15 callbacks suppressed [ 460.433442][ T37] audit: type=1326 audit(2000000051.649:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.435373][ T37] audit: type=1326 audit(2000000051.649:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.436485][ T37] audit: type=1326 audit(2000000051.649:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.461631][ T37] audit: type=1326 audit(2000000051.659:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.463317][ T37] audit: type=1326 audit(2000000051.679:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f580eacdf90 code=0x7ffc0000 [ 460.465789][ T37] audit: type=1326 audit(2000000051.679:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.474922][ T37] audit: type=1326 audit(2000000051.689:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11481 comm="syz.2.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 460.522178][ T5869] usb 5-1: config 0 has an invalid interface number: 3 but max is 2 [ 460.522214][ T5869] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 460.522234][ T5869] usb 5-1: config 0 has no interface number 1 [ 460.522248][ T5869] usb 5-1: config 0 has no interface number 2 [ 460.522367][ T5869] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 460.522390][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.569170][ T5869] usb 5-1: config 0 descriptor?? [ 460.654820][ T5959] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 460.778544][ T5869] qcserial 5-1:0.3: Qualcomm USB modem converter detected [ 461.016336][ T5869] usb 5-1: USB disconnect, device number 30 [ 461.072425][ T5869] qcserial 5-1:0.3: device disconnected [ 462.580406][ T5959] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 462.653761][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 462.661648][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 462.663343][ T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 462.663561][ T5959] usb 4-1: USB disconnect, device number 28 [ 463.811814][ T37] audit: type=1326 audit(2000000054.969:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11530 comm="syz.2.1905" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 463.811872][ T37] audit: type=1326 audit(2000000054.969:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11530 comm="syz.2.1905" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 463.811914][ T37] audit: type=1326 audit(2000000054.969:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11530 comm="syz.2.1905" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 463.934466][ T989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.139209][ T5959] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 464.307489][ T5959] usb 4-1: unable to get BOS descriptor or descriptor too short [ 464.308065][ T5959] usb 4-1: not running at top speed; connect to a high speed hub [ 464.309253][ T5959] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 464.309274][ T5959] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 464.319960][ T5959] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 464.319991][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.320010][ T5959] usb 4-1: Product: syz [ 464.320024][ T5959] usb 4-1: Manufacturer: syz [ 464.320038][ T5959] usb 4-1: SerialNumber: syz [ 464.535388][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.536959][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.538775][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.542337][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.542716][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.544435][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.545273][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.546082][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.546415][T11527] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.552016][T11524] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 464.596503][ T5959] usb 4-1: 0:2 : does not exist [ 464.596592][ T5959] usb 4-1: unit 205 not found! [ 464.675839][ T5959] usb 4-1: USB disconnect, device number 29 [ 464.834627][T11437] udevd[11437]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 466.701652][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 466.701670][ T37] audit: type=1326 audit(2000000057.919:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 466.703939][ T37] audit: type=1326 audit(2000000057.919:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 466.703992][ T37] audit: type=1326 audit(2000000057.919:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 466.704035][ T37] audit: type=1326 audit(2000000057.919:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 466.711084][ T37] audit: type=1326 audit(2000000057.929:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa91aacdf90 code=0x7ffc0000 [ 466.711928][ T37] audit: type=1326 audit(2000000057.929:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa91aacf34b code=0x7ffc0000 [ 466.720018][ T37] audit: type=1326 audit(2000000057.939:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa91aacf34b code=0x7ffc0000 [ 466.722957][ T37] audit: type=1326 audit(2000000057.939:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa91aacf34b code=0x7ffc0000 [ 466.727589][ T37] audit: type=1326 audit(2000000057.939:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa91aacf34b code=0x7ffc0000 [ 466.925885][ T37] audit: type=1326 audit(2000000058.139:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11573 comm="syz.1.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa91aacf34b code=0x7ffc0000 [ 467.099507][ T5931] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 467.249534][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 467.270737][ T5931] usb 2-1: unable to get BOS descriptor or descriptor too short [ 467.289726][ T5931] usb 2-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 467.289752][ T5931] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 467.289801][ T5931] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 467.297559][ T5931] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 467.297588][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.297606][ T5931] usb 2-1: Product: syz [ 467.297620][ T5931] usb 2-1: Manufacturer: syz [ 467.297633][ T5931] usb 2-1: SerialNumber: syz [ 467.409584][ T5869] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 467.562011][ T5869] usb 4-1: unable to get BOS descriptor or descriptor too short [ 467.562676][ T5869] usb 4-1: not running at top speed; connect to a high speed hub [ 467.563897][ T5869] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.563918][ T5869] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 467.566781][ T5869] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 467.566808][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.566881][ T5869] usb 4-1: Product: syz [ 467.566895][ T5869] usb 4-1: Manufacturer: syz [ 467.566909][ T5869] usb 4-1: SerialNumber: syz [ 467.700659][ T5931] cdc_ncm 2-1:1.0: skipping garbage [ 467.700732][ T5931] cdc_ncm 2-1:1.0: skipping garbage [ 467.700746][ T5931] cdc_ncm 2-1:1.0: skipping garbage [ 467.700757][ T5931] cdc_ncm 2-1:1.0: skipping garbage [ 467.700771][ T5931] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 467.700811][ T5931] cdc_ncm 2-1:1.0: bind() failure [ 467.770582][ T5931] usb 2-1: USB disconnect, device number 12 [ 467.916290][ T5869] usb 4-1: 0:2 : does not exist [ 467.916396][ T5869] usb 4-1: unit 205 not found! [ 467.951568][ T5869] usb 4-1: USB disconnect, device number 30 [ 468.008597][T11437] udevd[11437]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 468.469731][T11611] comedi: No check for data length of config insn id 4 is implemented [ 468.469748][T11611] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 468.469759][T11611] comedi: Assuming n=25222 is correct [ 469.761508][T11628] vivid-003: kernel_thread() failed [ 471.191346][ T3444] net_ratelimit: 14 callbacks suppressed [ 471.191372][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 471.654010][T11651] comedi: No check for data length of config insn id 4 is implemented [ 471.654029][T11651] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 471.654042][T11651] comedi: Assuming n=25221 is correct [ 473.609766][T11673] vivid-009: kernel_thread() failed [ 473.744229][ T989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 473.763549][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.128098][ T37] kauditd_printk_skb: 32 callbacks suppressed [ 474.128119][ T37] audit: type=1326 audit(2000000065.339:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 474.128535][ T37] audit: type=1326 audit(2000000065.339:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 474.159772][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.171057][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.209819][ T37] audit: type=1326 audit(2000000065.429:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 474.210199][ T37] audit: type=1326 audit(2000000065.429:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 474.338028][T11694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 474.934885][ T9] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 475.107447][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 475.107474][ T9] usb 4-1: config 0 has no interface number 0 [ 475.107521][ T9] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 475.107543][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.113131][ T9] usb 4-1: config 0 descriptor?? [ 475.159444][ T9] usb 4-1: selecting invalid altsetting 1 [ 475.161100][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 475.161114][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 475.361197][ T9] DVB: Unable to find symbol cx22700_attach() [ 475.405213][ T37] audit: type=1326 audit(2000000066.619:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.405529][ T37] audit: type=1326 audit(2000000066.619:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.405789][ T37] audit: type=1326 audit(2000000066.619:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.410381][ T37] audit: type=1326 audit(2000000066.629:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.410637][ T37] audit: type=1326 audit(2000000066.629:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.410944][ T37] audit: type=1326 audit(2000000066.629:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11688 comm="syz.2.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 475.606642][ T9] DVB: Unable to find symbol tda10046_attach() [ 475.606659][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 476.163079][ T5808] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 476.696957][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 477.350377][ T9] usb 4-1: USB disconnect, device number 31 [ 478.286257][T11776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1998'. [ 478.373016][T11776] 8021q: adding VLAN 0 to HW filter on device bond1 [ 478.909879][T11809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2008'. [ 480.099711][T11820] vivid-003: kernel_thread() failed [ 480.771886][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 480.781355][ T1157] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 482.570200][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 482.910259][ T9] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 483.066384][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 483.084350][ T9] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 483.084380][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.084400][ T9] usb 4-1: Product: syz [ 483.084414][ T9] usb 4-1: Manufacturer: syz [ 483.084427][ T9] usb 4-1: SerialNumber: syz [ 483.134839][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 483.156573][ T9] usb 4-1: config 0 descriptor?? [ 483.168894][ T9] ati_remote 4-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 483.365471][ T9] usb 4-1: USB disconnect, device number 32 [ 484.044080][T11856] fuse: Unknown parameter 'grou00000000000000000000' [ 485.101667][ T31] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 485.349454][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 485.352263][ T31] usb 4-1: config index 0 descriptor too short (expected 16420, got 36) [ 485.352292][ T31] usb 4-1: config 0 has an invalid interface number: 116 but max is 0 [ 485.352311][ T31] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 485.352329][ T31] usb 4-1: config 0 has no interface number 0 [ 485.352380][ T31] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0113, bcdDevice= 0.f2 [ 485.352403][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.357785][ T31] usb 4-1: config 0 descriptor?? [ 486.161027][T11877] macvlan0: entered promiscuous mode [ 486.228202][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 486.297337][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 486.487199][ T31] usb 4-1: string descriptor 0 read error: -71 [ 486.503554][ T31] kvaser_usb 4-1:0.116: error -ENODEV: Cannot get usb endpoint(s) [ 486.523429][ T31] usb 4-1: USB disconnect, device number 33 [ 488.211334][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 488.271041][ T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.505480][ T1157] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 491.882565][ T5801] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 492.012917][ T37] kauditd_printk_skb: 17 callbacks suppressed [ 492.012964][ T37] audit: type=1326 audit(2000000083.059:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.013281][ T37] audit: type=1326 audit(2000000083.059:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.013449][ T37] audit: type=1326 audit(2000000083.059:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.013515][ T37] audit: type=1326 audit(2000000083.059:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f580eacdf90 code=0x7ffc0000 [ 492.013735][ T37] audit: type=1326 audit(2000000083.059:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.013920][ T37] audit: type=1326 audit(2000000083.069:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.014108][ T37] audit: type=1326 audit(2000000083.069:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.014361][ T37] audit: type=1326 audit(2000000083.069:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.014428][ T37] audit: type=1326 audit(2000000083.069:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.014641][ T37] audit: type=1326 audit(2000000083.069:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11953 comm="syz.2.2056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 492.369930][ T5991] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 492.617530][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.699942][ T5959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.776760][ T5991] usb 5-1: unable to get BOS descriptor or descriptor too short [ 492.777896][ T5991] usb 5-1: not running at top speed; connect to a high speed hub [ 492.796776][ T5991] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.796803][ T5991] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 492.977091][ T5991] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 492.977124][ T5991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.977143][ T5991] usb 5-1: Product: syz [ 492.977157][ T5991] usb 5-1: Manufacturer: syz [ 492.977178][ T5991] usb 5-1: SerialNumber: syz [ 493.396073][ T5991] usb 5-1: 0:2 : does not exist [ 493.396174][ T5991] usb 5-1: unit 205 not found! [ 493.446333][ T5991] usb 5-1: USB disconnect, device number 31 [ 493.550482][T11957] udevd[11957]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 493.602718][T11981] netlink: 'syz.2.2065': attribute type 13 has an invalid length. [ 493.680851][T11983] FAULT_INJECTION: forcing a failure. [ 493.680851][T11983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.680878][T11983] CPU: 0 UID: 0 PID: 11983 Comm: syz.1.2066 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 493.680893][T11983] Tainted: [L]=SOFTLOCKUP [ 493.680897][T11983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 493.680904][T11983] Call Trace: [ 493.680909][T11983] [ 493.680914][T11983] dump_stack_lvl+0xe8/0x150 [ 493.680934][T11983] should_fail_ex+0x46c/0x600 [ 493.680952][T11983] _copy_from_user+0x2d/0xb0 [ 493.680963][T11983] ___sys_sendmsg+0x158/0x2a0 [ 493.680979][T11983] ? __pfx____sys_sendmsg+0x10/0x10 [ 493.681012][T11983] ? __fget_files+0x2a/0x420 [ 493.681024][T11983] ? __fget_files+0x3a6/0x420 [ 493.681039][T11983] __x64_sys_sendmsg+0x1a1/0x260 [ 493.681054][T11983] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 493.681071][T11983] ? __pfx_ksys_write+0x10/0x10 [ 493.681091][T11983] do_syscall_64+0xec/0xf80 [ 493.681102][T11983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.681111][T11983] ? trace_irq_disable+0x37/0x100 [ 493.681123][T11983] ? clear_bhb_loop+0x60/0xb0 [ 493.681135][T11983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.681144][T11983] RIP: 0033:0x7fa91aacf749 [ 493.681154][T11983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.681164][T11983] RSP: 002b:00007fa918d2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 493.681176][T11983] RAX: ffffffffffffffda RBX: 00007fa91ad25fa0 RCX: 00007fa91aacf749 [ 493.681183][T11983] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 493.681190][T11983] RBP: 00007fa918d2e090 R08: 0000000000000000 R09: 0000000000000000 [ 493.681196][T11983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.681202][T11983] R13: 00007fa91ad26038 R14: 00007fa91ad25fa0 R15: 00007ffcf07e7d38 [ 493.681218][T11983] [ 494.149691][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.150295][ T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.591836][ T5801] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 496.980022][ T5869] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 497.132555][ T5869] usb 5-1: unable to get BOS descriptor or descriptor too short [ 497.133274][ T5869] usb 5-1: not running at top speed; connect to a high speed hub [ 497.134861][ T5869] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 497.134883][ T5869] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 497.139090][ T5869] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 497.139119][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.139137][ T5869] usb 5-1: Product: syz [ 497.139150][ T5869] usb 5-1: Manufacturer: syz [ 497.139164][ T5869] usb 5-1: SerialNumber: syz [ 497.171742][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.252476][ T6216] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 497.639531][ T6216] usb 2-1: Invalid ep0 maxpacket: 32 [ 497.802980][ T5801] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 497.882327][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.955859][ T6216] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 498.735791][ T6216] usb 2-1: Invalid ep0 maxpacket: 32 [ 498.761777][ T6216] usb usb2-port1: attempt power cycle [ 498.854046][ T5869] usb 5-1: 0:2 : does not exist [ 498.854141][ T5869] usb 5-1: unit 205 not found! [ 498.868000][T12069] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 498.944447][T12075] openvswitch: netlink: IP tunnel TTL not specified. [ 499.009939][ T5869] usb 5-1: USB disconnect, device number 32 [ 499.076160][T12045] udevd[12045]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 499.137900][T12077] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.151073][ T6216] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 499.170428][ T6216] usb 2-1: Invalid ep0 maxpacket: 32 [ 499.244484][T12086] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.258165][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.270675][ T37] kauditd_printk_skb: 19 callbacks suppressed [ 499.270694][ T37] audit: type=1326 audit(2000000090.489:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 499.270885][ T37] audit: type=1326 audit(2000000090.489:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 499.271001][ T37] audit: type=1326 audit(2000000090.489:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 499.272185][ T37] audit: type=1326 audit(2000000090.489:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 499.272342][ T37] audit: type=1326 audit(2000000090.489:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 499.272791][ T37] audit: type=1326 audit(2000000090.489:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feef67fdf90 code=0x7ffc0000 [ 499.273243][ T37] audit: type=1326 audit(2000000090.489:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 499.273454][ T37] audit: type=1326 audit(2000000090.489:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 499.299450][ T37] audit: type=1326 audit(2000000090.499:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 499.299517][ T37] audit: type=1326 audit(2000000090.499:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.3.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 499.309873][ T6216] usb 2-1: new low-speed USB device number 16 using dummy_hcd [ 499.337958][ T6216] usb 2-1: Invalid ep0 maxpacket: 32 [ 499.338304][ T6216] usb usb2-port1: unable to enumerate USB device [ 499.590368][ T5869] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 499.732015][ T6063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 499.929738][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 500.817904][ T5869] usb 4-1: unable to get BOS descriptor or descriptor too short [ 500.840201][ T5869] usb 4-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 500.840227][ T5869] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 500.840276][ T5869] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 500.884970][ T5869] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 500.884999][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.885018][ T5869] usb 4-1: Product: syz [ 500.885031][ T5869] usb 4-1: Manufacturer: syz [ 500.885045][ T5869] usb 4-1: SerialNumber: syz [ 501.895097][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.895166][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.995737][ T5869] cdc_ncm 4-1:1.0: skipping garbage [ 501.995757][ T5869] cdc_ncm 4-1:1.0: skipping garbage [ 501.995767][ T5869] cdc_ncm 4-1:1.0: skipping garbage [ 501.995776][ T5869] cdc_ncm 4-1:1.0: skipping garbage [ 501.995787][ T5869] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 501.995824][ T5869] cdc_ncm 4-1:1.0: bind() failure [ 502.048936][ T5869] usb 4-1: USB disconnect, device number 34 [ 503.135167][ T5931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.449515][ T5869] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 503.574097][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.619568][ T5869] usb 5-1: Using ep0 maxpacket: 8 [ 503.625253][ T5869] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 503.625282][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.625301][ T5869] usb 5-1: Product: syz [ 503.625314][ T5869] usb 5-1: Manufacturer: syz [ 503.625328][ T5869] usb 5-1: SerialNumber: syz [ 503.684083][ T5869] usb 5-1: config 0 descriptor?? [ 503.798838][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 503.815685][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 503.820513][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 503.841969][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 503.865952][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 503.989111][ T5869] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 504.301427][ T6062] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.805357][ T5808] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 504.851649][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 504.879517][ T5814] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 504.925481][ T6071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 505.029601][ T5814] usb 4-1: Using ep0 maxpacket: 32 [ 505.037037][ T5814] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 505.037065][ T5814] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 505.037084][ T5814] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 505.037103][ T5814] usb 4-1: config 1 has no interface number 0 [ 505.037149][ T5814] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 505.037173][ T5814] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 505.037214][ T5814] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 505.037235][ T5814] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.163082][ T5814] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 505.593133][ T37] kauditd_printk_skb: 32 callbacks suppressed [ 505.593150][ T37] audit: type=1326 audit(2000000096.809:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12141 comm="syz.4.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 505.638505][ T37] audit: type=1326 audit(2000000096.809:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12141 comm="syz.4.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 505.638603][ T37] audit: type=1326 audit(2000000096.809:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12141 comm="syz.4.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 505.638644][ T37] audit: type=1326 audit(2000000096.809:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12141 comm="syz.4.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 505.638743][ T37] audit: type=1326 audit(2000000096.809:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12141 comm="syz.4.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 505.644012][ T5869] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 505.993681][ T5808] Bluetooth: hci5: command tx timeout [ 506.529759][ T5869] usb 5-1: USB disconnect, device number 33 [ 506.593713][ T5814] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 506.774528][T12173] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2135'. [ 507.967126][ T6113] snd_usb_pod 4-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 508.060353][ T5808] Bluetooth: hci5: command tx timeout [ 508.150876][ T9] usb 4-1: USB disconnect, device number 35 [ 508.156723][ T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 508.363063][ T37] audit: type=1326 audit(2000000099.579:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 508.365199][ T37] audit: type=1326 audit(2000000099.579:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 508.365275][ T37] audit: type=1326 audit(2000000099.579:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 508.365315][ T37] audit: type=1326 audit(2000000099.579:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 508.366728][ T37] audit: type=1326 audit(2000000099.579:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb915cadf90 code=0x7ffc0000 [ 508.619665][ T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 508.782140][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 508.824427][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 508.830883][ T9] usb 5-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 508.830909][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 508.830964][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 508.837943][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 508.837972][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.837990][ T9] usb 5-1: Product: syz [ 508.838003][ T9] usb 5-1: Manufacturer: syz [ 508.838017][ T9] usb 5-1: SerialNumber: syz [ 509.072308][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 509.072330][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 509.072341][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 509.072352][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 509.072365][ T9] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 509.072401][ T9] cdc_ncm 5-1:1.0: bind() failure [ 509.115438][ T9] usb 5-1: USB disconnect, device number 34 [ 509.152617][ T58] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.323954][T12155] chnl_net:caif_netlink_parms(): no params data found [ 509.490666][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 509.643543][T12196] usb usb5: usbfs: process 12196 (syz.3.2142) did not claim interface 0 before use [ 510.324056][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.366215][ T5808] Bluetooth: hci5: command tx timeout [ 510.428397][ T6071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.619924][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 510.701925][ T5808] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 510.876129][ T58] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.897745][ T37] kauditd_printk_skb: 36 callbacks suppressed [ 510.897765][ T37] audit: type=1326 audit(2000000102.109:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.904016][ T37] audit: type=1326 audit(2000000102.109:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.904064][ T37] audit: type=1326 audit(2000000102.109:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906772][ T37] audit: type=1326 audit(2000000102.119:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906818][ T37] audit: type=1326 audit(2000000102.109:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906856][ T37] audit: type=1326 audit(2000000102.119:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906895][ T37] audit: type=1326 audit(2000000102.119:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906934][ T37] audit: type=1326 audit(2000000102.119:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.906972][ T37] audit: type=1326 audit(2000000102.119:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 510.907010][ T37] audit: type=1326 audit(2000000102.119:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.4.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 511.011494][T12206] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2148'. [ 511.027660][T12206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 512.180231][ T6113] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 513.832737][ T5808] Bluetooth: hci5: command tx timeout [ 513.861963][ T6113] usb 5-1: Using ep0 maxpacket: 32 [ 514.149580][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 514.270399][ T6113] usb 5-1: device descriptor read/all, error -71 [ 514.622669][ T58] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 514.694699][T12235] loop6: detected capacity change from 0 to 524287999 [ 515.091085][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 515.282878][T12244] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2152'. [ 515.409844][ T6063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 515.649966][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 515.731801][ T6063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 515.848014][ T58] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.147291][T12155] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.152492][T12155] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.152741][T12155] bridge_slave_0: entered allmulticast mode [ 516.174623][T12155] bridge_slave_0: entered promiscuous mode [ 516.181409][T12155] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.186279][T12155] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.186522][T12155] bridge_slave_1: entered allmulticast mode [ 516.289778][T12155] bridge_slave_1: entered promiscuous mode [ 516.547201][T12261] comedi: No check for data length of config insn id 4 is implemented [ 516.547220][T12261] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 516.547232][T12261] comedi: Assuming n=25217 is correct [ 517.727357][T12155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.880465][T12270] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2160'. [ 517.986709][T12155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.654559][T12155] team0: Port device team_slave_0 added [ 518.741621][T12155] team0: Port device team_slave_1 added [ 519.231589][T12285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.289543][ T989] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 519.321149][T12287] FAULT_INJECTION: forcing a failure. [ 519.321149][T12287] name failslab, interval 1, probability 0, space 0, times 0 [ 519.321186][T12287] CPU: 1 UID: 0 PID: 12287 Comm: syz.4.2167 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 519.321212][T12287] Tainted: [L]=SOFTLOCKUP [ 519.321219][T12287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 519.321230][T12287] Call Trace: [ 519.321238][T12287] [ 519.321246][T12287] dump_stack_lvl+0xe8/0x150 [ 519.321285][T12287] should_fail_ex+0x46c/0x600 [ 519.321315][T12287] ? __d_alloc+0x37/0x6f0 [ 519.321336][T12287] should_failslab+0xa8/0x100 [ 519.321355][T12287] ? __d_alloc+0x37/0x6f0 [ 519.321373][T12287] kmem_cache_alloc_lru_noprof+0x88/0x6c0 [ 519.321408][T12287] __d_alloc+0x37/0x6f0 [ 519.321433][T12287] d_alloc_pseudo+0x21/0xc0 [ 519.321456][T12287] alloc_file_pseudo+0xcc/0x210 [ 519.321480][T12287] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 519.321498][T12287] ? evm_inode_alloc_security+0x40/0xb0 [ 519.321516][T12287] ? security_inode_alloc+0xd5/0x330 [ 519.321546][T12287] sock_alloc_file+0xb8/0x2f0 [ 519.321575][T12287] do_accept+0x351/0x680 [ 519.321599][T12287] ? __pfx_do_accept+0x10/0x10 [ 519.321639][T12287] __sys_accept4+0x127/0x210 [ 519.321662][T12287] ? __pfx___sys_accept4+0x10/0x10 [ 519.321680][T12287] ? __pfx_ksys_write+0x10/0x10 [ 519.321710][T12287] __x64_sys_accept+0x7d/0x90 [ 519.321731][T12287] do_syscall_64+0xec/0xf80 [ 519.321748][T12287] ? rcu_is_watching+0x15/0xb0 [ 519.321765][T12287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.321783][T12287] ? clear_bhb_loop+0x60/0xb0 [ 519.321805][T12287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.321821][T12287] RIP: 0033:0x7fb915caf749 [ 519.321839][T12287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.321855][T12287] RSP: 002b:00007fb913f0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 519.321875][T12287] RAX: ffffffffffffffda RBX: 00007fb915f05fa0 RCX: 00007fb915caf749 [ 519.321887][T12287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 519.321897][T12287] RBP: 00007fb913f0e090 R08: 0000000000000000 R09: 0000000000000000 [ 519.321908][T12287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 519.321919][T12287] R13: 00007fb915f06038 R14: 00007fb915f05fa0 R15: 00007ffd03ef55d8 [ 519.321948][T12287] [ 519.381439][T12291] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 519.479515][ T989] usb 2-1: Using ep0 maxpacket: 8 [ 519.485732][ T989] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 519.485761][ T989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.485780][ T989] usb 2-1: Product: syz [ 519.485793][ T989] usb 2-1: Manufacturer: syz [ 519.485807][ T989] usb 2-1: SerialNumber: syz [ 519.533066][ T989] usb 2-1: config 0 descriptor?? [ 519.565204][ T58] bridge_slave_1: left allmulticast mode [ 519.565236][ T58] bridge_slave_1: left promiscuous mode [ 519.565485][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.673484][ T37] kauditd_printk_skb: 46 callbacks suppressed [ 519.673503][ T37] audit: type=1326 audit(2000000110.889:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 519.678613][ T37] audit: type=1326 audit(2000000110.889:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 519.681674][ T37] audit: type=1326 audit(2000000110.889:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 519.776405][ T37] audit: type=1326 audit(2000000110.999:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 519.795500][ T37] audit: type=1326 audit(2000000111.009:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feef67ff749 code=0x7ffc0000 [ 519.828390][ T37] audit: type=1326 audit(2000000111.039:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feef67fdf90 code=0x7ffc0000 [ 519.858736][ T37] audit: type=1326 audit(2000000111.069:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 519.918706][ T37] audit: type=1326 audit(2000000111.129:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 519.949248][ T58] bridge_slave_0: left allmulticast mode [ 519.949276][ T58] bridge_slave_0: left promiscuous mode [ 519.975350][ T37] audit: type=1326 audit(2000000111.189:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 519.975396][ T37] audit: type=1326 audit(2000000111.189:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.3.2166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feef67ff34b code=0x7ffc0000 [ 520.026419][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.048175][ T989] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 520.400088][ T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 520.579566][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 520.615198][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 520.619158][ T9] usb 4-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 520.619184][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 520.620444][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 520.670371][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 520.671238][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.671259][ T9] usb 4-1: Product: syz [ 520.671273][ T9] usb 4-1: Manufacturer: syz [ 520.671287][ T9] usb 4-1: SerialNumber: syz [ 520.851858][ T6053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.852382][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 520.861423][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.517250][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 521.721884][ T989] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 522.774242][ T989] usb 2-1: USB disconnect, device number 17 [ 523.152650][T12322] use of bytesused == 0 is deprecated and will be removed in the future, [ 523.152666][T12322] use the actual size instead. [ 523.154184][T12322] FAULT_INJECTION: forcing a failure. [ 523.154184][T12322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 523.154216][T12322] CPU: 1 UID: 0 PID: 12322 Comm: syz.4.2172 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 523.154243][T12322] Tainted: [L]=SOFTLOCKUP [ 523.154250][T12322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 523.154261][T12322] Call Trace: [ 523.154268][T12322] [ 523.154276][T12322] dump_stack_lvl+0xe8/0x150 [ 523.154310][T12322] should_fail_ex+0x46c/0x600 [ 523.154340][T12322] _copy_from_user+0x2d/0xb0 [ 523.154360][T12322] video_usercopy+0x349/0x13f0 [ 523.154385][T12322] ? smk_tskacc+0x2fc/0x370 [ 523.154408][T12322] ? __pfx___video_do_ioctl+0x10/0x10 [ 523.154427][T12322] ? __pfx_video_usercopy+0x10/0x10 [ 523.154443][T12322] ? smack_file_ioctl+0x24d/0x340 [ 523.154481][T12322] ? __fget_files+0x2a/0x420 [ 523.154501][T12322] ? __fget_files+0x3a6/0x420 [ 523.154523][T12322] v4l2_ioctl+0x190/0x1e0 [ 523.154543][T12322] ? __pfx_v4l2_ioctl+0x10/0x10 [ 523.154561][T12322] __se_sys_ioctl+0xff/0x170 [ 523.154587][T12322] do_syscall_64+0xec/0xf80 [ 523.154606][T12322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.154624][T12322] ? trace_irq_disable+0x37/0x100 [ 523.154643][T12322] ? clear_bhb_loop+0x60/0xb0 [ 523.154666][T12322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.154684][T12322] RIP: 0033:0x7fb915caf749 [ 523.154701][T12322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.154718][T12322] RSP: 002b:00007fb913f0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 523.154739][T12322] RAX: ffffffffffffffda RBX: 00007fb915f05fa0 RCX: 00007fb915caf749 [ 523.154752][T12322] RDX: 0000200000000280 RSI: 0000000040045612 RDI: 0000000000000003 [ 523.154765][T12322] RBP: 00007fb913f0e090 R08: 0000000000000000 R09: 0000000000000000 [ 523.154776][T12322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.154787][T12322] R13: 00007fb915f06038 R14: 00007fb915f05fa0 R15: 00007ffd03ef55d8 [ 523.154817][T12322] [ 523.416741][ T6289] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.696898][T12328] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2174'. [ 526.007233][ T6063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.027399][ T9] cdc_ncm 4-1:1.0: skipping garbage [ 526.027418][ T9] cdc_ncm 4-1:1.0: skipping garbage [ 526.027430][ T9] cdc_ncm 4-1:1.0: skipping garbage [ 526.027439][ T9] cdc_ncm 4-1:1.0: skipping garbage [ 526.027452][ T9] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 526.027487][ T9] cdc_ncm 4-1:1.0: bind() failure [ 526.560110][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 526.610802][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.612712][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.613571][ T6063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.644561][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 526.682778][ T58] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 526.738348][ T58] bond0 (unregistering): Released all slaves [ 527.961715][ T58] bond1 (unregistering): Released all slaves [ 528.004536][T12155] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 528.004554][T12155] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.004581][T12155] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 528.112084][T12155] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.112101][T12155] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.112126][T12155] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.213756][ T6113] usb 4-1: USB disconnect, device number 36 [ 528.684353][ T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 529.646978][T12155] hsr_slave_0: entered promiscuous mode [ 529.660122][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 529.676568][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 529.676588][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.676598][ T9] usb 5-1: Product: syz [ 529.676606][ T9] usb 5-1: Manufacturer: syz [ 529.676613][ T9] usb 5-1: SerialNumber: syz [ 529.684955][ T9] usb 5-1: config 0 descriptor?? [ 529.733231][T12155] hsr_slave_1: entered promiscuous mode [ 529.734221][T12155] debugfs: 'hsr0' already exists in 'hsr' [ 529.734245][T12155] Cannot create hsr debugfs directory [ 529.898735][ T9] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 530.165012][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 530.166017][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 530.167376][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 530.464928][T12356] infiniband syz2: set active [ 530.464948][T12356] infiniband syz2: added vxcan1 [ 530.468131][T12356] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 530.470654][T12356] infiniband syz2: Couldn't open port 1 [ 530.579526][T12356] RDS/IB: syz2: added [ 530.579619][T12356] smc: adding ib device syz2 with port count 1 [ 530.579644][T12356] smc: ib device syz2 port 1 has no pnetid [ 530.736621][ T6113] vxcan1 speed is unknown, defaulting to 1000 [ 530.756027][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 531.060627][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 531.685291][ T31] vxcan1 speed is unknown, defaulting to 1000 [ 531.700772][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 531.700877][T12370] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2184'. [ 531.862163][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.899813][ T9] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 531.922484][ T37] kauditd_printk_skb: 36 callbacks suppressed [ 531.922500][ T37] audit: type=1326 audit(2000000123.069:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12343 comm="syz.4.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 531.922546][ T37] audit: type=1326 audit(2000000123.079:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12343 comm="syz.4.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 531.922588][ T37] audit: type=1326 audit(2000000123.079:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12343 comm="syz.4.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 531.922630][ T37] audit: type=1326 audit(2000000123.079:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12343 comm="syz.4.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 531.922672][ T37] audit: type=1326 audit(2000000123.079:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12343 comm="syz.4.2180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 532.010751][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 532.278145][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 532.494510][T12356] vxcan1 speed is unknown, defaulting to 1000 [ 532.521404][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.521900][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.522355][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 533.010203][ T989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 533.036402][ T9] usb 5-1: USB disconnect, device number 37 [ 533.165505][T12392] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2190'. [ 533.480229][T12384] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.2186'. [ 533.525563][ T37] audit: type=1326 audit(2000000124.739:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.4.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 533.533323][ T37] audit: type=1326 audit(2000000124.749:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.4.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 533.552101][ T37] audit: type=1326 audit(2000000124.759:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.4.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 533.555454][ T37] audit: type=1326 audit(2000000124.769:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.4.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 533.919480][ T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 534.080404][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 534.083083][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 534.084561][ T9] usb 5-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 534.084583][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 534.085601][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 534.089019][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 534.089046][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.089064][ T9] usb 5-1: Product: syz [ 534.089077][ T9] usb 5-1: Manufacturer: syz [ 534.089090][ T9] usb 5-1: SerialNumber: syz [ 534.320570][T12412] vivid-002: disconnect [ 534.352972][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 534.352985][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 534.352991][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 534.352997][ T9] cdc_ncm 5-1:1.0: skipping garbage [ 534.353004][ T9] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 534.353026][ T9] cdc_ncm 5-1:1.0: bind() failure [ 534.370523][ T9] usb 5-1: USB disconnect, device number 38 [ 534.394720][T12412] netlink: 'syz.1.2193': attribute type 3 has an invalid length. [ 534.541547][T12413] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2194'. [ 534.753330][ T5959] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 534.900867][ T5959] usb 2-1: device descriptor read/64, error -71 [ 535.066539][ T37] audit: type=1326 audit(2000000126.279:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12420 comm="syz.2.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f580eacf749 code=0x7ffc0000 [ 535.141736][ T5959] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 535.292153][ T5959] usb 2-1: device descriptor read/64, error -71 [ 535.400081][ T5959] usb usb2-port1: attempt power cycle [ 535.861078][ T5959] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 535.893912][ T5959] usb 2-1: device descriptor read/8, error -71 [ 535.981244][ T58] hsr_slave_0: left promiscuous mode [ 536.007013][ T58] hsr_slave_1: left promiscuous mode [ 536.009029][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 536.009057][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.519919][ T5959] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 536.660863][ T5959] usb 2-1: device descriptor read/8, error -71 [ 536.689727][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.689755][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.771669][ T58] veth1_macvtap: left promiscuous mode [ 536.771785][ T58] veth0_macvtap: left promiscuous mode [ 536.772036][ T58] veth1_vlan: left promiscuous mode [ 536.772208][ T58] veth0_vlan: left promiscuous mode [ 536.774907][ T5959] usb usb2-port1: unable to enumerate USB device [ 537.279240][T12410] vivid-002: reconnect [ 537.458355][T12458] FAULT_INJECTION: forcing a failure. [ 537.458355][T12458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 537.458393][T12458] CPU: 0 UID: 0 PID: 12458 Comm: syz.1.2202 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 537.458420][T12458] Tainted: [L]=SOFTLOCKUP [ 537.458426][T12458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 537.458438][T12458] Call Trace: [ 537.458446][T12458] [ 537.458455][T12458] dump_stack_lvl+0xe8/0x150 [ 537.458485][T12458] should_fail_ex+0x46c/0x600 [ 537.458516][T12458] _copy_from_user+0x2d/0xb0 [ 537.458535][T12458] io_submit_one+0xc2/0x1440 [ 537.458563][T12458] ? irqentry_exit+0x5e8/0x670 [ 537.458582][T12458] ? lockdep_hardirqs_on+0x7b/0x110 [ 537.458600][T12458] ? irqentry_exit+0x5e8/0x670 [ 537.458623][T12458] ? __pfx_io_submit_one+0x10/0x10 [ 537.458648][T12458] ? __might_fault+0xb0/0x130 [ 537.458685][T12458] ? __might_fault+0xb0/0x130 [ 537.458715][T12458] __se_sys_io_submit+0x185/0x320 [ 537.458740][T12458] ? __pfx___se_sys_io_submit+0x10/0x10 [ 537.458760][T12458] ? ksys_write+0x230/0x260 [ 537.458809][T12458] do_syscall_64+0xec/0xf80 [ 537.458827][T12458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.458845][T12458] ? trace_irq_disable+0x37/0x100 [ 537.458864][T12458] ? clear_bhb_loop+0x60/0xb0 [ 537.458886][T12458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.458905][T12458] RIP: 0033:0x7fa91aacf749 [ 537.458922][T12458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.458939][T12458] RSP: 002b:00007fa918d2e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 537.458959][T12458] RAX: ffffffffffffffda RBX: 00007fa91ad25fa0 RCX: 00007fa91aacf749 [ 537.458974][T12458] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 00007fa91b862000 [ 537.458987][T12458] RBP: 00007fa918d2e090 R08: 0000000000000000 R09: 0000000000000000 [ 537.458999][T12458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 537.459010][T12458] R13: 00007fa91ad26038 R14: 00007fa91ad25fa0 R15: 00007ffcf07e7d38 [ 537.459041][T12458] [ 537.466389][T12457] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2203'. [ 537.496630][T12459] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 537.500825][ T6061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.569859][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 538.130011][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 538.147851][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.890281][ T58] team0 (unregistering): Port device team_slave_1 removed [ 539.985622][T12469] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 540.221771][ T58] team0 (unregistering): Port device team_slave_0 removed [ 540.614741][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 540.614758][ T37] audit: type=1326 audit(2000000131.829:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 540.615039][ T37] audit: type=1326 audit(2000000131.829:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 540.615330][ T37] audit: type=1326 audit(2000000131.829:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 540.617209][ T37] audit: type=1326 audit(2000000131.829:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 540.617475][ T37] audit: type=1326 audit(2000000131.829:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 540.621096][ T37] audit: type=1326 audit(2000000131.839:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb915cadf90 code=0x7ffc0000 [ 540.622006][ T37] audit: type=1326 audit(2000000131.839:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb915caf34b code=0x7ffc0000 [ 540.622388][ T37] audit: type=1326 audit(2000000131.839:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb915caf34b code=0x7ffc0000 [ 540.642632][ T37] audit: type=1326 audit(2000000131.859:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb915caf34b code=0x7ffc0000 [ 540.643021][ T37] audit: type=1326 audit(2000000131.859:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12470 comm="syz.4.2206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb915caf34b code=0x7ffc0000 [ 540.889532][ T31] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 541.069557][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 541.074294][ T31] usb 5-1: unable to get BOS descriptor or descriptor too short [ 541.076219][ T31] usb 5-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 541.076244][ T31] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 541.076299][ T31] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 541.080492][ T31] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 541.080520][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.080540][ T31] usb 5-1: Product: syz [ 541.080552][ T31] usb 5-1: Manufacturer: syz [ 541.080565][ T31] usb 5-1: SerialNumber: syz [ 541.444847][ T31] cdc_ncm 5-1:1.0: skipping garbage [ 541.444869][ T31] cdc_ncm 5-1:1.0: skipping garbage [ 541.444881][ T31] cdc_ncm 5-1:1.0: skipping garbage [ 541.444893][ T31] cdc_ncm 5-1:1.0: skipping garbage [ 541.444906][ T31] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 541.444944][ T31] cdc_ncm 5-1:1.0: bind() failure [ 541.576380][ T31] usb 5-1: USB disconnect, device number 39 [ 542.536246][ T6054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 542.612318][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.249968][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.359470][ T5931] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 544.158338][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 544.165647][ T6054] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 544.269534][ T5931] usb 5-1: Using ep0 maxpacket: 8 [ 544.284508][ T5931] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 544.284535][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.284552][ T5931] usb 5-1: Product: syz [ 544.284566][ T5931] usb 5-1: Manufacturer: syz [ 544.284578][ T5931] usb 5-1: SerialNumber: syz [ 544.295179][ T5931] usb 5-1: config 0 descriptor?? [ 544.520496][ T5931] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 544.640249][T12445] bridge_slave_1: left allmulticast mode [ 544.640270][T12445] bridge_slave_1: left promiscuous mode [ 544.641923][T12445] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.689523][ T5801] Bluetooth: hci2: command 0x0406 tx timeout [ 544.710805][T12445] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 544.755249][T12462] syz_tun: entered promiscuous mode [ 544.755521][T12462] macvtap1: entered promiscuous mode [ 544.755738][T12462] macvtap1: entered allmulticast mode [ 544.755752][T12462] syz_tun: entered allmulticast mode [ 544.931247][T12462] syz_tun: left allmulticast mode [ 544.931619][T12462] syz_tun: left promiscuous mode [ 545.639935][T12502] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 546.068544][ T5931] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 546.080470][ T37] kauditd_printk_skb: 32 callbacks suppressed [ 546.080486][ T37] audit: type=1326 audit(2000000137.279:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.4.2209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 546.080534][ T37] audit: type=1326 audit(2000000137.279:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.4.2209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 546.080574][ T37] audit: type=1326 audit(2000000137.279:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.4.2209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 546.080728][ T37] audit: type=1326 audit(2000000137.289:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.4.2209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 546.081320][ T5931] usb 5-1: USB disconnect, device number 40 [ 546.307514][ T6113] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 546.465827][ T6113] usb 2-1: Using ep0 maxpacket: 16 [ 546.469399][ T6113] usb 2-1: config 1 interface 0 has no altsetting 0 [ 546.475138][ T6113] usb 2-1: New USB device found, idVendor=1477, idProduct=1021, bcdDevice= 0.40 [ 546.475165][ T6113] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.475175][ T6113] usb 2-1: Product: ㆆ걶氪쯴䞸ᬃ瀚堾伥䂩趮㯴쾪雟ᦖ᧋ꘀฃꔵ뭸쥚丳ᛢ뼉멞阠玦鎄℣勂鿽뭯∝㍄趬鵞鐼扙歏썾桼ᴿ昄滤ꪼﯵﳌ὿資쁒ྻ䆕ٴദ㻈葊뎗䏻ⷶ䶾賉鼠휕볞츅變ꯞ舗툾㻳ꈾි㒒쭐ⱶ҃⓲㞐鵟株憇큯鳸⧣뎷먿ᔙ䔬﹂ᇍ肉ៈ䫋ݟ;献䏒빞뵌疆福㞂鷾햃阶 [ 546.475192][ T6113] usb 2-1: Manufacturer: 썥䁈혉푁ȍ޵ₔ₩ꔠロ䙦칅勌圦춰쁲ꭇ㸎ꡈ䦳넶䇁늜࿖ᒇ뱺둣铚쓝ᩇ픂⦏랍༢곂⿇䠖پ罹彯鷴⟅콳♶⋵ᔲɋ過ᝃ⃭᜜䑞얘䭛뢒鿠쿃뉵ꉻ䫑鼪逸ڸ둲෪앞ܜꦸ솊櫮ꗧ汹̓뎸∅썼ᶚ [ 546.475206][ T6113] usb 2-1: SerialNumber: syz [ 546.578710][T12508] Invalid ELF header magic: != ELF [ 547.069947][T12527] Invalid ELF header magic: != ELF [ 547.219556][ T5931] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 547.404143][ T5931] usb 5-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 547.404173][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.404192][ T5931] usb 5-1: Product: syz [ 547.404205][ T5931] usb 5-1: Manufacturer: syz [ 547.404219][ T5931] usb 5-1: SerialNumber: syz [ 547.446619][ T5931] usb 5-1: config 0 descriptor?? [ 547.474417][ T5931] hub 5-1:0.0: bad descriptor, ignoring hub [ 547.474475][ T5931] hub 5-1:0.0: probe with driver hub failed with error -5 [ 547.542427][ T5931] f81232 5-1:0.0: f81534a converter detected [ 547.918589][T12524] smc: ib device syz2 ibport 2 applied user defined pnetid SYZ0 [ 547.945297][ T5931] usb 5-1: f81534a converter now attached to ttyUSB0 [ 548.270036][ T5931] usb 5-1: USB disconnect, device number 41 [ 548.473382][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.527661][ T5931] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0 [ 548.528505][ T5931] f81232 5-1:0.0: device disconnected [ 549.010446][ T6062] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.025470][ T6113] usbhid 2-1:1.0: can't add hid device: -71 [ 549.025600][ T6113] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 549.054979][ T6113] usb 2-1: USB disconnect, device number 22 [ 550.690874][T12552] fuse: Bad value for 'fd' [ 550.766995][ T5808] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 550.767030][ T5808] CPU: 1 UID: 0 PID: 5808 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 550.767060][ T5808] Tainted: [L]=SOFTLOCKUP [ 550.767068][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 550.767083][ T5808] Workqueue: hci2 hci_rx_work [ 550.767107][ T5808] Call Trace: [ 550.767116][ T5808] [ 550.767125][ T5808] dump_stack_lvl+0xe8/0x150 [ 550.767154][ T5808] sysfs_create_dir_ns+0x259/0x280 [ 550.767182][ T5808] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 550.767217][ T5808] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 550.767249][ T5808] ? rt_spin_unlock+0x161/0x200 [ 550.767278][ T5808] kobject_add_internal+0x6b1/0xcd0 [ 550.767320][ T5808] kobject_add+0x155/0x220 [ 550.767348][ T5808] ? __pfx_kobject_add+0x10/0x10 [ 550.767379][ T5808] ? get_device_parent+0x370/0x3a0 [ 550.767411][ T5808] device_add+0x408/0xb80 [ 550.767437][ T5808] hci_conn_add_sysfs+0xd5/0x210 [ 550.767473][ T5808] le_conn_complete_evt+0xf1d/0x1420 [ 550.767510][ T5808] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 550.767535][ T5808] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 550.767553][ T5808] ? lockdep_hardirqs_on+0x7b/0x110 [ 550.767577][ T5808] ? skb_pull_data+0xfb/0x200 [ 550.767611][ T5808] hci_le_conn_complete_evt+0x187/0x480 [ 550.767643][ T5808] hci_event_packet+0x78f/0x1260 [ 550.767677][ T5808] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 550.767702][ T5808] ? __pfx_hci_event_packet+0x10/0x10 [ 550.767743][ T5808] ? hci_send_to_monitor+0xe2/0x590 [ 550.767772][ T5808] hci_rx_work+0x3ee/0x1060 [ 550.767799][ T5808] ? process_scheduled_works+0x9ef/0x1770 [ 550.767824][ T5808] process_scheduled_works+0xad1/0x1770 [ 550.767878][ T5808] ? __pfx_process_scheduled_works+0x10/0x10 [ 550.767904][ T5808] ? do_raw_spin_lock+0x121/0x290 [ 550.767945][ T5808] worker_thread+0x8a0/0xda0 [ 550.767982][ T5808] ? __kthread_parkme+0x7b/0x200 [ 550.768018][ T5808] kthread+0x711/0x8a0 [ 550.768049][ T5808] ? __pfx_worker_thread+0x10/0x10 [ 550.768072][ T5808] ? __pfx_kthread+0x10/0x10 [ 550.768096][ T5808] ? rt_spin_unlock+0x150/0x200 [ 550.768125][ T5808] ? rt_spin_unlock+0x161/0x200 [ 550.768148][ T5808] ? __pfx_kthread+0x10/0x10 [ 550.768175][ T5808] ret_from_fork+0x510/0xa50 [ 550.768200][ T5808] ? __pfx_ret_from_fork+0x10/0x10 [ 550.768219][ T5808] ? __switch_to+0xc9e/0x1480 [ 550.768253][ T5808] ? __pfx_kthread+0x10/0x10 [ 550.768280][ T5808] ret_from_fork_asm+0x1a/0x30 [ 550.768378][ T5808] [ 550.768731][ T5808] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 550.768938][ T5808] Bluetooth: hci2: failed to register connection device [ 551.109118][ T6062] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.119495][ T37] audit: type=1326 audit(2000000140.979:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119550][ T37] audit: type=1326 audit(2000000140.979:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119600][ T37] audit: type=1326 audit(2000000140.989:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119643][ T37] audit: type=1326 audit(2000000140.989:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119684][ T37] audit: type=1326 audit(2000000140.989:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119725][ T37] audit: type=1326 audit(2000000140.989:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa91aacdf90 code=0x7ffc0000 [ 551.119767][ T37] audit: type=1326 audit(2000000140.989:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fa91aad0f77 code=0x7ffc0000 [ 551.119808][ T37] audit: type=1326 audit(2000000140.989:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa91aacf749 code=0x7ffc0000 [ 551.119849][ T37] audit: type=1326 audit(2000000140.989:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fa91aad0f77 code=0x7ffc0000 [ 551.119890][ T37] audit: type=1326 audit(2000000140.989:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12545 comm="syz.1.2224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa91aace3aa code=0x7ffc0000 [ 551.299497][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.323329][T12155] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 551.751460][T12155] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 551.874889][T12155] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 552.213473][ T5931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.306108][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.423162][ T5799] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.895236][T12155] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 553.604889][ T5931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 553.961942][T12575] input: syz0 as /devices/virtual/input/input17 [ 554.023283][ T5931] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 554.120454][T12155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 554.130982][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 554.131025][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 554.169551][ T5931] usb 2-1: Using ep0 maxpacket: 8 [ 554.176315][ T5931] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 554.176345][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.176365][ T5931] usb 2-1: Product: syz [ 554.176378][ T5931] usb 2-1: Manufacturer: syz [ 554.176392][ T5931] usb 2-1: SerialNumber: syz [ 554.224442][T12155] 8021q: adding VLAN 0 to HW filter on device team0 [ 554.231520][ T5931] usb 2-1: config 0 descriptor?? [ 554.399873][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.400081][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.473198][ T5931] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 554.488620][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.488757][ T6071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.509699][T12593] comedi: No check for data length of config insn id 4 is implemented [ 554.509717][T12593] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 554.509729][T12593] comedi: Assuming n=25214 is correct [ 554.904548][ T5808] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 555.994587][ T5931] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 556.280270][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 556.450758][T12604] Invalid ELF header magic: != ELF [ 556.506492][ T6071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 557.104491][ T9] usb 2-1: USB disconnect, device number 23 [ 557.300659][T12625] FAULT_INJECTION: forcing a failure. [ 557.300659][T12625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 557.300694][T12625] CPU: 0 UID: 0 PID: 12625 Comm: syz.1.2241 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 557.300719][T12625] Tainted: [L]=SOFTLOCKUP [ 557.300725][T12625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 557.300737][T12625] Call Trace: [ 557.300744][T12625] [ 557.300752][T12625] dump_stack_lvl+0xe8/0x150 [ 557.300783][T12625] should_fail_ex+0x46c/0x600 [ 557.300814][T12625] _copy_from_user+0x2d/0xb0 [ 557.300834][T12625] input_event_from_user+0xb2/0x280 [ 557.300858][T12625] ? __pfx_input_event_from_user+0x10/0x10 [ 557.300887][T12625] ? rt_spin_unlock+0x161/0x200 [ 557.300914][T12625] evdev_write+0x2a9/0x480 [ 557.300933][T12625] ? __lock_acquire+0x6b6/0x2cf0 [ 557.300967][T12625] ? __pfx_evdev_write+0x10/0x10 [ 557.300991][T12625] ? rw_verify_area+0x25b/0x4e0 [ 557.301014][T12625] ? __pfx_evdev_write+0x10/0x10 [ 557.301034][T12625] vfs_write+0x287/0xb40 [ 557.301066][T12625] ? __pfx_vfs_write+0x10/0x10 [ 557.301092][T12625] ? __fget_files+0x2a/0x420 [ 557.301114][T12625] ? __fget_files+0x2a/0x420 [ 557.301131][T12625] ? __fget_files+0x3a6/0x420 [ 557.301149][T12625] ? __fget_files+0x2a/0x420 [ 557.301177][T12625] ksys_write+0x14b/0x260 [ 557.301203][T12625] ? __pfx_ksys_write+0x10/0x10 [ 557.301240][T12625] do_syscall_64+0xec/0xf80 [ 557.301258][T12625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.301276][T12625] ? trace_irq_disable+0x37/0x100 [ 557.301294][T12625] ? clear_bhb_loop+0x60/0xb0 [ 557.301317][T12625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.301335][T12625] RIP: 0033:0x7fa91aacf749 [ 557.301352][T12625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.301369][T12625] RSP: 002b:00007fa918d2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 557.301390][T12625] RAX: ffffffffffffffda RBX: 00007fa91ad25fa0 RCX: 00007fa91aacf749 [ 557.301404][T12625] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003 [ 557.301416][T12625] RBP: 00007fa918d2e090 R08: 0000000000000000 R09: 0000000000000000 [ 557.301428][T12625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 557.301440][T12625] R13: 00007fa91ad26038 R14: 00007fa91ad25fa0 R15: 00007ffcf07e7d38 [ 557.301472][T12625] [ 558.793859][T12155] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 559.774326][ T6057] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 559.889914][ T3444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 560.089567][T12155] veth0_vlan: entered promiscuous mode [ 560.140723][T12155] veth1_vlan: entered promiscuous mode [ 560.272617][T12155] veth0_macvtap: entered promiscuous mode [ 560.302985][T12155] veth1_macvtap: entered promiscuous mode [ 560.359284][T12155] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.381807][T12155] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.421157][ T6053] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.423137][ T6053] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.423178][ T6053] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.423212][ T6053] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.430200][ T6289] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 560.582634][ T6289] usb 5-1: Using ep0 maxpacket: 8 [ 560.586257][ T6289] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 560.586290][ T6289] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 560.586323][ T6289] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 560.586346][ T6289] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 560.586387][ T6289] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 560.586408][ T6289] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.410197][ T6289] usb 5-1: usb_control_msg returned -32 [ 561.410229][ T6289] usbtmc 5-1:16.0: can't read capabilities [ 561.454463][ T3506] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.585880][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.585903][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.728341][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.728363][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.934748][ T1096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 563.097302][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.097404][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.107713][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 563.159901][ T5959] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 563.186357][ T6113] usb 5-1: USB disconnect, device number 42 [ 563.191273][ T6289] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 563.319499][ T5959] usb 4-1: Using ep0 maxpacket: 8 [ 563.349517][ T5959] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 563.349547][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.349566][ T5959] usb 4-1: Product: syz [ 563.349577][ T5959] usb 4-1: Manufacturer: syz [ 563.349591][ T5959] usb 4-1: SerialNumber: syz [ 563.353850][ T5959] usb 4-1: config 0 descriptor?? [ 563.390933][ T6289] usb 1-1: unable to get BOS descriptor or descriptor too short [ 563.391679][ T6289] usb 1-1: not running at top speed; connect to a high speed hub [ 563.414907][ T6289] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 563.414932][ T6289] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 563.418623][ T6289] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 563.418644][ T6289] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.418654][ T6289] usb 1-1: Product: syz [ 563.418661][ T6289] usb 1-1: Manufacturer: syz [ 563.418668][ T6289] usb 1-1: SerialNumber: syz [ 563.565702][ T5959] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 564.597126][ T6289] usb 1-1: 0:2 : does not exist [ 564.597284][ T6289] usb 1-1: unit 205 not found! [ 565.789364][ T5959] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 565.805018][ T6053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 565.828693][ T6061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 565.857784][ T6289] usb 1-1: USB disconnect, device number 7 [ 566.095800][T12532] udevd[12532]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 566.969258][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 567.001577][ T6216] usb 4-1: USB disconnect, device number 37 [ 567.590017][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 569.281061][T12747] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 569.669502][ T5799] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 569.693676][ T5801] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 569.862433][ T5799] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 569.862463][ T5799] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 569.862484][ T5799] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 569.862532][ T5799] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 569.862553][ T5799] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.876659][ T5799] usb 1-1: config 0 descriptor?? [ 570.172915][T12752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.173526][T12752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.279667][ T31] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 570.382508][ T5799] hid_parser_main: 5 callbacks suppressed [ 570.382530][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382559][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382582][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382604][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382628][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382652][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382677][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382701][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382724][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.382749][ T5799] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 570.439122][ T5799] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 570.463038][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 570.533188][ T31] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 570.533207][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.533216][ T31] usb 5-1: Product: syz [ 570.533224][ T31] usb 5-1: Manufacturer: syz [ 570.533231][ T31] usb 5-1: SerialNumber: syz [ 570.545566][ T31] usb 5-1: config 0 descriptor?? [ 570.780272][ T31] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 570.804141][ T6289] usb 1-1: USB disconnect, device number 8 [ 570.889241][ T6053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 570.929889][ T5799] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 570.998031][T12776] fido_id[12776]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 571.082545][ T5799] usb 2-1: unable to get BOS descriptor or descriptor too short [ 571.084022][ T5799] usb 2-1: not running at top speed; connect to a high speed hub [ 571.086665][ T5799] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 571.086681][ T5799] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 571.097798][ T5799] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 571.097826][ T5799] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.098371][ T5799] usb 2-1: Product: syz [ 571.098387][ T5799] usb 2-1: Manufacturer: syz [ 571.098399][ T5799] usb 2-1: SerialNumber: syz [ 571.436077][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.568698][ T5799] usb 2-1: 0:2 : does not exist [ 571.579646][ T5799] usb 2-1: unit 205 not found! [ 572.102504][T12777] syz.1.2266 (12777) used greatest stack depth: 17680 bytes left [ 572.201534][ T5801] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 572.214346][ T37] kauditd_printk_skb: 52 callbacks suppressed [ 572.214364][ T37] audit: type=1326 audit(2000000163.429:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12764 comm="syz.4.2272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 572.214457][ T37] audit: type=1326 audit(2000000163.429:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12764 comm="syz.4.2272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 572.214496][ T37] audit: type=1326 audit(2000000163.429:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12764 comm="syz.4.2272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 572.214797][ T37] audit: type=1326 audit(2000000163.429:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12764 comm="syz.4.2272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 572.215573][ T37] audit: type=1326 audit(2000000163.429:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12764 comm="syz.4.2272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb915caf749 code=0x7ffc0000 [ 572.218002][ T31] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 572.245329][ T5799] usb 2-1: USB disconnect, device number 24 [ 572.254960][ T31] usb 5-1: USB disconnect, device number 43 [ 572.382559][T12532] udevd[12532]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 572.430197][ T5991] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 572.595986][ T5991] usb 1-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 572.596016][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.596035][ T5991] usb 1-1: Product: syz [ 572.596048][ T5991] usb 1-1: Manufacturer: syz [ 572.596061][ T5991] usb 1-1: SerialNumber: syz [ 572.615599][ T5991] usb 1-1: config 0 descriptor?? [ 572.645587][ T5991] hub 1-1:0.0: bad descriptor, ignoring hub [ 572.645625][ T5991] hub 1-1:0.0: probe with driver hub failed with error -5 [ 572.646805][ T5991] f81232 1-1:0.0: f81534a converter detected [ 572.689732][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.690483][ T1440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 573.746670][ T1412] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 573.964112][T12803] input: syz0 as /devices/virtual/input/input18 [ 574.159555][ T5991] f81534a ttyUSB0: f81232_set_register failed status: -71 [ 574.159582][ T5991] f81534a ttyUSB0: probe with driver f81534a failed with error -5 [ 574.180765][ T5991] usb 1-1: USB disconnect, device number 9 [ 574.183283][ T5991] f81232 1-1:0.0: device disconnected [ 574.581240][ T37] audit: type=1326 audit(2000000165.759:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12814 comm="syz.0.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd15a70f749 code=0x7ffc0000 [ 574.581394][ T37] audit: type=1326 audit(2000000165.759:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12814 comm="syz.0.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd15a70df90 code=0x7ffc0000 [ 574.581592][ T37] audit: type=1326 audit(2000000165.769:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12814 comm="syz.0.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fd15a710f77 code=0x7ffc0000 [ 574.581769][ T37] audit: type=1326 audit(2000000165.769:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12814 comm="syz.0.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd15a70f749 code=0x7ffc0000 [ 574.581979][ T37] audit: type=1326 audit(2000000165.769:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12814 comm="syz.0.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fd15a710f77 code=0x7ffc0000 [ 574.883649][ T5801] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 574.883706][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 574.883737][ T5801] Tainted: [L]=SOFTLOCKUP [ 574.883744][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 574.883758][ T5801] Workqueue: hci5 hci_rx_work [ 574.883782][ T5801] Call Trace: [ 574.883790][ [ 574.883790][ T5801] [ 574.883799][ T5801] dump_stack_lvl+0xe8/0x150 [ 574.883829][ T5801] sysfs_create_dir_ns+0x259/0x280 [ 574.883858][ T5801] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 574.883886][ T5801] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 574.883912][ T5801] ? __rcu_read_unlock+0x84/0xe0 [ 574.883938][ T5801] ? rt_spin_unlock+0x161/0x200 [ 574.883973][ T5801] kobject_add_internal+0x6b1/0xcd0 [ 574.884005][ T5801] kobject_add+0x155/0x220 [ 574.884030][ T5801] ? __pfx_kobject_add+0x10/0x10 [ 574.884060][ T5801] ? get_device_parent+0x370/0x3a0 [ 574.884087][ T5801] device_add+0x408/0xb80 [ 574.884113][ T5801] hci_conn_add_sysfs+0xd5/0x210 [ 574.884145][ T5801] le_conn_complete_evt+0xf1d/0x1420 [ 574.884170][ T5801] ? lockdep_hardirqs_on+0x7b/0x110 [ 574.884195][ T5801] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 574.884223][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 574.884245][ T5801] ? skb_pull_data+0xfb/0x200 [ 574.884278][ T5801] hci_le_conn_complete_evt+0x187/0x480 [ 574.884310][ T5801] hci_event_packet+0x78f/0x1260 [ 574.884342][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 574.884369][ T5801] ? __pfx_hci_event_packet+0x10/0x10 [ 574.884397][ T5801] ? preempt_schedule_common+0x83/0xd0 [ 574.884426][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 574.884454][ T5801] ? hci_send_to_monitor+0xe2/0x590 [ 574.884482][ T5801] hci_rx_work+0x3ee/0x1060 [ 574.884502][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 574.884525][ T5801] ? process_scheduled_works+0x9ef/0x1770 [ 574.884550][ T5801] process_scheduled_works+0xad1/0x1770 [ 574.884608][ T5801] ? __pfx_process_scheduled_works+0x10/0x10 [ 574.884627][ T5801] ? do_raw_spin_lock+0x121/0x290 [ 574.884668][ T5801] worker_thread+0x8a0/0xda0 [ 574.884705][ T5801] ? __kthread_parkme+0x7b/0x200 [ 574.884740][ T5801] kthread+0x711/0x8a0 [ 574.884770][ T5801] ? __pfx_worker_thread+0x10/0x10 [ 574.884792][ T5801] ? __pfx_kthread+0x10/0x10 [ 574.884815][ T5801] ? rt_spin_unlock+0x150/0x200 [ 574.884845][ T5801] ? rt_spin_unlock+0x161/0x200 [ 574.884867][ T5801] ? __pfx_kthread+0x10/0x10 [ 574.884894][ T5801] ret_from_fork+0x510/0xa50 [ 574.884919][ T5801] ? __pfx_ret_from_fork+0x10/0x10 [ 574.884939][ T5801] ? __switch_to+0xc9e/0x1480 [ 574.884984][ T5801] ? __pfx_kthread+0x10/0x10 [ 574.885012][ T5801] ret_from_fork_asm+0x1a/0x30 [ 574.885058][ T5801] [ 574.891131][ T5801] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 574.891372][ T5801] Bluetooth: hci5: failed to register connection device [ 575.304670][ T5801] ================================================================== [ 575.304688][ T5801] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.304724][ T5801] Read of size 8 at addr ffff8880268f17b0 by task kworker/u9:2/5801 [ 575.304740][ T5801] [ 575.304754][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 575.304780][ T5801] Tainted: [L]=SOFTLOCKUP [ 575.304787][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 575.304801][ T5801] Workqueue: hci5 hci_rx_work [ 575.304820][ T5801] Call Trace: [ 575.304828][ T5801] [ 575.304836][ T5801] dump_stack_lvl+0xe8/0x150 [ 575.304864][ T5801] print_report+0xca/0x240 [ 575.304885][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.304911][ T5801] kasan_report+0x118/0x150 [ 575.304941][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.304973][ T5801] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.305003][ T5801] l2cap_connect_cfm+0x367/0x10e0 [ 575.305031][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.305055][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.305077][ T5801] ? hci_connect_cfm+0x86/0x140 [ 575.305096][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.305137][ T5801] hci_connect_cfm+0x95/0x140 [ 575.305163][ T5801] le_conn_complete_evt+0xf65/0x1420 [ 575.305183][ T5801] ? lockdep_hardirqs_on+0x7b/0x110 [ 575.305201][ T5801] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 575.305221][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 575.305240][ T5801] ? skb_pull_data+0xfb/0x200 [ 575.305268][ T5801] hci_le_conn_complete_evt+0x187/0x480 [ 575.305292][ T5801] hci_event_packet+0x78f/0x1260 [ 575.305319][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 575.305340][ T5801] ? __pfx_hci_event_packet+0x10/0x10 [ 575.305364][ T5801] ? preempt_schedule_common+0x83/0xd0 [ 575.305389][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 575.305410][ T5801] ? hci_send_to_monitor+0xe2/0x590 [ 575.305433][ T5801] hci_rx_work+0x3ee/0x1060 [ 575.305451][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 575.305470][ T5801] ? process_scheduled_works+0x9ef/0x1770 [ 575.305491][ T5801] process_scheduled_works+0xad1/0x1770 [ 575.305524][ T5801] ? __pfx_process_scheduled_works+0x10/0x10 [ 575.305541][ T5801] ? do_raw_spin_lock+0x121/0x290 [ 575.305569][ T5801] worker_thread+0x8a0/0xda0 [ 575.305596][ T5801] ? __kthread_parkme+0x7b/0x200 [ 575.305621][ T5801] kthread+0x711/0x8a0 [ 575.305645][ T5801] ? __pfx_worker_thread+0x10/0x10 [ 575.305666][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.305689][ T5801] ? rt_spin_unlock+0x150/0x200 [ 575.305714][ T5801] ? rt_spin_unlock+0x161/0x200 [ 575.305736][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.305761][ T5801] ret_from_fork+0x510/0xa50 [ 575.305786][ T5801] ? __pfx_ret_from_fork+0x10/0x10 [ 575.305804][ T5801] ? __switch_to+0xc9e/0x1480 [ 575.305829][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.305853][ T5801] ret_from_fork_asm+0x1a/0x30 [ 575.305884][ T5801] [ 575.305891][ T5801] [ 575.305896][ T5801] Allocated by task 5801: [ 575.305914][ T5801] kasan_save_track+0x3e/0x80 [ 575.305937][ T5801] __kasan_kmalloc+0x93/0xb0 [ 575.305959][ T5801] __kmalloc_noprof+0x23e/0x7e0 [ 575.305981][ T5801] sk_prot_alloc+0xe7/0x220 [ 575.305999][ T5801] sk_alloc+0x3a/0x390 [ 575.306016][ T5801] bt_sock_alloc+0x3b/0x310 [ 575.306032][ T5801] l2cap_sock_new_connection_cb+0xe2/0x2e0 [ 575.306057][ T5801] l2cap_connect_cfm+0x367/0x10e0 [ 575.306079][ T5801] hci_connect_cfm+0x95/0x140 [ 575.306094][ T5801] le_conn_complete_evt+0xf65/0x1420 [ 575.306111][ T5801] hci_le_conn_complete_evt+0x187/0x480 [ 575.306129][ T5801] hci_event_packet+0x78f/0x1260 [ 575.306158][ T5801] hci_rx_work+0x3ee/0x1060 [ 575.306172][ T5801] process_scheduled_works+0xad1/0x1770 [ 575.306189][ T5801] worker_thread+0x8a0/0xda0 [ 575.306206][ T5801] kthread+0x711/0x8a0 [ 575.306227][ T5801] ret_from_fork+0x510/0xa50 [ 575.306241][ T5801] ret_from_fork_asm+0x1a/0x30 [ 575.306263][ T5801] [ 575.306267][ T5801] Freed by task 12818: [ 575.306275][ T5801] kasan_save_track+0x3e/0x80 [ 575.306297][ T5801] kasan_save_free_info+0x46/0x50 [ 575.306316][ T5801] __kasan_slab_free+0x5c/0x80 [ 575.306339][ T5801] kfree+0x1bd/0x900 [ 575.306360][ T5801] __sk_destruct+0x626/0x880 [ 575.306380][ T5801] l2cap_sock_cleanup_listen+0xe0/0x450 [ 575.306404][ T5801] l2cap_sock_release+0x6e/0x270 [ 575.306426][ T5801] sock_close+0xc3/0x240 [ 575.306450][ T5801] __fput+0x45b/0xa80 [ 575.306468][ T5801] task_work_run+0x1d4/0x260 [ 575.306491][ T5801] get_signal+0x11c4/0x1310 [ 575.306509][ T5801] arch_do_signal_or_restart+0x9a/0x7a0 [ 575.306534][ T5801] exit_to_user_mode_loop+0x87/0x4e0 [ 575.306556][ T5801] do_syscall_64+0x2c1/0xf80 [ 575.306572][ T5801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.306590][ T5801] [ 575.306595][ T5801] The buggy address belongs to the object at ffff8880268f1000 [ 575.306595][ T5801] which belongs to the cache kmalloc-2k of size 2048 [ 575.306612][ T5801] The buggy address is located 1968 bytes inside of [ 575.306612][ T5801] freed 2048-byte region [ffff8880268f1000, ffff8880268f1800) [ 575.306633][ T5801] [ 575.306638][ T5801] The buggy address belongs to the physical page: [ 575.306663][ T5801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x268f0 [ 575.306682][ T5801] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 575.306699][ T5801] flags: 0x80000000000040(head|node=0|zone=1) [ 575.306715][ T5801] page_type: f5(slab) [ 575.306733][ T5801] raw: 0080000000000040 ffff88813ff27000 ffffea00007ea000 dead000000000002 [ 575.306750][ T5801] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 575.306769][ T5801] head: 0080000000000040 ffff88813ff27000 ffffea00007ea000 dead000000000002 [ 575.306786][ T5801] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 575.306805][ T5801] head: 0080000000000003 ffffea00009a3c01 00000000ffffffff 00000000ffffffff [ 575.306822][ T5801] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 575.306832][ T5801] page dumped because: kasan: bad access detected [ 575.306843][ T5801] page_owner tracks the page as allocated [ 575.306854][ T5801] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 159, tgid 159 (kworker/u8:6), ts 9876739886, free_ts 0 [ 575.306887][ T5801] post_alloc_hook+0x234/0x290 [ 575.306911][ T5801] get_page_from_freelist+0x28c0/0x2960 [ 575.306928][ T5801] __alloc_frozen_pages_noprof+0x181/0x370 [ 575.306946][ T5801] alloc_pages_mpol+0xd1/0x380 [ 575.306961][ T5801] allocate_slab+0x86/0x3b0 [ 575.306980][ T5801] ___slab_alloc+0xb10/0x13e0 [ 575.306997][ T5801] __slab_alloc+0xc6/0x1f0 [ 575.307014][ T5801] __kmalloc_noprof+0x15f/0x7e0 [ 575.307037][ T5801] scsi_alloc_target+0x138/0xbb0 [ 575.307058][ T5801] __scsi_scan_target+0x15b/0xd10 [ 575.307079][ T5801] scsi_scan_host_selected+0x375/0x690 [ 575.307101][ T5801] do_scan_async+0x124/0x760 [ 575.307121][ T5801] async_run_entry_fn+0xa8/0x450 [ 575.307140][ T5801] process_scheduled_works+0xad1/0x1770 [ 575.307163][ T5801] worker_thread+0x8a0/0xda0 [ 575.307181][ T5801] kthread+0x711/0x8a0 [ 575.307203][ T5801] page_owner free stack trace missing [ 575.307210][ T5801] [ 575.307214][ T5801] Memory state around the buggy address: [ 575.307224][ T5801] ffff8880268f1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.307237][ T5801] ffff8880268f1700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.307251][ T5801] >ffff8880268f1780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.307260][ T5801] ^ [ 575.307271][ T5801] ffff8880268f1800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 575.307284][ T5801] ffff8880268f1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 575.307294][ T5801] ================================================================== [ 575.307327][ T5801] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 575.307350][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 575.307377][ T5801] Tainted: [L]=SOFTLOCKUP [ 575.307384][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 575.307398][ T5801] Workqueue: hci5 hci_rx_work [ 575.307417][ T5801] Call Trace: [ 575.307425][ T5801] [ 575.307433][ T5801] vpanic+0x1e0/0x670 [ 575.307460][ T5801] panic+0xb9/0xc0 [ 575.307484][ T5801] ? __pfx_panic+0x10/0x10 [ 575.307510][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.307543][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.307569][ T5801] check_panic_on_warn+0x89/0xb0 [ 575.307596][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.307623][ T5801] end_report+0x6f/0x140 [ 575.307649][ T5801] kasan_report+0x129/0x150 [ 575.307677][ T5801] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.307707][ T5801] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 575.307736][ T5801] l2cap_connect_cfm+0x367/0x10e0 [ 575.307764][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.307787][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.307811][ T5801] ? hci_connect_cfm+0x86/0x140 [ 575.307833][ T5801] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 575.307857][ T5801] hci_connect_cfm+0x95/0x140 [ 575.307879][ T5801] le_conn_complete_evt+0xf65/0x1420 [ 575.307901][ T5801] ? lockdep_hardirqs_on+0x7b/0x110 [ 575.307923][ T5801] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 575.307947][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 575.307968][ T5801] ? skb_pull_data+0xfb/0x200 [ 575.307995][ T5801] hci_le_conn_complete_evt+0x187/0x480 [ 575.308020][ T5801] hci_event_packet+0x78f/0x1260 [ 575.308051][ T5801] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 575.308073][ T5801] ? __pfx_hci_event_packet+0x10/0x10 [ 575.308100][ T5801] ? preempt_schedule_common+0x83/0xd0 [ 575.308128][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 575.308156][ T5801] ? hci_send_to_monitor+0xe2/0x590 [ 575.308181][ T5801] hci_rx_work+0x3ee/0x1060 [ 575.308199][ T5801] ? preempt_schedule_thunk+0x16/0x30 [ 575.308220][ T5801] ? process_scheduled_works+0x9ef/0x1770 [ 575.308243][ T5801] process_scheduled_works+0xad1/0x1770 [ 575.308278][ T5801] ? __pfx_process_scheduled_works+0x10/0x10 [ 575.308298][ T5801] ? do_raw_spin_lock+0x121/0x290 [ 575.308327][ T5801] worker_thread+0x8a0/0xda0 [ 575.308355][ T5801] ? __kthread_parkme+0x7b/0x200 [ 575.308382][ T5801] kthread+0x711/0x8a0 [ 575.308408][ T5801] ? __pfx_worker_thread+0x10/0x10 [ 575.308428][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.308451][ T5801] ? rt_spin_unlock+0x150/0x200 [ 575.308477][ T5801] ? rt_spin_unlock+0x161/0x200 [ 575.308499][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.308524][ T5801] ret_from_fork+0x510/0xa50 [ 575.308546][ T5801] ? __pfx_ret_from_fork+0x10/0x10 [ 575.308565][ T5801] ? __switch_to+0xc9e/0x1480 [ 575.308593][ T5801] ? __pfx_kthread+0x10/0x10 [ 575.308698][ T5801] ret_from_fork_asm+0x1a/0x30 [ 575.308789][ T5801] [ 575.309213][ T5801] Kernel Offset: disabled