last executing test programs: 8.114615311s ago: executing program 2 (id=582): ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @pic={0xd, 0x1, 0x1, 0x3, 0xe, 0x1, 0x6d, 0xf2, 0x8, 0x7, 0x6d, 0xfe, 0x0, 0x6, 0x1, 0x9}}) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000080)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRESDEC, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="40144300000001"], 0x0, 0x0, 0x0, 0x0, 0x0}) 4.99241972s ago: executing program 2 (id=603): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 4.409283347s ago: executing program 2 (id=605): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x300, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31086b876c1d0000007ea60864160af36504002b000c0003004ce82bdface7b3d57581fff60a84c9f4d4938037e786a6d0001000000e4509c5bb5b64f69853000000029e79c7ad2600375b3f54", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 4.310039122s ago: executing program 2 (id=606): openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f00000011c0)=""/4049, &(0x7f0000001180)=0xfd1) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_open_dev$vim2m(&(0x7f0000000300), 0xd37, 0x2) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="c0400001", @ANYRES16, @ANYRESOCT=r3], 0xc0}}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r4, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000002000/0x3000)=nil, &(0x7f0000000000/0xe000)=nil, &(0x7f000000a000/0x2000)=nil, &(0x7f0000008000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000008000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f0000006000/0x4000)=nil, 0x0}, 0x68) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r6) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0500000000494400000708000300911a0000", @ANYRES32=r8, @ANYBLOB="0c0023800600100017f60000", @ANYRESDEC=r1], 0x28}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="043e3762", @ANYRES16=r7, @ANYBLOB="000228bd7000fcdbdf253a00000006006500f9ff0000f1005b00511501fcd48156d09f7f4d5336927adb11d4b5a4047e2360c4b4e5a7c151f74b7aebe1753a1afc998ce77a3440263c17e743791d1a5e96460cdf4758d5ce9a98bbb494f5d0685e3c580954a8fb1fca31973aaaf0b45378b1dd104902630729e054f5d7e95a08a07e4088c4252623a16291691054670e5c8f43bb6b7a1e013eb1b6c7946202d781e970e3181ddfc7a9d0cab3d9b6acf602a81dd1bb254cf5516a4446cf0e5a7a5eecff7aecc413a770faffc18503be28a46d88a4c0d25fb469c4b5d8f4e574bc0610bd94e46cab445101eaa93557a9e0a46cef4fae4806da2289122ba9e4bbac9f0ac82b7a6cab0000000600650081000000"], 0x118}, 0x1, 0x0, 0x0, 0x2080804}, 0x40800) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) landlock_create_ruleset(&(0x7f0000000040)={0xc015, 0x0, 0x1}, 0x18, 0x0) r9 = syz_io_uring_setup(0x7cf4, &(0x7f0000000000)={0x0, 0xa567, 0x80, 0x1, 0x148}, &(0x7f0000000100), &(0x7f0000000580)) syz_io_uring_setup(0x500, &(0x7f0000000080)={0x0, 0x800, 0x2, 0x0, 0xe5, 0x0, r9}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) r10 = syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0x10ac01) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r10, 0x80dc5521, &(0x7f0000000180)=""/135) socket$inet6(0xa, 0x80002, 0x0) 3.554052152s ago: executing program 1 (id=615): syz_usb_connect(0x0, 0x3f, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000fc0), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.819650577s ago: executing program 3 (id=624): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 1.319121651s ago: executing program 2 (id=625): ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, &(0x7f0000000100)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'}) 1.257869994s ago: executing program 2 (id=626): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f00000001c0)={0x5}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, 0x0, 0x18}, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x9) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000200)=ANY=[]) write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x7, 0x0) r4 = syz_open_dev$vivid(&(0x7f00000000c0), 0x1, 0x2) ioctl$VIDIOC_S_AUDOUT(r4, 0x40345632, &(0x7f0000000180)={0x8001, "61333b06548cd4810daeb42f0234e8ab5c3ef6ee2b4cac1d02d734d724db7cae", 0x1}) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31086b876c1d0000007ea60864160af36504002b000c0003004ce82bdface7b3d57581fff60a84c9f4d4938037e786a6d0001000000e4509c5bb5b64f69853000000029e79c7ad2600375b3f54", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.256972847s ago: executing program 3 (id=627): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x240008d1}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f0000000640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(aegis128-aesni)\x00'}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f", 0xa7}], 0x1}, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f0000000100)=0x6, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1410000000017c"], 0x14}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.194723688s ago: executing program 0 (id=628): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x240008d1}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f0000000640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(aegis128-aesni)\x00'}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f", 0xa7}], 0x1}, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f0000000100)=0x6, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1410000000017c"], 0x14}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.163476643s ago: executing program 3 (id=629): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x6, "1f938a7b853b3a9b0b00000000000000008900", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x1ff, "1f138a91b80f3795181800c70511603979e1ef3b3a9b0b8c7d6a34f124708900", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"50edd24983fde74e78682dbc67d293c19050af5f39c0ce29436807917da2c17e", r3, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f0000000100)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)=[{}]}) 1.12185879s ago: executing program 0 (id=630): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31086b876c1d0000007ea60864160af36504002b000c0001004ce82bdface7b3d57581fff60a84c9f4d4938037e786a6d0001000000e4509c5bb5b64f69853000000029e79c7ad2600375b3f54", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xa1ffffffffffffff) 1.045844849s ago: executing program 3 (id=631): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000094) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="6c0000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000010800164000000004"], 0x6c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0xffffffffffffffff) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x3ec0) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f, 0x0, 0x3837, 0x0, 0xfffffffffffffffc, 0x0, 0x8}, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800000003010104000000000000002002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x4048000) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) (async) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000094) (async) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="6c0000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000010800164000000004"], 0x6c}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) (async) ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0xffffffffffffffff) (async) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x3ec0) (async) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f, 0x0, 0x3837, 0x0, 0xfffffffffffffffc, 0x0, 0x8}, 0x0, 0x0, 0x0) (async) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3800000003010104000000000000002002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x4048000) (async) 1.04565184s ago: executing program 0 (id=632): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)={0x20, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x2}]}, 0x20}, 0x1, 0x3f00000000000000, 0x0, 0x4000d}, 0x20000000) 958.992917ms ago: executing program 3 (id=633): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)={0x20, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) (fail_nth: 73) 877.977033ms ago: executing program 0 (id=634): getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f0000000200)={'broute\x00', 0x0, 0x400004, 0x0, [0x2, 0xa, 0x5, 0x3, 0x480000000, 0x1988], 0x4d, 0x0, 0x0}, 0x0) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, &(0x7f00000001c0)) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c000380280000800800034000000002040002800c0004"], 0xec}}, 0x8050) 737.432279ms ago: executing program 3 (id=635): r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000007c0)=ANY=[@ANYRES32=r0], 0x38}}, 0xc001) ioctl$EVIOCGMASK(r0, 0x5b01, 0x0) syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'das16m1\x00', [0x5, 0x6, 0x1, 0x5323, 0x0, 0xcc9, 0x8, 0x7, 0xfff, 0x104, 0x2, 0x1, 0x8, 0x4, 0x3, 0x7b, 0x1, 0x1a449, 0x3, 0x40000003, 0x89, 0x2, 0x9, 0x6, 0x1000, 0x8, 0xcb4, 0x8, 0x4, 0x10000, 0x33]}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000280), 0xffffffffffffff23) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@release={0x40046306, 0x1}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/76, 0x4c, 0x0, 0x31}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000000)={0xffff7ffc, 0x7ffffffd, 0x0, 0xfc, 0x13, "10120dfe0ef7f0200a0080002a00"}) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x4) ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x5412, &(0x7f0000000080)=0xa) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="d37c2dbd4995fedbdfef0a00040001800000cd9746e507ad0f9f13a7e8a76b8855c16fa132c4fe87c6aaabe0a9bc4839058a886706379aec8d134fa74e306d1a2cbda672329d17310b4faf9adcb19a932f075fd4e9a9a9b5e33af3dfa8c5b21ae09a43b991ccf5b195a0f37bd1971c547c65a022731de8772c21116e28f91761e8d803f8ef4f92b9a54a67ab56d91dd0cbd3927a4ab10014bcfaaa40c774beb935846a7f62691df4e3f75c468f048faeda2b8288039ca55e2376d04309e0be6109808c2b04c28f908ba28db6bc7e0eff4527909ed9c876259eb8a4fae0b97d160c03fa9bb1fcbf1531b04dc1e8c33e32f159b964fa8ff9cea85c"], 0x18}, 0x1, 0x0, 0x0, 0x8010}, 0x20000040) ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000000200)) ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xa4, 0x0, &(0x7f0000000600)="878b7cdfd4455cf49da7ba6f280ae012ce80389a2aefe4fd04084554d7015aba5330d1b817d6c08af29938b8a9bc2b83462ddadaad3a3a5c0181a0203e49b12c99ac8757fc317fe672938a06f89c133d615cf8c6e94b3ac320fa50046f5c18ac35b49243870e4e6b90c76177feda5469369b2b5a4739cc0b68c1772f1c9b9320d88426bc8f139429054c85b62f2a1dfc705453bea4cabf1f5eee5a0d301fb7c62e36dba0"}) 570.408639ms ago: executing program 0 (id=636): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 472.901967ms ago: executing program 1 (id=637): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x240008d1}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f0000000640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(aegis128-aesni)\x00'}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f", 0xa7}], 0x1}, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f0000000100)=0x6, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1410000000017c"], 0x14}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 347.708153ms ago: executing program 1 (id=638): bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x240008d1}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f0000000640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(aegis128-aesni)\x00'}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f", 0xa7}], 0x1}, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f0000000100)=0x6, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1410000000017c"], 0x14}}, 0xc000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, 0x0, 0x0, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 254.461018ms ago: executing program 1 (id=639): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x6, "1f938a7b853b3a9b0b00000000000000008900", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"50edd24983fde74e78682dbc67d293c19050af5f39c0ce29436807917da2c17e", 0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r3, 0xc0383e04, &(0x7f0000000100)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)=[{}]}) 86.470717ms ago: executing program 1 (id=640): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="2000000013006bcc9e3be35c6e17aa31086b876c1d0000007ea60864160af36504002b000c0003004ce82bdface7b3d57581fff60a84c9f4d4938037e786a6d0001000000e4509c5bb5b64f69853000000029e79c7ad2600375b3f54", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 65.935995ms ago: executing program 1 (id=641): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x4}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000500)={'team_slave_0\x00', &(0x7f0000000340)=@ethtool_perm_addr}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00', 0x2}) write$sndseq(r0, &(0x7f00000000c0)=[{0x84, 0x77, 0x0, 0x0, @time={0x2, 0x428}, {0xfd}, {0x27}, @raw32={[0x2, 0x0, 0x8000000]}}, {0x2, 0x0, 0x5, 0x83, @tick, {0xfd}, {0x3}, @queue={0x80, {0x200, 0x5}}}, {0x6, 0x3, 0x9, 0x3, @tick=0x1, {0x10, 0x5}, {0xce, 0x2}, @connect={{0x10, 0x3}, {0x6, 0xc}}}, {0x6, 0x6, 0x9, 0xa9, @tick=0xab, {0x7f, 0x10}, {0x0, 0x1}, @ext={0x0, 0x0}}], 0x70) 0s ago: executing program 0 (id=642): openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f00000011c0)=""/4049, &(0x7f0000001180)=0xfd1) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) setreuid(0xee00, 0x0) r2 = getuid() setreuid(0x0, r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f00000002c0)={0x0, 'syzkaller0\x00', {0x1}, 0xb5}) r6 = socket$netlink(0x10, 0x3, 0x8) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000000)=""/28, 0x1c}], 0x1, 0x5, 0x2) setsockopt$sock_int(r3, 0x1, 0x21, &(0x7f0000000400)=0x3fd, 0x4) landlock_create_ruleset(&(0x7f0000000040)={0xcd84, 0x2, 0x1}, 0x18, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x80002, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x1e5143, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5403340861a22753635010203010902120001000000000904"], 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pipe2(&(0x7f0000000040), 0x0) kernel console output (not intermixed with test programs): 5.136942][ T6788] __kmalloc_cache_noprof+0x88/0x660 [ 115.136954][ T6788] ? ieee80211_init_rate_ctrl_alg+0x14d/0x5d0 [ 115.136970][ T6788] ieee80211_init_rate_ctrl_alg+0x14d/0x5d0 [ 115.136984][ T6788] ieee80211_register_hw+0x3120/0x4200 [ 115.137005][ T6788] ? ieee80211_register_hw+0x1461/0x4200 [ 115.137023][ T6788] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 115.137043][ T6788] ? __hrtimer_setup+0x181/0x200 [ 115.137057][ T6788] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 115.137074][ T6788] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 115.137102][ T6788] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 115.137114][ T6788] ? ___ratelimit+0x58c/0x8d0 [ 115.137130][ T6788] hwsim_new_radio_nl+0xf35/0x1bd0 [ 115.137154][ T6788] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 115.137175][ T6788] ? rcu_is_watching+0x15/0xb0 [ 115.137189][ T6788] ? trace_kmalloc+0x2a/0x110 [ 115.137202][ T6788] ? __nla_parse+0x40/0x60 [ 115.137216][ T6788] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 115.137236][ T6788] genl_family_rcv_msg_doit+0x22a/0x330 [ 115.137252][ T6788] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 115.137272][ T6788] ? bpf_lsm_capable+0x9/0x20 [ 115.137284][ T6788] ? security_capable+0x7e/0x2c0 [ 115.137299][ T6788] genl_rcv_msg+0x61c/0x7a0 [ 115.137315][ T6788] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.137327][ T6788] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 115.137340][ T6788] ? __lock_acquire+0x6b5/0x2cf0 [ 115.137359][ T6788] netlink_rcv_skb+0x232/0x4b0 [ 115.137370][ T6788] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.137383][ T6788] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 115.137403][ T6788] ? down_read+0x272/0x2e0 [ 115.137415][ T6788] ? genl_rcv+0xd/0x40 [ 115.137427][ T6788] genl_rcv+0x28/0x40 [ 115.137439][ T6788] netlink_unicast+0x80f/0x9b0 [ 115.137453][ T6788] ? __pfx_netlink_unicast+0x10/0x10 [ 115.137463][ T6788] ? netlink_sendmsg+0x650/0xb40 [ 115.137472][ T6788] ? skb_put+0x11b/0x210 [ 115.137486][ T6788] netlink_sendmsg+0x813/0xb40 [ 115.137501][ T6788] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.137512][ T6788] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 115.137529][ T6788] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.137539][ T6788] sock_sendmsg_nosec+0x18f/0x1d0 [ 115.137550][ T6788] ____sys_sendmsg+0x589/0x8c0 [ 115.137567][ T6788] ? __pfx_____sys_sendmsg+0x10/0x10 [ 115.137584][ T6788] ? import_iovec+0x73/0xa0 [ 115.137599][ T6788] ___sys_sendmsg+0x2a5/0x360 [ 115.137614][ T6788] ? __pfx____sys_sendmsg+0x10/0x10 [ 115.137644][ T6788] ? __fget_files+0x2a/0x420 [ 115.137664][ T6788] ? __fget_files+0x3a0/0x420 [ 115.137682][ T6788] __x64_sys_sendmsg+0x1bd/0x2a0 [ 115.137701][ T6788] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 115.137719][ T6788] ? __pfx_ksys_write+0x10/0x10 [ 115.137736][ T6788] do_syscall_64+0x14d/0xf80 [ 115.137747][ T6788] ? trace_irq_disable+0x3b/0x150 [ 115.137765][ T6788] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.137774][ T6788] ? clear_bhb_loop+0x40/0x90 [ 115.137786][ T6788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.137795][ T6788] RIP: 0033:0x7feb92b9c799 [ 115.137806][ T6788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.137813][ T6788] RSP: 002b:00007feb93a6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.137824][ T6788] RAX: ffffffffffffffda RBX: 00007feb92e15fa0 RCX: 00007feb92b9c799 [ 115.137831][ T6788] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 115.137837][ T6788] RBP: 00007feb93a6d090 R08: 0000000000000000 R09: 0000000000000000 [ 115.137843][ T6788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 115.137848][ T6788] R13: 00007feb92e16038 R14: 00007feb92e15fa0 R15: 00007fffc079e5e8 [ 115.137863][ T6788] [ 115.137871][ T6788] ieee80211 phy30: Failed to select rate control algorithm [ 115.553531][ T5184] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 115.593104][ T5184] usb 2-1: device descriptor read/8, error -71 [ 115.694504][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.722699][ T5184] usb usb2-port1: unable to enumerate USB device [ 115.729210][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.763612][ T6798] netlink: 44 bytes leftover after parsing attributes in process `syz.3.327'. [ 115.774709][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.795245][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.214582][ T29] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 116.337839][ T6816] FAULT_INJECTION: forcing a failure. [ 116.337839][ T6816] name failslab, interval 1, probability 0, space 0, times 0 [ 116.350744][ T6816] CPU: 0 UID: 0 PID: 6816 Comm: syz.3.333 Tainted: G L syzkaller #0 PREEMPT(full) [ 116.350771][ T6816] Tainted: [L]=SOFTLOCKUP [ 116.350777][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.350786][ T6816] Call Trace: [ 116.350793][ T6816] [ 116.350800][ T6816] dump_stack_lvl+0xe8/0x150 [ 116.350829][ T6816] should_fail_ex+0x412/0x560 [ 116.350854][ T6816] should_failslab+0xa8/0x100 [ 116.350876][ T6816] __kmalloc_noprof+0xe8/0x760 [ 116.350895][ T6816] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 116.350922][ T6816] tomoyo_realpath_from_path+0xe3/0x5d0 [ 116.350952][ T6816] ? tomoyo_path_number_perm+0x219/0x630 [ 116.350977][ T6816] tomoyo_path_number_perm+0x246/0x630 [ 116.351005][ T6816] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 116.351033][ T6816] ? __lock_acquire+0x6b5/0x2cf0 [ 116.351065][ T6816] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 116.351107][ T6816] ? __fget_files+0x2a/0x420 [ 116.351133][ T6816] ? __fget_files+0x2a/0x420 [ 116.351156][ T6816] ? __fget_files+0x3a0/0x420 [ 116.351178][ T6816] ? __fget_files+0x2a/0x420 [ 116.351205][ T6816] security_file_ioctl+0xc3/0x2a0 [ 116.351232][ T6816] __se_sys_ioctl+0x47/0x170 [ 116.351254][ T6816] do_syscall_64+0x14d/0xf80 [ 116.351274][ T6816] ? trace_irq_disable+0x3b/0x150 [ 116.351297][ T6816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.351315][ T6816] ? clear_bhb_loop+0x40/0x90 [ 116.351334][ T6816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.351351][ T6816] RIP: 0033:0x7f7097b9c799 [ 116.351367][ T6816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 116.351381][ T6816] RSP: 002b:00007f7098ac5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.351400][ T6816] RAX: ffffffffffffffda RBX: 00007f7097e15fa0 RCX: 00007f7097b9c799 [ 116.351413][ T6816] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000003 [ 116.351424][ T6816] RBP: 00007f7098ac5090 R08: 0000000000000000 R09: 0000000000000000 [ 116.351435][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.351446][ T6816] R13: 00007f7097e16038 R14: 00007f7097e15fa0 R15: 00007ffdce421b68 [ 116.351481][ T6816] [ 116.351488][ T6816] ERROR: Out of memory at tomoyo_realpath_from_path. [ 116.384877][ T29] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.384922][ T29] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 116.384943][ T29] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 116.386838][ T29] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice= d.0b [ 116.422215][ T6818] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 116.424994][ T29] usb 3-1: New USB device strings: Mfr=172, Product=2, SerialNumber=3 [ 116.430425][ T6818] capability: warning: `syz.0.334' uses deprecated v2 capabilities in a way that may be insecure [ 116.436538][ T29] usb 3-1: Product: syz [ 116.661903][ T6820] netlink: 'syz.1.335': attribute type 12 has an invalid length. [ 116.665167][ T29] usb 3-1: Manufacturer: syz [ 116.675342][ T29] usb 3-1: SerialNumber: syz [ 116.685577][ T29] usb 3-1: config 0 descriptor?? [ 116.713423][ T6820] FAULT_INJECTION: forcing a failure. [ 116.713423][ T6820] name failslab, interval 1, probability 0, space 0, times 0 [ 116.726559][ T6820] CPU: 1 UID: 0 PID: 6820 Comm: syz.1.335 Tainted: G L syzkaller #0 PREEMPT(full) [ 116.726586][ T6820] Tainted: [L]=SOFTLOCKUP [ 116.726592][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 116.726601][ T6820] Call Trace: [ 116.726607][ T6820] [ 116.726614][ T6820] dump_stack_lvl+0xe8/0x150 [ 116.726646][ T6820] should_fail_ex+0x412/0x560 [ 116.726671][ T6820] should_failslab+0xa8/0x100 [ 116.726694][ T6820] __kmalloc_cache_noprof+0x88/0x660 [ 116.726714][ T6820] ? get_device_parent+0x255/0x3a0 [ 116.726732][ T6820] ? do_raw_spin_unlock+0xf5/0x210 [ 116.726756][ T6820] get_device_parent+0x255/0x3a0 [ 116.726778][ T6820] device_add+0x2e1/0xb70 [ 116.726801][ T6820] wiphy_register+0x1d73/0x2d50 [ 116.726838][ T6820] ? __pfx_wiphy_register+0x10/0x10 [ 116.726860][ T6820] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 116.726893][ T6820] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 116.726921][ T6820] ieee80211_register_hw+0x3562/0x4200 [ 116.726959][ T6820] ? ieee80211_register_hw+0x1461/0x4200 [ 116.726992][ T6820] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 116.727039][ T6820] ? __hrtimer_setup+0x181/0x200 [ 116.727062][ T6820] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 116.727092][ T6820] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 116.727144][ T6820] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 116.727167][ T6820] ? ___ratelimit+0x58c/0x8d0 [ 116.727196][ T6820] hwsim_new_radio_nl+0xf35/0x1bd0 [ 116.727243][ T6820] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 116.727277][ T6820] ? rcu_is_watching+0x15/0xb0 [ 116.727299][ T6820] ? trace_kmalloc+0x2a/0x110 [ 116.727323][ T6820] ? __nla_parse+0x40/0x60 [ 116.727348][ T6820] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 116.727381][ T6820] genl_family_rcv_msg_doit+0x22a/0x330 [ 116.727411][ T6820] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 116.727447][ T6820] ? bpf_lsm_capable+0x9/0x20 [ 116.727468][ T6820] ? security_capable+0x7e/0x2c0 [ 116.727493][ T6820] genl_rcv_msg+0x61c/0x7a0 [ 116.727522][ T6820] ? __pfx_genl_rcv_msg+0x10/0x10 [ 116.727544][ T6820] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 116.727567][ T6820] ? __lock_acquire+0x6b5/0x2cf0 [ 116.727599][ T6820] netlink_rcv_skb+0x232/0x4b0 [ 116.727619][ T6820] ? __pfx_genl_rcv_msg+0x10/0x10 [ 116.727642][ T6820] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 116.727679][ T6820] ? down_read+0x272/0x2e0 [ 116.727700][ T6820] ? genl_rcv+0xd/0x40 [ 116.727722][ T6820] genl_rcv+0x28/0x40 [ 116.727742][ T6820] netlink_unicast+0x80f/0x9b0 [ 116.727778][ T6820] ? __pfx_netlink_unicast+0x10/0x10 [ 116.727799][ T6820] ? netlink_sendmsg+0x650/0xb40 [ 116.727816][ T6820] ? skb_put+0x11b/0x210 [ 116.727840][ T6820] netlink_sendmsg+0x813/0xb40 [ 116.727870][ T6820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.727892][ T6820] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 116.727921][ T6820] ? __pfx_netlink_sendmsg+0x10/0x10 [ 116.727938][ T6820] sock_sendmsg_nosec+0x18f/0x1d0 [ 116.727959][ T6820] ____sys_sendmsg+0x589/0x8c0 [ 116.727992][ T6820] ? __pfx_____sys_sendmsg+0x10/0x10 [ 116.728023][ T6820] ? import_iovec+0x73/0xa0 [ 116.728057][ T6820] ___sys_sendmsg+0x2a5/0x360 [ 116.728085][ T6820] ? __pfx____sys_sendmsg+0x10/0x10 [ 116.728144][ T6820] ? __fget_files+0x2a/0x420 [ 116.728168][ T6820] ? __fget_files+0x3a0/0x420 [ 116.728201][ T6820] __x64_sys_sendmsg+0x1bd/0x2a0 [ 116.728226][ T6820] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 116.728259][ T6820] ? __pfx_ksys_write+0x10/0x10 [ 116.728289][ T6820] do_syscall_64+0x14d/0xf80 [ 116.728310][ T6820] ? trace_irq_disable+0x3b/0x150 [ 116.728332][ T6820] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.728350][ T6820] ? clear_bhb_loop+0x40/0x90 [ 116.728372][ T6820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.728389][ T6820] RIP: 0033:0x7f6395b9c799 [ 116.728406][ T6820] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 116.728419][ T6820] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.728438][ T6820] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 116.728450][ T6820] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 116.728461][ T6820] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 116.728471][ T6820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 116.728481][ T6820] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 116.728513][ T6820] [ 117.173732][ T6790] netlink: 'syz.2.324': attribute type 3 has an invalid length. [ 117.181443][ T6790] netlink: 44 bytes leftover after parsing attributes in process `syz.2.324'. [ 117.286676][ T6823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.300581][ T6823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.309496][ T6825] capability: warning: `syz.1.337' uses 32-bit capabilities (legacy support in use) [ 117.368749][ T30] audit: type=1800 audit(1772331672.433:3): pid=6830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.338" name="memory.events" dev="tmpfs" ino=480 res=0 errno=0 [ 117.467275][ T30] audit: type=1804 audit(1772331672.503:4): pid=6830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.338" name="/newroot/89/memory.events" dev="tmpfs" ino=480 res=1 errno=0 [ 117.593704][ T5184] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 117.599462][ T29] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 117.619631][ T29] usb 3-1: USB disconnect, device number 13 [ 117.669181][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.720341][ T6842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.730450][ T6842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.751262][ T6842] syzkaller1: entered promiscuous mode [ 117.761544][ T6842] syzkaller1: entered allmulticast mode [ 117.774631][ T5184] usb 2-1: unable to get BOS descriptor or descriptor too short [ 117.783490][ T5184] usb 2-1: not running at top speed; connect to a high speed hub [ 117.791294][ T5184] usb 2-1: too many configurations: 158, using maximum allowed: 8 [ 117.801677][ T5184] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 117.819194][ T5184] usb 2-1: can't read configurations, error -61 [ 117.952548][ T5184] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 118.102643][ T5851] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 118.115675][ T5184] usb 2-1: unable to get BOS descriptor or descriptor too short [ 118.124381][ T5184] usb 2-1: not running at top speed; connect to a high speed hub [ 118.132156][ T5184] usb 2-1: too many configurations: 158, using maximum allowed: 8 [ 118.141790][ T5184] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 118.149657][ T5184] usb 2-1: can't read configurations, error -61 [ 118.157100][ T5184] usb usb2-port1: attempt power cycle [ 118.272595][ T5851] usb 4-1: Using ep0 maxpacket: 16 [ 118.280583][ T5851] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 118.289741][ T5851] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 118.297857][ T5851] usb 4-1: Product: syz [ 118.302005][ T5851] usb 4-1: Manufacturer: syz [ 118.306644][ T5851] usb 4-1: SerialNumber: syz [ 118.313095][ T5851] usb 4-1: config 0 descriptor?? [ 118.391981][ T6853] FAULT_INJECTION: forcing a failure. [ 118.391981][ T6853] name failslab, interval 1, probability 0, space 0, times 0 [ 118.405135][ T6853] CPU: 0 UID: 0 PID: 6853 Comm: syz.0.346 Tainted: G L syzkaller #0 PREEMPT(full) [ 118.405162][ T6853] Tainted: [L]=SOFTLOCKUP [ 118.405168][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.405178][ T6853] Call Trace: [ 118.405185][ T6853] [ 118.405192][ T6853] dump_stack_lvl+0xe8/0x150 [ 118.405222][ T6853] should_fail_ex+0x412/0x560 [ 118.405248][ T6853] should_failslab+0xa8/0x100 [ 118.405267][ T6853] __kmalloc_noprof+0xe8/0x760 [ 118.405283][ T6853] ? tomoyo_encode+0x28b/0x550 [ 118.405307][ T6853] tomoyo_encode+0x28b/0x550 [ 118.405330][ T6853] tomoyo_realpath_from_path+0x58d/0x5d0 [ 118.405358][ T6853] ? tomoyo_path_number_perm+0x219/0x630 [ 118.405383][ T6853] tomoyo_path_number_perm+0x246/0x630 [ 118.405419][ T6853] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 118.405447][ T6853] ? __lock_acquire+0x6b5/0x2cf0 [ 118.405477][ T6853] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 118.405518][ T6853] ? __fget_files+0x2a/0x420 [ 118.405544][ T6853] ? __fget_files+0x2a/0x420 [ 118.405566][ T6853] ? __fget_files+0x3a0/0x420 [ 118.405588][ T6853] ? __fget_files+0x2a/0x420 [ 118.405614][ T6853] security_file_ioctl+0xc3/0x2a0 [ 118.405640][ T6853] __se_sys_ioctl+0x47/0x170 [ 118.405661][ T6853] do_syscall_64+0x14d/0xf80 [ 118.405681][ T6853] ? trace_irq_disable+0x3b/0x150 [ 118.405704][ T6853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.405720][ T6853] ? clear_bhb_loop+0x40/0x90 [ 118.405739][ T6853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.405755][ T6853] RIP: 0033:0x7feb92b9c799 [ 118.405778][ T6853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.405792][ T6853] RSP: 002b:00007feb93a6d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.405813][ T6853] RAX: ffffffffffffffda RBX: 00007feb92e15fa0 RCX: 00007feb92b9c799 [ 118.405826][ T6853] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000003 [ 118.405837][ T6853] RBP: 00007feb93a6d090 R08: 0000000000000000 R09: 0000000000000000 [ 118.405848][ T6853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.405858][ T6853] R13: 00007feb92e16038 R14: 00007feb92e15fa0 R15: 00007fffc079e5e8 [ 118.405883][ T6853] [ 118.405901][ T6853] ERROR: Out of memory at tomoyo_realpath_from_path. [ 118.472454][ T29] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 118.529481][ T5851] usb 4-1: USB disconnect, device number 19 [ 118.655355][ T5184] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 118.663115][ T9] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 118.685811][ T5184] usb 2-1: unable to get BOS descriptor or descriptor too short [ 118.697700][ T5184] usb 2-1: not running at top speed; connect to a high speed hub [ 118.705693][ T5184] usb 2-1: too many configurations: 158, using maximum allowed: 8 [ 118.715432][ T29] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.717678][ T5184] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 118.733337][ T29] usb 3-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 118.733367][ T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.735939][ T29] usb 3-1: config 0 descriptor?? [ 118.743378][ T5184] usb 2-1: can't read configurations, error -61 [ 118.765815][ T29] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 118.892540][ T5184] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 118.914373][ T5184] usb 2-1: unable to get BOS descriptor or descriptor too short [ 118.922697][ T5184] usb 2-1: not running at top speed; connect to a high speed hub [ 118.930456][ T5184] usb 2-1: too many configurations: 158, using maximum allowed: 8 [ 118.940335][ T5184] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 118.948062][ T5184] usb 2-1: can't read configurations, error -61 [ 118.954934][ T5184] usb usb2-port1: unable to enumerate USB device [ 118.969092][ T5184] usb 3-1: USB disconnect, device number 14 [ 119.016532][ T6855] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 119.027562][ T6855] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 119.131877][ T6861] netlink: 16 bytes leftover after parsing attributes in process `syz.3.349'. [ 119.319948][ T6872] netlink: 44 bytes leftover after parsing attributes in process `syz.0.352'. [ 119.371734][ T6874] binder: 6873:6874 ioctl 40087543 200000000880 returned -22 [ 119.422611][ T5851] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 119.572516][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 119.578487][ T5851] usb 3-1: no configurations [ 119.583174][ T5851] usb 3-1: can't read configurations, error -22 [ 119.712613][ T5851] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 119.882462][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 119.888103][ T5851] usb 3-1: no configurations [ 119.893278][ T5851] usb 3-1: can't read configurations, error -22 [ 119.899932][ T5851] usb usb3-port1: attempt power cycle [ 120.112477][ T5934] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 120.252480][ T5934] usb 4-1: device descriptor read/64, error -71 [ 120.252484][ T5851] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 120.278614][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 120.284546][ T5851] usb 3-1: no configurations [ 120.289166][ T5851] usb 3-1: can't read configurations, error -22 [ 120.442565][ T5851] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 120.473063][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 120.491940][ T5851] usb 3-1: no configurations [ 120.499830][ T5851] usb 3-1: can't read configurations, error -22 [ 120.512875][ T5851] usb usb3-port1: unable to enumerate USB device [ 120.543317][ T5934] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 120.558497][ T6898] netlink: 44 bytes leftover after parsing attributes in process `syz.0.362'. [ 120.641619][ T6902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.670155][ T6902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.686122][ T6904] netlink: 'syz.1.364': attribute type 12 has an invalid length. [ 120.697052][ T6902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.702798][ T5934] usb 4-1: device descriptor read/64, error -71 [ 120.707297][ T6902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.724380][ T6904] FAULT_INJECTION: forcing a failure. [ 120.724380][ T6904] name failslab, interval 1, probability 0, space 0, times 0 [ 120.746338][ T6904] CPU: 0 UID: 0 PID: 6904 Comm: syz.1.364 Tainted: G L syzkaller #0 PREEMPT(full) [ 120.746363][ T6904] Tainted: [L]=SOFTLOCKUP [ 120.746369][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 120.746378][ T6904] Call Trace: [ 120.746385][ T6904] [ 120.746393][ T6904] dump_stack_lvl+0xe8/0x150 [ 120.746419][ T6904] should_fail_ex+0x412/0x560 [ 120.746445][ T6904] should_failslab+0xa8/0x100 [ 120.746464][ T6904] ? __kernfs_new_node+0xea/0x970 [ 120.746488][ T6904] kmem_cache_alloc_noprof+0x87/0x650 [ 120.746513][ T6904] __kernfs_new_node+0xea/0x970 [ 120.746542][ T6904] ? __pfx___kernfs_new_node+0x10/0x10 [ 120.746567][ T6904] ? kernfs_root+0x1c/0x230 [ 120.746593][ T6904] ? kernfs_root+0x1c/0x230 [ 120.746615][ T6904] ? kernfs_root+0x1c/0x230 [ 120.746642][ T6904] kernfs_new_node+0x102/0x210 [ 120.746671][ T6904] kernfs_create_link+0xa7/0x200 [ 120.746694][ T6904] sysfs_do_create_link_sd+0x83/0x110 [ 120.746719][ T6904] device_add_class_symlinks+0xb6/0x240 [ 120.746742][ T6904] device_add+0x475/0xb70 [ 120.746764][ T6904] wiphy_register+0x1d73/0x2d50 [ 120.746799][ T6904] ? __pfx_wiphy_register+0x10/0x10 [ 120.746819][ T6904] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 120.746847][ T6904] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 120.746872][ T6904] ieee80211_register_hw+0x3562/0x4200 [ 120.746904][ T6904] ? ieee80211_register_hw+0x1461/0x4200 [ 120.746938][ T6904] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 120.746974][ T6904] ? __hrtimer_setup+0x181/0x200 [ 120.746996][ T6904] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 120.747025][ T6904] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 120.747075][ T6904] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 120.747095][ T6904] ? ___ratelimit+0x58c/0x8d0 [ 120.747122][ T6904] hwsim_new_radio_nl+0xf35/0x1bd0 [ 120.747167][ T6904] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 120.747200][ T6904] ? rcu_is_watching+0x15/0xb0 [ 120.747223][ T6904] ? trace_kmalloc+0x2a/0x110 [ 120.747245][ T6904] ? __nla_parse+0x40/0x60 [ 120.747272][ T6904] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 120.747309][ T6904] genl_family_rcv_msg_doit+0x22a/0x330 [ 120.747338][ T6904] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 120.747370][ T6904] ? bpf_lsm_capable+0x9/0x20 [ 120.747389][ T6904] ? security_capable+0x7e/0x2c0 [ 120.747411][ T6904] genl_rcv_msg+0x61c/0x7a0 [ 120.747443][ T6904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.747464][ T6904] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 120.747488][ T6904] ? __lock_acquire+0x6b5/0x2cf0 [ 120.747521][ T6904] netlink_rcv_skb+0x232/0x4b0 [ 120.747541][ T6904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.747565][ T6904] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 120.747602][ T6904] ? down_read+0x272/0x2e0 [ 120.747622][ T6904] ? genl_rcv+0xd/0x40 [ 120.747646][ T6904] genl_rcv+0x28/0x40 [ 120.747667][ T6904] netlink_unicast+0x80f/0x9b0 [ 120.747693][ T6904] ? __pfx_netlink_unicast+0x10/0x10 [ 120.747711][ T6904] ? netlink_sendmsg+0x650/0xb40 [ 120.747728][ T6904] ? skb_put+0x11b/0x210 [ 120.747751][ T6904] netlink_sendmsg+0x813/0xb40 [ 120.747779][ T6904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.747801][ T6904] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 120.747830][ T6904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.747849][ T6904] sock_sendmsg_nosec+0x18f/0x1d0 [ 120.747869][ T6904] ____sys_sendmsg+0x589/0x8c0 [ 120.747901][ T6904] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.747934][ T6904] ? import_iovec+0x73/0xa0 [ 120.747960][ T6904] ___sys_sendmsg+0x2a5/0x360 [ 120.747988][ T6904] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.748043][ T6904] ? __fget_files+0x2a/0x420 [ 120.748067][ T6904] ? __fget_files+0x3a0/0x420 [ 120.748100][ T6904] __x64_sys_sendmsg+0x1bd/0x2a0 [ 120.748125][ T6904] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 120.748157][ T6904] ? __pfx_ksys_write+0x10/0x10 [ 120.748188][ T6904] do_syscall_64+0x14d/0xf80 [ 120.748208][ T6904] ? trace_irq_disable+0x3b/0x150 [ 120.748230][ T6904] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.748248][ T6904] ? clear_bhb_loop+0x40/0x90 [ 120.748270][ T6904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.748294][ T6904] RIP: 0033:0x7f6395b9c799 [ 120.748312][ T6904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.748325][ T6904] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.748343][ T6904] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 120.748356][ T6904] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 120.748367][ T6904] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 120.748378][ T6904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 120.748388][ T6904] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 120.748418][ T6904] [ 120.825040][ T5934] usb usb4-port1: attempt power cycle [ 121.425221][ T6916] openvswitch: netlink: EtherType 50a is less than min 600 [ 121.592796][ T5934] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 121.623466][ T5934] usb 4-1: device descriptor read/8, error -71 [ 121.692500][ T5184] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 121.702522][ T29] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 121.856615][ T29] usb 2-1: Using ep0 maxpacket: 16 [ 121.857618][ T5184] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 121.873623][ T29] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.885580][ T5184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.893680][ T5934] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 121.903788][ T29] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 121.915548][ T29] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 121.919686][ T5184] usb 3-1: config 0 descriptor?? [ 121.930605][ T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.939056][ T29] usb 2-1: Product: syz [ 121.944212][ T5934] usb 4-1: device descriptor read/8, error -71 [ 121.950769][ T29] usb 2-1: Manufacturer: syz [ 121.955745][ T29] usb 2-1: SerialNumber: syz [ 122.052948][ T5934] usb usb4-port1: unable to enumerate USB device [ 122.105645][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.373'. [ 122.178234][ T30] audit: type=1326 audit(1772331677.243:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.1.370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6395b9c799 code=0x0 [ 122.197671][ T6926] syzkaller1: entered promiscuous mode [ 122.205467][ T6926] syzkaller1: entered allmulticast mode [ 122.218970][ T6926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.227886][ T6926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.229363][ T29] usb 2-1: 0:2 : does not exist [ 122.238426][ T6926] netlink: 8 bytes leftover after parsing attributes in process `syz.2.369'. [ 122.256044][ T5184] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 122.283147][ T29] usb 2-1: USB disconnect, device number 29 [ 122.307812][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.790474][ T6928] netlink: 'syz.1.374': attribute type 12 has an invalid length. [ 122.825433][ T6928] FAULT_INJECTION: forcing a failure. [ 122.825433][ T6928] name failslab, interval 1, probability 0, space 0, times 0 [ 122.838421][ T6928] CPU: 1 UID: 0 PID: 6928 Comm: syz.1.374 Tainted: G L syzkaller #0 PREEMPT(full) [ 122.838447][ T6928] Tainted: [L]=SOFTLOCKUP [ 122.838454][ T6928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 122.838463][ T6928] Call Trace: [ 122.838470][ T6928] [ 122.838477][ T6928] dump_stack_lvl+0xe8/0x150 [ 122.838505][ T6928] should_fail_ex+0x412/0x560 [ 122.838531][ T6928] should_failslab+0xa8/0x100 [ 122.838552][ T6928] ? __kernfs_new_node+0xea/0x970 [ 122.838577][ T6928] kmem_cache_alloc_noprof+0x87/0x650 [ 122.838594][ T6928] ? kernfs_add_one+0x477/0x5c0 [ 122.838623][ T6928] __kernfs_new_node+0xea/0x970 [ 122.838654][ T6928] ? __pfx___kernfs_new_node+0x10/0x10 [ 122.838680][ T6928] ? kernfs_root+0x1c/0x230 [ 122.838710][ T6928] ? kernfs_root+0x1c/0x230 [ 122.838733][ T6928] ? kernfs_root+0x1c/0x230 [ 122.838754][ T6928] ? kernfs_root+0x1c/0x230 [ 122.838782][ T6928] kernfs_new_node+0x102/0x210 [ 122.838813][ T6928] __kernfs_create_file+0x4b/0x2e0 [ 122.838835][ T6928] sysfs_add_file_mode_ns+0x238/0x300 [ 122.838866][ T6928] sysfs_create_file_ns+0x12b/0x1b0 [ 122.838891][ T6928] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 122.838917][ T6928] ? __dev_fwnode+0x50/0x80 [ 122.838937][ T6928] ? device_create_file+0xf4/0x1b0 [ 122.838959][ T6928] device_add+0x440/0xb70 [ 122.838983][ T6928] wiphy_register+0x1d73/0x2d50 [ 122.839019][ T6928] ? __pfx_wiphy_register+0x10/0x10 [ 122.839039][ T6928] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 122.839071][ T6928] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 122.839106][ T6928] ieee80211_register_hw+0x3562/0x4200 [ 122.839144][ T6928] ? ieee80211_register_hw+0x1461/0x4200 [ 122.839178][ T6928] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 122.839218][ T6928] ? __hrtimer_setup+0x181/0x200 [ 122.839240][ T6928] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 122.839270][ T6928] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 122.839324][ T6928] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 122.839344][ T6928] ? ___ratelimit+0x58c/0x8d0 [ 122.839376][ T6928] hwsim_new_radio_nl+0xf35/0x1bd0 [ 122.839415][ T6928] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 122.839447][ T6928] ? rcu_is_watching+0x15/0xb0 [ 122.839470][ T6928] ? trace_kmalloc+0x2a/0x110 [ 122.839493][ T6928] ? __nla_parse+0x40/0x60 [ 122.839519][ T6928] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 122.839549][ T6928] genl_family_rcv_msg_doit+0x22a/0x330 [ 122.839580][ T6928] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 122.839615][ T6928] ? bpf_lsm_capable+0x9/0x20 [ 122.839637][ T6928] ? security_capable+0x7e/0x2c0 [ 122.839661][ T6928] genl_rcv_msg+0x61c/0x7a0 [ 122.839689][ T6928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.839711][ T6928] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 122.839735][ T6928] ? __lock_acquire+0x6b5/0x2cf0 [ 122.839769][ T6928] netlink_rcv_skb+0x232/0x4b0 [ 122.839790][ T6928] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.839815][ T6928] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 122.839854][ T6928] ? down_read+0x272/0x2e0 [ 122.839874][ T6928] ? genl_rcv+0xd/0x40 [ 122.839898][ T6928] genl_rcv+0x28/0x40 [ 122.839918][ T6928] netlink_unicast+0x80f/0x9b0 [ 122.839955][ T6928] ? __pfx_netlink_unicast+0x10/0x10 [ 122.839974][ T6928] ? netlink_sendmsg+0x650/0xb40 [ 122.839991][ T6928] ? skb_put+0x11b/0x210 [ 122.840016][ T6928] netlink_sendmsg+0x813/0xb40 [ 122.840036][ T6928] ? irqentry_exit+0x59e/0x620 [ 122.840065][ T6928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.840103][ T6928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.840122][ T6928] sock_sendmsg_nosec+0x18f/0x1d0 [ 122.840143][ T6928] ____sys_sendmsg+0x589/0x8c0 [ 122.840175][ T6928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.840206][ T6928] ? import_iovec+0x73/0xa0 [ 122.840230][ T6928] ___sys_sendmsg+0x2a5/0x360 [ 122.840257][ T6928] ? __pfx____sys_sendmsg+0x10/0x10 [ 122.840315][ T6928] ? __fget_files+0x2a/0x420 [ 122.840338][ T6928] ? __fget_files+0x3a0/0x420 [ 122.840372][ T6928] __x64_sys_sendmsg+0x1bd/0x2a0 [ 122.840397][ T6928] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 122.840429][ T6928] ? __pfx_ksys_write+0x10/0x10 [ 122.840460][ T6928] do_syscall_64+0x14d/0xf80 [ 122.840480][ T6928] ? trace_irq_disable+0x3b/0x150 [ 122.840523][ T6928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.840541][ T6928] ? clear_bhb_loop+0x40/0x90 [ 122.840562][ T6928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.840578][ T6928] RIP: 0033:0x7f6395b9c799 [ 122.840595][ T6928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.840608][ T6928] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.840626][ T6928] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 122.840639][ T6928] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 122.840649][ T6928] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 122.840660][ T6928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 122.840670][ T6928] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 122.840699][ T6928] [ 123.570058][ T6941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.579625][ T6941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 123.662601][ T29] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 123.792507][ T29] usb 2-1: device descriptor read/64, error -71 [ 124.032501][ T29] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 124.162606][ T29] usb 2-1: device descriptor read/64, error -71 [ 124.230236][ T6949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.240562][ T6949] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.272705][ T29] usb usb2-port1: attempt power cycle [ 124.527183][ T5184] [drm:udl_init] *ERROR* Selecting channel failed [ 124.612992][ T29] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 124.615664][ T5184] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 124.637946][ T6959] dlm: plock device version mismatch: kernel (1.2.0), user (1.1919249199.795633006) [ 124.638899][ T5184] [drm] Initialized udl on minor 2 [ 124.649119][ T6961] netlink: 'syz.2.385': attribute type 12 has an invalid length. [ 124.656329][ T5184] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 124.672630][ T29] usb 2-1: device descriptor read/8, error -71 [ 124.679329][ T5184] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 124.690814][ T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 124.721426][ T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 124.730364][ T5184] usb 3-1: USB disconnect, device number 19 [ 124.913467][ T29] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 124.935511][ T29] usb 2-1: device descriptor read/8, error -71 [ 124.988235][ T6974] netlink: 40 bytes leftover after parsing attributes in process `syz.0.392'. [ 125.042881][ T29] usb usb2-port1: unable to enumerate USB device [ 125.201281][ T6982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.210597][ T6982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.272510][ T29] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 125.426203][ T29] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 125.435511][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.443665][ T29] usb 3-1: Product: syz [ 125.447833][ T29] usb 3-1: Manufacturer: syz [ 125.452479][ T29] usb 3-1: SerialNumber: syz [ 125.460190][ T29] usb 3-1: config 0 descriptor?? [ 125.671524][ T6976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.681772][ T6976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.850214][ T6985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.860945][ T6985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.896192][ T29] usb 3-1: Firmware version (0.0) predates our first public release. [ 125.904462][ T29] usb 3-1: Please update to version 0.2 or newer [ 125.911471][ T29] usb 3-1: Firmware: build [ 126.136052][ T29] usb 3-1: USB disconnect, device number 20 [ 126.466050][ T6991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 126.488318][ T6991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.597238][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.401'. [ 126.922489][ T29] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 126.942499][ T9] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 127.072458][ T9] usb 3-1: device descriptor read/64, error -71 [ 127.084804][ T29] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 127.095776][ T29] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 127.107928][ T29] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 127.118441][ T29] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 127.147981][ T29] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 127.162102][ T29] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 127.172866][ T29] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 127.180872][ T29] usb 2-1: Product: syz [ 127.186300][ T29] usb 2-1: Manufacturer: syz [ 127.208586][ T29] cdc_wdm 2-1:1.0: skipping garbage [ 127.214095][ T29] cdc_wdm 2-1:1.0: skipping garbage [ 127.230157][ T29] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 127.236413][ T29] cdc_wdm 2-1:1.0: Unknown control protocol [ 127.332513][ T9] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 127.371236][ T7016] binder: 7015:7016 ioctl c0306201 0 returned -14 [ 127.408202][ T5878] usb 2-1: USB disconnect, device number 34 [ 127.472481][ T9] usb 3-1: device descriptor read/64, error -71 [ 127.583001][ T9] usb usb3-port1: attempt power cycle [ 127.924976][ T9] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 127.958969][ T9] usb 3-1: device descriptor read/8, error -71 [ 128.013375][ T7028] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 128.053145][ T5878] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 128.212451][ T9] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 128.225133][ T5878] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 128.234842][ T5878] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 128.245531][ T5878] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 128.256401][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 128.270298][ T9] usb 3-1: device descriptor read/8, error -71 [ 128.277927][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 128.291095][ T5878] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 128.300436][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 128.309000][ T5878] usb 2-1: Product: syz [ 128.313555][ T5878] usb 2-1: Manufacturer: syz [ 128.325763][ T5878] cdc_wdm 2-1:1.0: skipping garbage [ 128.331001][ T5878] cdc_wdm 2-1:1.0: skipping garbage [ 128.346338][ T5878] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 128.354077][ T5878] cdc_wdm 2-1:1.0: Unknown control protocol [ 128.392737][ T9] usb usb3-port1: unable to enumerate USB device [ 128.531204][ T29] usb 2-1: USB disconnect, device number 35 [ 129.362711][ T5815] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 129.523957][ T5815] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.534521][ T5815] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 129.552557][ T5815] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 129.561753][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 129.569880][ T5815] usb 2-1: SerialNumber: syz [ 129.708522][ T7035] netlink: 'syz.2.413': attribute type 12 has an invalid length. [ 129.791345][ T5815] usb 2-1: 0:2 : does not exist [ 129.798536][ T5815] usb 2-1: unit 5 not found! [ 129.845977][ T5815] usb 2-1: USB disconnect, device number 36 [ 129.891958][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 130.162482][ T5934] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 130.292722][ T5934] usb 3-1: device descriptor read/64, error -71 [ 130.542484][ T5934] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 130.597083][ T7051] netlink: 'syz.0.421': attribute type 83 has an invalid length. [ 130.682533][ T5934] usb 3-1: device descriptor read/64, error -71 [ 130.705215][ T7054] netlink: 'syz.0.422': attribute type 12 has an invalid length. [ 130.795151][ T5934] usb usb3-port1: attempt power cycle [ 130.854255][ T7058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.865036][ T7058] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.879067][ T7058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.887805][ T7058] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.102867][ T7058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.121647][ T7058] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.143336][ T5934] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 131.160010][ T7060] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 131.174181][ T5934] usb 3-1: device descriptor read/8, error -71 [ 131.279299][ T7063] binder: 7062:7063 ioctl c0306201 0 returned -14 [ 131.442656][ T5934] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 131.471034][ T5934] usb 3-1: device descriptor read/8, error -71 [ 131.582690][ T5934] usb usb3-port1: unable to enumerate USB device [ 131.937970][ T7080] netlink: 'syz.3.433': attribute type 12 has an invalid length. [ 131.971298][ T7082] comedi comedi3: ni_at_a2150: I/O port conflict (0x3,28) [ 132.156784][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.166059][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 132.176373][ T7088] binder: 7084:7088 ioctl c0306201 200000000180 returned -14 [ 132.183955][ T7082] netlink: 'syz.0.434': attribute type 6 has an invalid length. [ 132.185358][ T7088] binder: 7084:7088 ioctl c0306201 2000000002c0 returned -14 [ 132.202137][ T7088] binder: 7084:7088 ioctl c0306201 200000000480 returned -14 [ 132.748866][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.757091][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.840050][ T7090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.849491][ T7090] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 132.926172][ T7093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.437'. [ 132.946010][ T7093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.437'. [ 133.057968][ T7102] netlink: 44 bytes leftover after parsing attributes in process `syz.2.440'. [ 133.168090][ T7108] netlink: 'syz.2.443': attribute type 12 has an invalid length. [ 133.418508][ T7121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.429126][ T7121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.542520][ T5934] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 133.695874][ T5934] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 133.705378][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.713692][ T5934] usb 3-1: Product: syz [ 133.718341][ T5934] usb 3-1: Manufacturer: syz [ 133.723193][ T5934] usb 3-1: SerialNumber: syz [ 133.734264][ T5934] r8152-cfgselector 3-1: Unknown version 0x0000 [ 133.740542][ T5934] r8152-cfgselector 3-1: config 0 descriptor?? [ 134.098048][ T7129] batadv_slave_0: entered allmulticast mode [ 134.107958][ T7129] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 134.109504][ T7125] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 134.377047][ T7143] netlink: 'syz.1.454': attribute type 12 has an invalid length. [ 134.422033][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.455'. [ 134.433410][ T7145] netlink: 'syz.0.455': attribute type 6 has an invalid length. [ 134.686490][ T7160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.699049][ T7160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.090142][ T7085] binder: 7084:7085 ioctl c0306201 2000000004c0 returned -14 [ 135.181418][ T7169] netlink: 'syz.3.464': attribute type 12 has an invalid length. [ 135.341709][ T7175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.352241][ T7175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.572479][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 135.724299][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 135.735035][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 135.745157][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 135.754254][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 135.762254][ T9] usb 4-1: SerialNumber: syz [ 135.983669][ T9] usb 4-1: 0:2 : does not exist [ 135.990544][ T9] usb 4-1: unit 255 not found! [ 136.000052][ T9] usb 4-1: 5:0: cannot get min/max values for control 16 (id 5) [ 136.016566][ T9] usb 4-1: 5:0: cannot get min/max values for control 17 (id 5) [ 136.087191][ T9] usb 4-1: USB disconnect, device number 24 [ 136.185824][ T7186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.195906][ T7186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.319471][ T5934] r8152-cfgselector 3-1: USB disconnect, device number 29 [ 136.352348][ T7188] netlink: 44 bytes leftover after parsing attributes in process `syz.2.472'. [ 136.406607][ T7186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.417680][ T7186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.427535][ T7190] netlink: 88 bytes leftover after parsing attributes in process `syz.2.473'. [ 136.558303][ T7196] netlink: 'syz.3.475': attribute type 12 has an invalid length. [ 136.786395][ T7206] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 136.815857][ T7212] netlink: 'syz.3.481': attribute type 21 has an invalid length. [ 136.827078][ T7212] netlink: 'syz.3.481': attribute type 1 has an invalid length. [ 137.072484][ T29] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 137.092486][ T5934] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 137.233785][ T29] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 137.242724][ T29] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 137.253205][ T29] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 137.264228][ T29] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 137.275473][ T29] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 137.289222][ T29] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 137.298421][ T29] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 137.307126][ T29] usb 4-1: Product: syz [ 137.311279][ T29] usb 4-1: Manufacturer: syz [ 137.316512][ T5934] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 137.326418][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.335690][ T5934] usb 3-1: Product: syz [ 137.339924][ T5934] usb 3-1: Manufacturer: syz [ 137.345849][ T29] cdc_wdm 4-1:1.0: skipping garbage [ 137.351060][ T29] cdc_wdm 4-1:1.0: skipping garbage [ 137.356411][ T5934] usb 3-1: SerialNumber: syz [ 137.365509][ T29] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 137.371593][ T29] cdc_wdm 4-1:1.0: Unknown control protocol [ 137.378848][ T5934] r8152-cfgselector 3-1: Unknown version 0x0000 [ 137.386781][ T5934] r8152-cfgselector 3-1: config 0 descriptor?? [ 137.549846][ T9] usb 4-1: USB disconnect, device number 25 [ 137.816118][ T7216] netlink: 44 bytes leftover after parsing attributes in process `syz.1.483'. [ 137.941822][ T7220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.485'. [ 138.116700][ T5934] r8152-cfgselector 3-1: Unknown version 0x0000 [ 138.123693][ T5934] r8152-cfgselector 3-1: bad CDC descriptors [ 138.133710][ T5934] r8152-cfgselector 3-1: USB disconnect, device number 30 [ 138.195000][ T5184] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 138.202703][ T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 138.307264][ T7230] netlink: 'syz.2.490': attribute type 12 has an invalid length. [ 138.377231][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.388086][ T5184] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 138.397327][ T5184] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 138.407925][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 138.416948][ T5184] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 138.426284][ T5184] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 138.437568][ T5184] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 138.449365][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 138.458649][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 138.466744][ T9] usb 2-1: SerialNumber: syz [ 138.471961][ T5184] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 138.488522][ T5184] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 138.497135][ T5184] usb 4-1: Product: syz [ 138.501326][ T5184] usb 4-1: Manufacturer: syz [ 138.515561][ T5184] cdc_wdm 4-1:1.0: skipping garbage [ 138.520813][ T5184] cdc_wdm 4-1:1.0: skipping garbage [ 138.527426][ T5184] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 138.533858][ T5184] cdc_wdm 4-1:1.0: Unknown control protocol [ 138.689156][ T9] usb 2-1: 0:2 : does not exist [ 138.696475][ T9] usb 2-1: unit 255 not found! [ 138.718321][ T5934] usb 4-1: USB disconnect, device number 26 [ 138.730174][ T9] usb 2-1: USB disconnect, device number 37 [ 138.768656][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 139.019832][ T7239] netlink: 'syz.2.494': attribute type 12 has an invalid length. [ 139.043975][ T7239] FAULT_INJECTION: forcing a failure. [ 139.043975][ T7239] name failslab, interval 1, probability 0, space 0, times 0 [ 139.057266][ T7239] CPU: 0 UID: 0 PID: 7239 Comm: syz.2.494 Tainted: G L syzkaller #0 PREEMPT(full) [ 139.057291][ T7239] Tainted: [L]=SOFTLOCKUP [ 139.057297][ T7239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.057306][ T7239] Call Trace: [ 139.057312][ T7239] [ 139.057319][ T7239] dump_stack_lvl+0xe8/0x150 [ 139.057338][ T7239] should_fail_ex+0x412/0x560 [ 139.057352][ T7239] should_failslab+0xa8/0x100 [ 139.057364][ T7239] ? __kernfs_new_node+0xea/0x970 [ 139.057379][ T7239] kmem_cache_alloc_noprof+0x87/0x650 [ 139.057394][ T7239] __kernfs_new_node+0xea/0x970 [ 139.057410][ T7239] ? __pfx___kernfs_new_node+0x10/0x10 [ 139.057424][ T7239] ? kernfs_root+0x1c/0x230 [ 139.057448][ T7239] ? kernfs_root+0x1c/0x230 [ 139.057461][ T7239] ? kernfs_root+0x1c/0x230 [ 139.057477][ T7239] kernfs_new_node+0x102/0x210 [ 139.057493][ T7239] kernfs_create_link+0xa7/0x200 [ 139.057507][ T7239] sysfs_do_create_link_sd+0x83/0x110 [ 139.057521][ T7239] device_add_class_symlinks+0xb6/0x240 [ 139.057535][ T7239] device_add+0x475/0xb70 [ 139.057548][ T7239] wiphy_register+0x1d73/0x2d50 [ 139.057567][ T7239] ? __pfx_wiphy_register+0x10/0x10 [ 139.057578][ T7239] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 139.057596][ T7239] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 139.057612][ T7239] ieee80211_register_hw+0x3562/0x4200 [ 139.057633][ T7239] ? ieee80211_register_hw+0x1461/0x4200 [ 139.057651][ T7239] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 139.057673][ T7239] ? __hrtimer_setup+0x181/0x200 [ 139.057686][ T7239] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 139.057703][ T7239] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 139.057731][ T7239] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 139.057743][ T7239] ? ___ratelimit+0x58c/0x8d0 [ 139.057760][ T7239] hwsim_new_radio_nl+0xf35/0x1bd0 [ 139.057785][ T7239] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 139.057803][ T7239] ? rcu_is_watching+0x15/0xb0 [ 139.057818][ T7239] ? trace_kmalloc+0x2a/0x110 [ 139.057831][ T7239] ? __nla_parse+0x40/0x60 [ 139.057845][ T7239] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 139.057864][ T7239] genl_family_rcv_msg_doit+0x22a/0x330 [ 139.057881][ T7239] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 139.057901][ T7239] ? bpf_lsm_capable+0x9/0x20 [ 139.057914][ T7239] ? security_capable+0x7e/0x2c0 [ 139.057928][ T7239] genl_rcv_msg+0x61c/0x7a0 [ 139.057947][ T7239] ? __pfx_genl_rcv_msg+0x10/0x10 [ 139.057961][ T7239] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 139.057975][ T7239] ? __lock_acquire+0x6b5/0x2cf0 [ 139.057993][ T7239] netlink_rcv_skb+0x232/0x4b0 [ 139.058004][ T7239] ? __pfx_genl_rcv_msg+0x10/0x10 [ 139.058017][ T7239] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 139.058037][ T7239] ? down_read+0x272/0x2e0 [ 139.058049][ T7239] ? genl_rcv+0xd/0x40 [ 139.058062][ T7239] genl_rcv+0x28/0x40 [ 139.058074][ T7239] netlink_unicast+0x80f/0x9b0 [ 139.058088][ T7239] ? __pfx_netlink_unicast+0x10/0x10 [ 139.058099][ T7239] ? netlink_sendmsg+0x650/0xb40 [ 139.058109][ T7239] ? skb_put+0x11b/0x210 [ 139.058123][ T7239] netlink_sendmsg+0x813/0xb40 [ 139.058141][ T7239] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.058153][ T7239] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 139.058170][ T7239] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.058180][ T7239] sock_sendmsg_nosec+0x18f/0x1d0 [ 139.058192][ T7239] ____sys_sendmsg+0x589/0x8c0 [ 139.058210][ T7239] ? __pfx_____sys_sendmsg+0x10/0x10 [ 139.058227][ T7239] ? import_iovec+0x73/0xa0 [ 139.058242][ T7239] ___sys_sendmsg+0x2a5/0x360 [ 139.058258][ T7239] ? __pfx____sys_sendmsg+0x10/0x10 [ 139.058289][ T7239] ? __fget_files+0x2a/0x420 [ 139.058302][ T7239] ? __fget_files+0x3a0/0x420 [ 139.058321][ T7239] __x64_sys_sendmsg+0x1bd/0x2a0 [ 139.058335][ T7239] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 139.058353][ T7239] ? __pfx_ksys_write+0x10/0x10 [ 139.058370][ T7239] do_syscall_64+0x14d/0xf80 [ 139.058381][ T7239] ? trace_irq_disable+0x3b/0x150 [ 139.058394][ T7239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.058404][ T7239] ? clear_bhb_loop+0x40/0x90 [ 139.058416][ T7239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.058425][ T7239] RIP: 0033:0x7fa4e8f9c799 [ 139.058441][ T7239] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 139.058449][ T7239] RSP: 002b:00007fa4e9dbd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 139.058460][ T7239] RAX: ffffffffffffffda RBX: 00007fa4e9215fa0 RCX: 00007fa4e8f9c799 [ 139.058467][ T7239] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 139.058473][ T7239] RBP: 00007fa4e9dbd090 R08: 0000000000000000 R09: 0000000000000000 [ 139.058479][ T7239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 139.058485][ T7239] R13: 00007fa4e9216038 R14: 00007fa4e9215fa0 R15: 00007ffddbc9aab8 [ 139.058501][ T7239] [ 139.861765][ T5184] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 139.972790][ T5934] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 140.029632][ T5184] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 140.038111][ T5184] usb 3-1: config 0 has no interface number 0 [ 140.044283][ T5184] usb 3-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 140.055288][ T5184] usb 3-1: config 0 interface 231 altsetting 0 endpoint 0x82 has invalid maxpacket 35080, setting to 64 [ 140.074337][ T5184] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 140.084538][ T5184] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.092612][ T5184] usb 3-1: Product: syz [ 140.096972][ T5184] usb 3-1: Manufacturer: syz [ 140.101576][ T5184] usb 3-1: SerialNumber: syz [ 140.114403][ T5184] usb 3-1: config 0 descriptor?? [ 140.120022][ T7241] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 140.133597][ T5934] usb 2-1: Using ep0 maxpacket: 32 [ 140.138974][ T7241] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 140.149023][ T5934] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 140.158175][ T5934] usb 2-1: config 0 has no interface number 0 [ 140.159291][ T5184] plusb 3-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 86:fd:30:82:19:c5 [ 140.167267][ T5934] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 140.186630][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.194871][ T5934] usb 2-1: Product: syz [ 140.199045][ T5934] usb 2-1: Manufacturer: syz [ 140.203844][ T5934] usb 2-1: SerialNumber: syz [ 140.215121][ T5934] usb 2-1: config 0 descriptor?? [ 140.229017][ T5934] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 140.353499][ T5184] usb 3-1: USB disconnect, device number 31 [ 140.362044][ T5184] plusb 3-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 140.478791][ T5934] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 140.493668][ T5934] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 140.903009][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 140.912190][ T5934] usb 2-1: USB disconnect, device number 38 [ 140.931338][ T5934] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 140.967350][ T5934] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 140.968709][ T7283] netlink: 44 bytes leftover after parsing attributes in process `syz.0.504'. [ 140.981387][ T5934] quatech2 2-1:0.51: device disconnected [ 141.108275][ T7289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.118375][ T7289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.342463][ T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 141.499860][ T7295] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 141.510868][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 141.518645][ T9] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 141.527412][ T9] usb 3-1: config 0 has no interface number 0 [ 141.533608][ T9] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 141.543774][ T9] usb 3-1: config 0 interface 196 has no altsetting 0 [ 141.553676][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 141.572424][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.581464][ T9] usb 3-1: Product: syz [ 141.585774][ T9] usb 3-1: Manufacturer: syz [ 141.590429][ T9] usb 3-1: SerialNumber: syz [ 141.598582][ T9] usb 3-1: config 0 descriptor?? [ 141.615593][ T7285] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 141.774596][ T7304] netlink: 666 bytes leftover after parsing attributes in process `syz.0.511'. [ 141.927239][ T7310] netlink: 'syz.0.514': attribute type 12 has an invalid length. [ 142.019718][ T7312] netlink: 'syz.0.515': attribute type 12 has an invalid length. [ 142.153688][ T7316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.166241][ T7316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.188450][ T7316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.198032][ T7316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.303912][ T30] audit: type=1326 audit(1772331953.373:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7318 comm="syz.1.518" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6395b9c799 code=0x0 [ 142.592494][ T5878] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 142.763158][ T5878] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.773636][ T5878] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.785528][ T5878] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 142.796505][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 142.805443][ T5878] usb 2-1: SerialNumber: syz [ 142.892642][ T9] ipheth 3-1:0.196: ipheth_enable_ncm: usb_control_msg: -110 [ 142.908740][ T9] ipheth 3-1:0.196: Apple iPhone USB Ethernet device attached [ 143.895371][ T9] usb 3-1: USB disconnect, device number 32 [ 144.016306][ T9] ipheth 3-1:0.196: Apple iPhone USB Ethernet now disconnected [ 144.645233][ T7390] syzkaller1: entered promiscuous mode [ 144.650812][ T7390] syzkaller1: entered allmulticast mode [ 144.669458][ T7390] syzkaller0: entered allmulticast mode [ 144.932470][ T5934] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 145.104306][ T5934] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 145.118288][ T5934] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.130843][ T5934] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 145.139978][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.155195][ T5934] hub 3-1:4.0: USB hub found [ 145.310222][ T5878] usb 2-1: 0:2 : does not exist [ 145.317251][ T5878] usb 2-1: unit 255 not found! [ 145.327370][ T5878] usb 2-1: unit 11 not found! [ 145.332094][ T5878] usb 2-1: unit 14 not found! [ 145.354743][ T5934] hub 3-1:4.0: 2 ports detected [ 145.360918][ T5934] usb 3-1: selecting invalid altsetting 1 [ 145.369080][ T7407] netlink: 'syz.1.532': attribute type 12 has an invalid length. [ 145.377100][ T5934] hub 3-1:4.0: Using single TT (err -22) [ 145.391540][ T5878] usb 2-1: USB disconnect, device number 39 [ 145.425977][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.506560][ T7409] netlink: 'syz.1.533': attribute type 12 has an invalid length. [ 145.533987][ T7409] FAULT_INJECTION: forcing a failure. [ 145.533987][ T7409] name failslab, interval 1, probability 0, space 0, times 0 [ 145.547558][ T7409] CPU: 1 UID: 0 PID: 7409 Comm: syz.1.533 Tainted: G L syzkaller #0 PREEMPT(full) [ 145.547585][ T7409] Tainted: [L]=SOFTLOCKUP [ 145.547591][ T7409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 145.547600][ T7409] Call Trace: [ 145.547605][ T7409] [ 145.547609][ T7409] dump_stack_lvl+0xe8/0x150 [ 145.547629][ T7409] should_fail_ex+0x412/0x560 [ 145.547643][ T7409] should_failslab+0xa8/0x100 [ 145.547660][ T7409] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 145.547673][ T7409] ? __kernfs_new_node+0xaa/0x970 [ 145.547691][ T7409] kstrdup+0x42/0x100 [ 145.547703][ T7409] __kernfs_new_node+0xaa/0x970 [ 145.547721][ T7409] ? __pfx___kernfs_new_node+0x10/0x10 [ 145.547734][ T7409] ? kernfs_root+0x1c/0x230 [ 145.547751][ T7409] ? kernfs_root+0x1c/0x230 [ 145.547764][ T7409] ? kernfs_root+0x1c/0x230 [ 145.547779][ T7409] kernfs_new_node+0x102/0x210 [ 145.547796][ T7409] kernfs_create_link+0xa7/0x200 [ 145.547809][ T7409] sysfs_do_create_link_sd+0x83/0x110 [ 145.547824][ T7409] device_add_class_symlinks+0x1cf/0x240 [ 145.547838][ T7409] device_add+0x475/0xb70 [ 145.547851][ T7409] wiphy_register+0x1d73/0x2d50 [ 145.547871][ T7409] ? __pfx_wiphy_register+0x10/0x10 [ 145.547882][ T7409] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 145.547900][ T7409] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 145.547916][ T7409] ieee80211_register_hw+0x3562/0x4200 [ 145.547937][ T7409] ? ieee80211_register_hw+0x1461/0x4200 [ 145.547955][ T7409] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 145.547977][ T7409] ? __hrtimer_setup+0x181/0x200 [ 145.547992][ T7409] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 145.548010][ T7409] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 145.548039][ T7409] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 145.548051][ T7409] ? ___ratelimit+0x58c/0x8d0 [ 145.548067][ T7409] hwsim_new_radio_nl+0xf35/0x1bd0 [ 145.548092][ T7409] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 145.548110][ T7409] ? rcu_is_watching+0x15/0xb0 [ 145.548125][ T7409] ? trace_kmalloc+0x2a/0x110 [ 145.548138][ T7409] ? __nla_parse+0x40/0x60 [ 145.548152][ T7409] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 145.548171][ T7409] genl_family_rcv_msg_doit+0x22a/0x330 [ 145.548188][ T7409] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 145.548208][ T7409] ? bpf_lsm_capable+0x9/0x20 [ 145.548220][ T7409] ? security_capable+0x7e/0x2c0 [ 145.548235][ T7409] genl_rcv_msg+0x61c/0x7a0 [ 145.548251][ T7409] ? __pfx_genl_rcv_msg+0x10/0x10 [ 145.548263][ T7409] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 145.548276][ T7409] ? __lock_acquire+0x6b5/0x2cf0 [ 145.548295][ T7409] netlink_rcv_skb+0x232/0x4b0 [ 145.548306][ T7409] ? __pfx_genl_rcv_msg+0x10/0x10 [ 145.548323][ T7409] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 145.548355][ T7409] ? down_read+0x272/0x2e0 [ 145.548374][ T7409] ? genl_rcv+0xd/0x40 [ 145.548395][ T7409] genl_rcv+0x28/0x40 [ 145.548414][ T7409] netlink_unicast+0x80f/0x9b0 [ 145.548429][ T7409] ? __pfx_netlink_unicast+0x10/0x10 [ 145.548440][ T7409] ? netlink_sendmsg+0x650/0xb40 [ 145.548449][ T7409] ? skb_put+0x11b/0x210 [ 145.548464][ T7409] netlink_sendmsg+0x813/0xb40 [ 145.548486][ T7409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 145.548498][ T7409] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 145.548515][ T7409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 145.548525][ T7409] sock_sendmsg_nosec+0x18f/0x1d0 [ 145.548537][ T7409] ____sys_sendmsg+0x589/0x8c0 [ 145.548554][ T7409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 145.548572][ T7409] ? import_iovec+0x73/0xa0 [ 145.548586][ T7409] ___sys_sendmsg+0x2a5/0x360 [ 145.548612][ T7409] ? __pfx____sys_sendmsg+0x10/0x10 [ 145.548668][ T7409] ? __fget_files+0x2a/0x420 [ 145.548691][ T7409] ? __fget_files+0x3a0/0x420 [ 145.548713][ T7409] __x64_sys_sendmsg+0x1bd/0x2a0 [ 145.548727][ T7409] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 145.548745][ T7409] ? __pfx_ksys_write+0x10/0x10 [ 145.548762][ T7409] do_syscall_64+0x14d/0xf80 [ 145.548774][ T7409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.548784][ T7409] ? clear_bhb_loop+0x40/0x90 [ 145.548796][ T7409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.548805][ T7409] RIP: 0033:0x7f6395b9c799 [ 145.548817][ T7409] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 145.548825][ T7409] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 145.548836][ T7409] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 145.548843][ T7409] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 145.548849][ T7409] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 145.548854][ T7409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 145.548860][ T7409] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 145.548876][ T7409] [ 146.145662][ T7415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.154629][ T7415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.168820][ T7415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.180926][ T7415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.231879][ T5934] usb 3-1: USB disconnect, device number 33 [ 146.648850][ T7417] FAULT_INJECTION: forcing a failure. [ 146.648850][ T7417] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 146.662236][ T7417] CPU: 1 UID: 0 PID: 7417 Comm: syz.1.537 Tainted: G L syzkaller #0 PREEMPT(full) [ 146.662264][ T7417] Tainted: [L]=SOFTLOCKUP [ 146.662270][ T7417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.662281][ T7417] Call Trace: [ 146.662287][ T7417] [ 146.662294][ T7417] dump_stack_lvl+0xe8/0x150 [ 146.662323][ T7417] should_fail_ex+0x412/0x560 [ 146.662347][ T7417] _copy_from_user+0x2d/0xb0 [ 146.662372][ T7417] ___sys_sendmsg+0x1c6/0x360 [ 146.662397][ T7417] ? __pfx____sys_sendmsg+0x10/0x10 [ 146.662451][ T7417] ? __fget_files+0x2a/0x420 [ 146.662474][ T7417] ? __fget_files+0x3a0/0x420 [ 146.662506][ T7417] __x64_sys_sendmsg+0x1bd/0x2a0 [ 146.662531][ T7417] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 146.662561][ T7417] ? __pfx_ksys_write+0x10/0x10 [ 146.662588][ T7417] do_syscall_64+0x14d/0xf80 [ 146.662607][ T7417] ? trace_irq_disable+0x3b/0x150 [ 146.662628][ T7417] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.662645][ T7417] ? clear_bhb_loop+0x40/0x90 [ 146.662665][ T7417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.662681][ T7417] RIP: 0033:0x7f6395b9c799 [ 146.662698][ T7417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.662712][ T7417] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.662731][ T7417] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 146.662744][ T7417] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 146.662754][ T7417] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 146.662765][ T7417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.662776][ T7417] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 146.662803][ T7417] [ 146.993418][ T7423] netlink: 44 bytes leftover after parsing attributes in process `syz.1.540'. [ 147.002338][ T7423] L+߬: renamed from bridge_slave_0 (while UP) [ 147.178851][ T7435] netlink: 'syz.2.546': attribute type 9 has an invalid length. [ 147.187435][ T7435] netlink: 'syz.2.546': attribute type 11 has an invalid length. [ 147.196965][ T7435] netlink: 'syz.2.546': attribute type 12 has an invalid length. [ 147.205029][ T7435] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.546'. [ 147.214519][ T7435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.546'. [ 147.462625][ T5878] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 147.612445][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 147.619082][ T5878] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 147.633998][ T5878] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 147.643100][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.651099][ T5878] usb 3-1: Product: syz [ 147.655348][ T5878] usb 3-1: Manufacturer: syz [ 147.659952][ T5878] usb 3-1: SerialNumber: syz [ 147.667315][ T5878] usb 3-1: config 0 descriptor?? [ 147.689308][ T5878] cdc_ether 3-1:0.0: invalid descriptor buffer length [ 147.704517][ T5878] usb 3-1: bad CDC descriptors [ 147.711058][ T5878] usb 3-1: unsupported MDLM descriptors [ 147.763853][ T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 147.820939][ T7446] netlink: 88 bytes leftover after parsing attributes in process `syz.1.551'. [ 147.871476][ T7448] netlink: 'syz.1.552': attribute type 12 has an invalid length. [ 147.890811][ T5878] usb 3-1: USB disconnect, device number 34 [ 147.926937][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.961855][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 147.992322][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 147.993534][ T7450] netlink: 'syz.0.553': attribute type 1 has an invalid length. [ 148.010110][ T7450] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 148.022635][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 148.030681][ T9] usb 4-1: SerialNumber: syz [ 148.261802][ T9] usb 4-1: 0:2 : does not exist [ 148.266946][ T9] usb 4-1: unit 255 not found! [ 148.294333][ T9] usb 4-1: USB disconnect, device number 27 [ 148.319366][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 148.568429][ T7461] netlink: 'syz.0.558': attribute type 12 has an invalid length. [ 148.594521][ T7461] FAULT_INJECTION: forcing a failure. [ 148.594521][ T7461] name failslab, interval 1, probability 0, space 0, times 0 [ 148.607755][ T7461] CPU: 0 UID: 0 PID: 7461 Comm: syz.0.558 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.607772][ T7461] Tainted: [L]=SOFTLOCKUP [ 148.607775][ T7461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 148.607784][ T7461] Call Trace: [ 148.607788][ T7461] [ 148.607793][ T7461] dump_stack_lvl+0xe8/0x150 [ 148.607812][ T7461] should_fail_ex+0x412/0x560 [ 148.607826][ T7461] should_failslab+0xa8/0x100 [ 148.607839][ T7461] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 148.607851][ T7461] ? __kernfs_new_node+0xaa/0x970 [ 148.607869][ T7461] kstrdup+0x42/0x100 [ 148.607881][ T7461] __kernfs_new_node+0xaa/0x970 [ 148.607898][ T7461] ? __pfx___kernfs_new_node+0x10/0x10 [ 148.607912][ T7461] ? kernfs_root+0x1c/0x230 [ 148.607929][ T7461] ? kernfs_root+0x1c/0x230 [ 148.607942][ T7461] ? kernfs_root+0x1c/0x230 [ 148.607957][ T7461] kernfs_new_node+0x102/0x210 [ 148.607974][ T7461] kernfs_create_link+0xa7/0x200 [ 148.607987][ T7461] sysfs_do_create_link_sd+0x83/0x110 [ 148.608002][ T7461] device_add_class_symlinks+0x1cf/0x240 [ 148.608016][ T7461] device_add+0x475/0xb70 [ 148.608029][ T7461] wiphy_register+0x1d73/0x2d50 [ 148.608049][ T7461] ? __pfx_wiphy_register+0x10/0x10 [ 148.608060][ T7461] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 148.608078][ T7461] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 148.608098][ T7461] ieee80211_register_hw+0x3562/0x4200 [ 148.608132][ T7461] ? ieee80211_register_hw+0x1461/0x4200 [ 148.608163][ T7461] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 148.608190][ T7461] ? __hrtimer_setup+0x181/0x200 [ 148.608203][ T7461] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 148.608220][ T7461] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 148.608249][ T7461] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 148.608261][ T7461] ? ___ratelimit+0x58c/0x8d0 [ 148.608285][ T7461] hwsim_new_radio_nl+0xf35/0x1bd0 [ 148.608310][ T7461] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 148.608329][ T7461] ? rcu_is_watching+0x15/0xb0 [ 148.608342][ T7461] ? trace_kmalloc+0x2a/0x110 [ 148.608355][ T7461] ? __nla_parse+0x40/0x60 [ 148.608370][ T7461] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 148.608388][ T7461] genl_family_rcv_msg_doit+0x22a/0x330 [ 148.608405][ T7461] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 148.608425][ T7461] ? bpf_lsm_capable+0x9/0x20 [ 148.608437][ T7461] ? security_capable+0x7e/0x2c0 [ 148.608452][ T7461] genl_rcv_msg+0x61c/0x7a0 [ 148.608468][ T7461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.608480][ T7461] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 148.608494][ T7461] ? __lock_acquire+0x6b5/0x2cf0 [ 148.608512][ T7461] netlink_rcv_skb+0x232/0x4b0 [ 148.608523][ T7461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.608537][ T7461] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 148.608556][ T7461] ? down_read+0x272/0x2e0 [ 148.608568][ T7461] ? genl_rcv+0xd/0x40 [ 148.608581][ T7461] genl_rcv+0x28/0x40 [ 148.608593][ T7461] netlink_unicast+0x80f/0x9b0 [ 148.608607][ T7461] ? __pfx_netlink_unicast+0x10/0x10 [ 148.608618][ T7461] ? netlink_sendmsg+0x650/0xb40 [ 148.608627][ T7461] ? skb_put+0x11b/0x210 [ 148.608641][ T7461] netlink_sendmsg+0x813/0xb40 [ 148.608657][ T7461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.608669][ T7461] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 148.608686][ T7461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.608696][ T7461] sock_sendmsg_nosec+0x18f/0x1d0 [ 148.608707][ T7461] ____sys_sendmsg+0x589/0x8c0 [ 148.608725][ T7461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.608742][ T7461] ? import_iovec+0x73/0xa0 [ 148.608757][ T7461] ___sys_sendmsg+0x2a5/0x360 [ 148.608772][ T7461] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.608806][ T7461] ? __fget_files+0x2a/0x420 [ 148.608819][ T7461] ? __fget_files+0x3a0/0x420 [ 148.608837][ T7461] __x64_sys_sendmsg+0x1bd/0x2a0 [ 148.608851][ T7461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 148.608870][ T7461] ? __pfx_ksys_write+0x10/0x10 [ 148.608886][ T7461] do_syscall_64+0x14d/0xf80 [ 148.608899][ T7461] ? trace_irq_disable+0x3b/0x150 [ 148.608921][ T7461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.608937][ T7461] ? clear_bhb_loop+0x40/0x90 [ 148.608956][ T7461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.608973][ T7461] RIP: 0033:0x7feb92b9c799 [ 148.608986][ T7461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.608994][ T7461] RSP: 002b:00007feb93a6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.609006][ T7461] RAX: ffffffffffffffda RBX: 00007feb92e15fa0 RCX: 00007feb92b9c799 [ 148.609013][ T7461] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 148.609019][ T7461] RBP: 00007feb93a6d090 R08: 0000000000000000 R09: 0000000000000000 [ 148.609025][ T7461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 148.609030][ T7461] R13: 00007feb92e16038 R14: 00007feb92e15fa0 R15: 00007fffc079e5e8 [ 148.609046][ T7461] [ 149.233670][ T7467] FAULT_INJECTION: forcing a failure. [ 149.233670][ T7467] name failslab, interval 1, probability 0, space 0, times 0 [ 149.269119][ T7467] CPU: 0 UID: 0 PID: 7467 Comm: syz.3.561 Tainted: G L syzkaller #0 PREEMPT(full) [ 149.269146][ T7467] Tainted: [L]=SOFTLOCKUP [ 149.269152][ T7467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 149.269162][ T7467] Call Trace: [ 149.269168][ T7467] [ 149.269175][ T7467] dump_stack_lvl+0xe8/0x150 [ 149.269210][ T7467] should_fail_ex+0x412/0x560 [ 149.269234][ T7467] should_failslab+0xa8/0x100 [ 149.269254][ T7467] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 149.269271][ T7467] ? __alloc_skb+0x186/0x7d0 [ 149.269289][ T7467] ? __alloc_skb+0x1d0/0x7d0 [ 149.269307][ T7467] ? __local_bh_enable_ip+0xd0/0x130 [ 149.269331][ T7467] __alloc_skb+0x1d0/0x7d0 [ 149.269354][ T7467] netlink_sendmsg+0x5d4/0xb40 [ 149.269381][ T7467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.269400][ T7467] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 149.269428][ T7467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.269446][ T7467] sock_sendmsg_nosec+0x18f/0x1d0 [ 149.269465][ T7467] ____sys_sendmsg+0x589/0x8c0 [ 149.269493][ T7467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.269518][ T7467] ? import_iovec+0x73/0xa0 [ 149.269541][ T7467] ___sys_sendmsg+0x2a5/0x360 [ 149.269565][ T7467] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.269611][ T7467] ? __fget_files+0x2a/0x420 [ 149.269631][ T7467] ? __fget_files+0x3a0/0x420 [ 149.269659][ T7467] __x64_sys_sendmsg+0x1bd/0x2a0 [ 149.269681][ T7467] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 149.269707][ T7467] ? __pfx_ksys_write+0x10/0x10 [ 149.269734][ T7467] do_syscall_64+0x14d/0xf80 [ 149.269751][ T7467] ? trace_irq_disable+0x3b/0x150 [ 149.269770][ T7467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.269784][ T7467] ? clear_bhb_loop+0x40/0x90 [ 149.269803][ T7467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.269819][ T7467] RIP: 0033:0x7f7097b9c799 [ 149.269833][ T7467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.269846][ T7467] RSP: 002b:00007f7098ac5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.269863][ T7467] RAX: ffffffffffffffda RBX: 00007f7097e15fa0 RCX: 00007f7097b9c799 [ 149.269876][ T7467] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 149.269886][ T7467] RBP: 00007f7098ac5090 R08: 0000000000000000 R09: 0000000000000000 [ 149.269896][ T7467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.269906][ T7467] R13: 00007f7097e16038 R14: 00007f7097e15fa0 R15: 00007ffdce421b68 [ 149.269932][ T7467] [ 149.273261][ T7469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.531375][ T7474] netlink: 44 bytes leftover after parsing attributes in process `syz.3.564'. [ 149.541567][ T7474] L+߬: renamed from bridge_slave_0 (while UP) [ 149.541909][ T7475] netlink: 20 bytes leftover after parsing attributes in process `syz.2.565'. [ 149.552136][ T7469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.579837][ T7477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.600983][ T7477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.627238][ T7480] warning: `syz.2.565' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 149.632033][ T7479] /dev/nullb0: Can't open blockdev [ 149.740169][ T7483] netlink: 44 bytes leftover after parsing attributes in process `syz.2.567'. [ 149.859799][ T7469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.871080][ T7469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.884996][ T7469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.896807][ T7469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 149.904795][ T5184] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 150.072455][ T5184] usb 4-1: Using ep0 maxpacket: 16 [ 150.080815][ T5184] usb 4-1: New USB device found, idVendor=04dd, idProduct=8002, bcdDevice=fc.b6 [ 150.089916][ T5184] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.099167][ T5184] usb 4-1: Product: syz [ 150.103610][ T5184] usb 4-1: Manufacturer: syz [ 150.108204][ T5184] usb 4-1: SerialNumber: syz [ 150.115751][ T5184] usb 4-1: config 0 descriptor?? [ 150.123317][ T5184] safe_serial 4-1:0.0: safe_serial converter detected [ 150.134122][ T5184] usb 4-1: safe_serial converter now attached to ttyUSB0 [ 150.162488][ T5934] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 150.324567][ T5184] usb 4-1: USB disconnect, device number 28 [ 150.327112][ T5934] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 150.340156][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.343489][ T5184] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0 [ 150.348783][ T5934] usb 3-1: Product: syz [ 150.361328][ T5934] usb 3-1: Manufacturer: syz [ 150.366156][ T5934] usb 3-1: SerialNumber: syz [ 150.373649][ T5184] safe_serial 4-1:0.0: device disconnected [ 150.598137][ T5934] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 150.611057][ T5934] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 150.622964][ T5934] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 150.635534][ T5934] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 150.647560][ T5934] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 150.659059][ T5934] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 150.664053][ T7500] netlink: 'syz.2.574': attribute type 12 has an invalid length. [ 150.683883][ T5934] usb 3-1: USB disconnect, device number 35 [ 151.109638][ T7512] netlink: 'syz.0.578': attribute type 12 has an invalid length. [ 151.164496][ T7512] FAULT_INJECTION: forcing a failure. [ 151.164496][ T7512] name failslab, interval 1, probability 0, space 0, times 0 [ 151.177621][ T7512] CPU: 0 UID: 0 PID: 7512 Comm: syz.0.578 Tainted: G L syzkaller #0 PREEMPT(full) [ 151.177646][ T7512] Tainted: [L]=SOFTLOCKUP [ 151.177649][ T7512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 151.177658][ T7512] Call Trace: [ 151.177664][ T7512] [ 151.177671][ T7512] dump_stack_lvl+0xe8/0x150 [ 151.177699][ T7512] should_fail_ex+0x412/0x560 [ 151.177724][ T7512] should_failslab+0xa8/0x100 [ 151.177741][ T7512] ? __kernfs_new_node+0xea/0x970 [ 151.177756][ T7512] kmem_cache_alloc_noprof+0x87/0x650 [ 151.177771][ T7512] __kernfs_new_node+0xea/0x970 [ 151.177789][ T7512] ? __pfx___kernfs_new_node+0x10/0x10 [ 151.177803][ T7512] ? kernfs_root+0x1c/0x230 [ 151.177820][ T7512] ? kernfs_root+0x1c/0x230 [ 151.177832][ T7512] ? kernfs_root+0x1c/0x230 [ 151.177844][ T7512] ? kernfs_root+0x1c/0x230 [ 151.177859][ T7512] kernfs_new_node+0x102/0x210 [ 151.177875][ T7512] __kernfs_create_file+0x4b/0x2e0 [ 151.177888][ T7512] sysfs_add_file_mode_ns+0x238/0x300 [ 151.177904][ T7512] internal_create_group+0x673/0x1180 [ 151.177926][ T7512] ? __pfx_internal_create_group+0x10/0x10 [ 151.177938][ T7512] ? kernfs_add_one+0x477/0x5c0 [ 151.177954][ T7512] ? up_write+0x1ab/0x410 [ 151.177966][ T7512] sysfs_create_groups+0x59/0x120 [ 151.177981][ T7512] device_add_attrs+0xdd/0x5b0 [ 151.177994][ T7512] ? __pfx_device_add_attrs+0x10/0x10 [ 151.178004][ T7512] ? kobject_put+0x516/0x560 [ 151.178020][ T7512] ? device_add_class_symlinks+0x21f/0x240 [ 151.178032][ T7512] device_add+0x496/0xb70 [ 151.178045][ T7512] wiphy_register+0x1d73/0x2d50 [ 151.178064][ T7512] ? __pfx_wiphy_register+0x10/0x10 [ 151.178075][ T7512] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 151.178100][ T7512] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 151.178116][ T7512] ieee80211_register_hw+0x3562/0x4200 [ 151.178140][ T7512] ? ieee80211_register_hw+0x1461/0x4200 [ 151.178158][ T7512] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 151.178180][ T7512] ? __hrtimer_setup+0x181/0x200 [ 151.178193][ T7512] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 151.178210][ T7512] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 151.178239][ T7512] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 151.178251][ T7512] ? ___ratelimit+0x58c/0x8d0 [ 151.178267][ T7512] hwsim_new_radio_nl+0xf35/0x1bd0 [ 151.178292][ T7512] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 151.178310][ T7512] ? rcu_is_watching+0x15/0xb0 [ 151.178324][ T7512] ? trace_kmalloc+0x2a/0x110 [ 151.178337][ T7512] ? __nla_parse+0x40/0x60 [ 151.178351][ T7512] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 151.178370][ T7512] genl_family_rcv_msg_doit+0x22a/0x330 [ 151.178388][ T7512] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.178408][ T7512] ? bpf_lsm_capable+0x9/0x20 [ 151.178420][ T7512] ? security_capable+0x7e/0x2c0 [ 151.178435][ T7512] genl_rcv_msg+0x61c/0x7a0 [ 151.178451][ T7512] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.178463][ T7512] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 151.178477][ T7512] ? __lock_acquire+0x6b5/0x2cf0 [ 151.178512][ T7512] netlink_rcv_skb+0x232/0x4b0 [ 151.178524][ T7512] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.178537][ T7512] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.178557][ T7512] ? down_read+0x272/0x2e0 [ 151.178569][ T7512] ? genl_rcv+0xd/0x40 [ 151.178582][ T7512] genl_rcv+0x28/0x40 [ 151.178593][ T7512] netlink_unicast+0x80f/0x9b0 [ 151.178607][ T7512] ? __pfx_netlink_unicast+0x10/0x10 [ 151.178618][ T7512] ? netlink_sendmsg+0x650/0xb40 [ 151.178633][ T7512] ? skb_put+0x11b/0x210 [ 151.178648][ T7512] netlink_sendmsg+0x813/0xb40 [ 151.178664][ T7512] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.178676][ T7512] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 151.178692][ T7512] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.178702][ T7512] sock_sendmsg_nosec+0x18f/0x1d0 [ 151.178714][ T7512] ____sys_sendmsg+0x589/0x8c0 [ 151.178731][ T7512] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.178749][ T7512] ? import_iovec+0x73/0xa0 [ 151.178767][ T7512] ___sys_sendmsg+0x2a5/0x360 [ 151.178794][ T7512] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.178845][ T7512] ? __fget_files+0x2a/0x420 [ 151.178859][ T7512] ? __fget_files+0x3a0/0x420 [ 151.178878][ T7512] __x64_sys_sendmsg+0x1bd/0x2a0 [ 151.178892][ T7512] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 151.178910][ T7512] ? __pfx_ksys_write+0x10/0x10 [ 151.178927][ T7512] do_syscall_64+0x14d/0xf80 [ 151.178938][ T7512] ? trace_irq_disable+0x3b/0x150 [ 151.178951][ T7512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.178961][ T7512] ? clear_bhb_loop+0x40/0x90 [ 151.178973][ T7512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.178983][ T7512] RIP: 0033:0x7feb92b9c799 [ 151.178993][ T7512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 151.179001][ T7512] RSP: 002b:00007feb93a6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.179013][ T7512] RAX: ffffffffffffffda RBX: 00007feb92e15fa0 RCX: 00007feb92b9c799 [ 151.179020][ T7512] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 151.179026][ T7512] RBP: 00007feb93a6d090 R08: 0000000000000000 R09: 0000000000000000 [ 151.179032][ T7512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 151.179038][ T7512] R13: 00007feb92e16038 R14: 00007feb92e15fa0 R15: 00007fffc079e5e8 [ 151.179054][ T7512] [ 151.706680][ T5878] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 151.833088][ T24] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 151.884273][ T5878] usb 4-1: device descriptor read/64, error -71 [ 151.909570][ T7524] netlink: 44 bytes leftover after parsing attributes in process `syz.0.584'. [ 151.983951][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.994170][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 152.004528][ T24] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 152.015186][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 152.025512][ T24] usb 2-1: SerialNumber: syz [ 152.062486][ T5815] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 152.122521][ T5878] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 152.235478][ T5815] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 152.248216][ T24] usb 2-1: 0:2 : does not exist [ 152.253221][ T24] usb 2-1: unit 255 not found! [ 152.258134][ T5815] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 152.264424][ T5878] usb 4-1: device descriptor read/64, error -71 [ 152.272957][ T24] usb 2-1: 5:0: cannot get min/max values for control 16 (id 5) [ 152.281939][ T5815] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 152.291046][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.299545][ T5815] usb 3-1: Product: syz [ 152.304001][ T5815] usb 3-1: Manufacturer: syz [ 152.308872][ T5815] usb 3-1: SerialNumber: syz [ 152.317794][ T24] usb 2-1: 5:0: cannot get min/max values for control 17 (id 5) [ 152.327752][ T5815] usb 3-1: config 0 descriptor?? [ 152.333882][ T7520] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 152.341422][ T7520] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 152.365693][ T24] usb 2-1: USB disconnect, device number 40 [ 152.382807][ T5878] usb usb4-port1: attempt power cycle [ 152.396043][ T5818] udevd[5818]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 152.572256][ T7520] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 152.585055][ T7520] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 152.752453][ T5878] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 152.783982][ T5878] usb 4-1: device descriptor read/8, error -71 [ 152.796327][ T5815] Error reading MAC address [ 152.987709][ T7544] netlink: 44 bytes leftover after parsing attributes in process `syz.1.592'. [ 153.043138][ T5878] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 153.073722][ T5878] usb 4-1: device descriptor read/8, error -71 [ 153.193203][ T5878] usb usb4-port1: unable to enumerate USB device [ 153.628913][ T7550] netlink: 'syz.1.595': attribute type 12 has an invalid length. [ 153.708545][ T7552] netlink: 'syz.1.596': attribute type 12 has an invalid length. [ 153.733630][ T7552] FAULT_INJECTION: forcing a failure. [ 153.733630][ T7552] name failslab, interval 1, probability 0, space 0, times 0 [ 153.746465][ T7552] CPU: 0 UID: 0 PID: 7552 Comm: syz.1.596 Tainted: G L syzkaller #0 PREEMPT(full) [ 153.746491][ T7552] Tainted: [L]=SOFTLOCKUP [ 153.746497][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 153.746507][ T7552] Call Trace: [ 153.746513][ T7552] [ 153.746521][ T7552] dump_stack_lvl+0xe8/0x150 [ 153.746546][ T7552] should_fail_ex+0x412/0x560 [ 153.746570][ T7552] should_failslab+0xa8/0x100 [ 153.746590][ T7552] ? __kernfs_new_node+0xea/0x970 [ 153.746615][ T7552] kmem_cache_alloc_noprof+0x87/0x650 [ 153.746631][ T7552] ? kasan_save_track+0x3e/0x80 [ 153.746646][ T7552] ? __kasan_slab_alloc+0x6c/0x80 [ 153.746661][ T7552] ? __kernfs_new_node+0xea/0x970 [ 153.746685][ T7552] ? kernfs_create_link+0xa7/0x200 [ 153.746710][ T7552] __kernfs_new_node+0xea/0x970 [ 153.746735][ T7552] ? __lock_acquire+0x6b5/0x2cf0 [ 153.746762][ T7552] ? __pfx___kernfs_new_node+0x10/0x10 [ 153.746789][ T7552] ? kernfs_root+0x1c/0x230 [ 153.746818][ T7552] ? kernfs_root+0x1c/0x230 [ 153.746841][ T7552] ? kernfs_root+0x1c/0x230 [ 153.746861][ T7552] ? kernfs_root+0x1c/0x230 [ 153.746890][ T7552] kernfs_new_node+0x102/0x210 [ 153.746928][ T7552] __kernfs_create_file+0x4b/0x2e0 [ 153.746952][ T7552] sysfs_add_file_mode_ns+0x238/0x300 [ 153.746983][ T7552] internal_create_group+0x673/0x1180 [ 153.747023][ T7552] ? __pfx_internal_create_group+0x10/0x10 [ 153.747046][ T7552] ? kernfs_add_one+0x477/0x5c0 [ 153.747071][ T7552] ? up_write+0x1ab/0x410 [ 153.747091][ T7552] sysfs_create_groups+0x59/0x120 [ 153.747118][ T7552] device_add_attrs+0xdd/0x5b0 [ 153.747140][ T7552] ? __pfx_device_add_attrs+0x10/0x10 [ 153.747157][ T7552] ? kobject_put+0x516/0x560 [ 153.747184][ T7552] ? device_add_class_symlinks+0x21f/0x240 [ 153.747207][ T7552] device_add+0x496/0xb70 [ 153.747230][ T7552] wiphy_register+0x1d73/0x2d50 [ 153.747265][ T7552] ? __pfx_wiphy_register+0x10/0x10 [ 153.747285][ T7552] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 153.747319][ T7552] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 153.747345][ T7552] ieee80211_register_hw+0x3562/0x4200 [ 153.747381][ T7552] ? ieee80211_register_hw+0x1461/0x4200 [ 153.747411][ T7552] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 153.747449][ T7552] ? __hrtimer_setup+0x181/0x200 [ 153.747470][ T7552] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 153.747499][ T7552] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 153.747553][ T7552] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 153.747574][ T7552] ? ___ratelimit+0x58c/0x8d0 [ 153.747603][ T7552] hwsim_new_radio_nl+0xf35/0x1bd0 [ 153.747649][ T7552] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 153.747682][ T7552] ? rcu_is_watching+0x15/0xb0 [ 153.747706][ T7552] ? trace_kmalloc+0x2a/0x110 [ 153.747730][ T7552] ? __nla_parse+0x40/0x60 [ 153.747757][ T7552] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 153.747789][ T7552] genl_family_rcv_msg_doit+0x22a/0x330 [ 153.747821][ T7552] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 153.747858][ T7552] ? bpf_lsm_capable+0x9/0x20 [ 153.747878][ T7552] ? security_capable+0x7e/0x2c0 [ 153.747904][ T7552] genl_rcv_msg+0x61c/0x7a0 [ 153.747941][ T7552] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.747963][ T7552] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 153.747986][ T7552] ? __lock_acquire+0x6b5/0x2cf0 [ 153.748015][ T7552] netlink_rcv_skb+0x232/0x4b0 [ 153.748033][ T7552] ? __pfx_genl_rcv_msg+0x10/0x10 [ 153.748056][ T7552] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 153.748092][ T7552] ? down_read+0x272/0x2e0 [ 153.748109][ T7552] ? genl_rcv+0xd/0x40 [ 153.748128][ T7552] genl_rcv+0x28/0x40 [ 153.748148][ T7552] netlink_unicast+0x80f/0x9b0 [ 153.748174][ T7552] ? __pfx_netlink_unicast+0x10/0x10 [ 153.748193][ T7552] ? netlink_sendmsg+0x650/0xb40 [ 153.748211][ T7552] ? skb_put+0x11b/0x210 [ 153.748236][ T7552] netlink_sendmsg+0x813/0xb40 [ 153.748264][ T7552] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.748286][ T7552] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 153.748316][ T7552] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.748335][ T7552] sock_sendmsg_nosec+0x18f/0x1d0 [ 153.748355][ T7552] ____sys_sendmsg+0x589/0x8c0 [ 153.748387][ T7552] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.748419][ T7552] ? import_iovec+0x73/0xa0 [ 153.748444][ T7552] ___sys_sendmsg+0x2a5/0x360 [ 153.748472][ T7552] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.748530][ T7552] ? __fget_files+0x2a/0x420 [ 153.748553][ T7552] ? __fget_files+0x3a0/0x420 [ 153.748586][ T7552] __x64_sys_sendmsg+0x1bd/0x2a0 [ 153.748612][ T7552] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.748645][ T7552] ? __pfx_ksys_write+0x10/0x10 [ 153.748676][ T7552] do_syscall_64+0x14d/0xf80 [ 153.748696][ T7552] ? trace_irq_disable+0x3b/0x150 [ 153.748719][ T7552] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.748736][ T7552] ? clear_bhb_loop+0x40/0x90 [ 153.748756][ T7552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.748773][ T7552] RIP: 0033:0x7f6395b9c799 [ 153.748789][ T7552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 153.748803][ T7552] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.748822][ T7552] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 153.748834][ T7552] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 153.748846][ T7552] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 153.748856][ T7552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 153.748866][ T7552] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 153.748896][ T7552] [ 154.402741][ T7555] random: crng reseeded on system resumption [ 154.420286][ T7555] Unrecognized hibernate image header format! [ 154.438437][ T7555] PM: hibernation: Image mismatch: architecture specific data [ 154.556453][ T7563] binder: BINDER_SET_CONTEXT_MGR already set [ 154.566055][ T7563] binder: 7562:7563 ioctl 4018620d 200000004a80 returned -16 [ 154.610653][ T7565] FAULT_INJECTION: forcing a failure. [ 154.610653][ T7565] name failslab, interval 1, probability 0, space 0, times 0 [ 154.624293][ T7565] CPU: 1 UID: 0 PID: 7565 Comm: syz.1.602 Tainted: G L syzkaller #0 PREEMPT(full) [ 154.624324][ T7565] Tainted: [L]=SOFTLOCKUP [ 154.624330][ T7565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 154.624341][ T7565] Call Trace: [ 154.624347][ T7565] [ 154.624355][ T7565] dump_stack_lvl+0xe8/0x150 [ 154.624383][ T7565] should_fail_ex+0x412/0x560 [ 154.624408][ T7565] should_failslab+0xa8/0x100 [ 154.624428][ T7565] ? skb_clone+0x212/0x3a0 [ 154.624452][ T7565] kmem_cache_alloc_noprof+0x87/0x650 [ 154.624477][ T7565] skb_clone+0x212/0x3a0 [ 154.624503][ T7565] __netlink_deliver_tap+0x424/0x8b0 [ 154.624534][ T7565] ? netlink_deliver_tap+0x2e/0x1b0 [ 154.624556][ T7565] netlink_deliver_tap+0x19c/0x1b0 [ 154.624576][ T7565] netlink_unicast+0x7e3/0x9b0 [ 154.624600][ T7565] ? __pfx_netlink_unicast+0x10/0x10 [ 154.624618][ T7565] ? netlink_sendmsg+0x650/0xb40 [ 154.624635][ T7565] ? skb_put+0x11b/0x210 [ 154.624657][ T7565] netlink_sendmsg+0x813/0xb40 [ 154.624683][ T7565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.624704][ T7565] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 154.624734][ T7565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 154.624752][ T7565] sock_sendmsg_nosec+0x18f/0x1d0 [ 154.624773][ T7565] ____sys_sendmsg+0x589/0x8c0 [ 154.624804][ T7565] ? __pfx_____sys_sendmsg+0x10/0x10 [ 154.624834][ T7565] ? import_iovec+0x73/0xa0 [ 154.624859][ T7565] ___sys_sendmsg+0x2a5/0x360 [ 154.624886][ T7565] ? __pfx____sys_sendmsg+0x10/0x10 [ 154.624941][ T7565] ? __fget_files+0x2a/0x420 [ 154.624964][ T7565] ? __fget_files+0x3a0/0x420 [ 154.624997][ T7565] __x64_sys_sendmsg+0x1bd/0x2a0 [ 154.625022][ T7565] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 154.625053][ T7565] ? __pfx_ksys_write+0x10/0x10 [ 154.625082][ T7565] do_syscall_64+0x14d/0xf80 [ 154.625102][ T7565] ? trace_irq_disable+0x3b/0x150 [ 154.625123][ T7565] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.625140][ T7565] ? clear_bhb_loop+0x40/0x90 [ 154.625158][ T7565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.625175][ T7565] RIP: 0033:0x7f6395b9c799 [ 154.625191][ T7565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 154.625205][ T7565] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.625220][ T7565] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 154.625227][ T7565] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 154.625233][ T7565] RBP: 00007f6396a26090 R08: 0000000000000000 R09: 0000000000000000 [ 154.625239][ T7565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.625245][ T7565] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 154.625266][ T7565] [ 154.625304][ T7565] netlink: 44 bytes leftover after parsing attributes in process `syz.1.602'. [ 154.869486][ T5184] usb 3-1: USB disconnect, device number 36 [ 154.981616][ T7568] binder: 7567:7568 ioctl c0306201 0 returned -14 [ 155.232477][ T5878] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 155.404316][ T5878] usb 2-1: unable to get BOS descriptor or descriptor too short [ 155.412819][ T5878] usb 2-1: not running at top speed; connect to a high speed hub [ 155.421535][ T5878] usb 2-1: config 4 has an invalid interface number: 147 but max is 0 [ 155.430008][ T5878] usb 2-1: config 4 has an invalid descriptor of length 203, skipping remainder of the config [ 155.440488][ T5878] usb 2-1: config 4 has no interface number 0 [ 155.448535][ T5878] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 155.457666][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.465702][ T5878] usb 2-1: Product: 赫끣⾽寯绂凋븩渖ௗ艊쁺㈦䕙評䗃況웜ꑮ뱛赢汨䍊ఇ೔ڌ먯ꄡ腬瑃豷丏븹︋脋㣢理 [ 155.480258][ T5878] usb 2-1: SerialNumber: 랡 [ 155.525605][ T7572] netlink: 44 bytes leftover after parsing attributes in process `syz.2.605'. [ 155.536174][ T7572] L+߬: renamed from bridge_slave_0 (while UP) [ 155.705394][ T7570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.730460][ T7570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.741214][ T7583] qrtr: Invalid version 43 [ 155.779861][ T5878] uvcvideo 2-1:4.147: Found UVC 0.00 device 赫끣⾽寯绂凋븩渖ௗ艊쁺㈦䕙評䗃況웜ꑮ뱛赢汨䍊ఇ೔ڌ먯ꄡ腬瑃豷丏븹︋脋㣢理 (04f2:b746) [ 155.801394][ T5878] uvcvideo 2-1:4.147: No valid video chain found. [ 155.809162][ T7583] netlink: 48 bytes leftover after parsing attributes in process `syz.0.607'. [ 155.818185][ T7583] netlink: 48 bytes leftover after parsing attributes in process `syz.0.607'. [ 155.832240][ T5878] usb 2-1: USB disconnect, device number 41 [ 155.943292][ T5934] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 156.073826][ T7591] netlink: 44 bytes leftover after parsing attributes in process `syz.0.611'. [ 156.086116][ T5934] usb 3-1: device descriptor read/64, error -71 [ 156.131401][ T7593] netlink: 44 bytes leftover after parsing attributes in process `syz.0.612'. [ 156.189825][ T7595] binder: 7594:7595 ioctl c0306201 0 returned -14 [ 156.332480][ T5934] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 156.462478][ T5934] usb 3-1: device descriptor read/64, error -71 [ 156.572771][ T5934] usb usb3-port1: attempt power cycle [ 156.734273][ T7605] netlink: 'syz.0.616': attribute type 12 has an invalid length. [ 156.912784][ T5934] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 156.943337][ T5934] usb 3-1: device descriptor read/8, error -71 [ 156.974724][ T7613] netlink: 'syz.0.620': attribute type 12 has an invalid length. [ 157.003612][ T7613] FAULT_INJECTION: forcing a failure. [ 157.003612][ T7613] name failslab, interval 1, probability 0, space 0, times 0 [ 157.016459][ T7613] CPU: 1 UID: 0 PID: 7613 Comm: syz.0.620 Tainted: G L syzkaller #0 PREEMPT(full) [ 157.016484][ T7613] Tainted: [L]=SOFTLOCKUP [ 157.016489][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.016499][ T7613] Call Trace: [ 157.016505][ T7613] [ 157.016511][ T7613] dump_stack_lvl+0xe8/0x150 [ 157.016540][ T7613] should_fail_ex+0x412/0x560 [ 157.016562][ T7613] should_failslab+0xa8/0x100 [ 157.016581][ T7613] ? __kernfs_new_node+0xea/0x970 [ 157.016606][ T7613] kmem_cache_alloc_noprof+0x87/0x650 [ 157.016629][ T7613] __kernfs_new_node+0xea/0x970 [ 157.016657][ T7613] ? __pfx___kernfs_new_node+0x10/0x10 [ 157.016690][ T7613] ? kernfs_root+0x1c/0x230 [ 157.016720][ T7613] ? kernfs_root+0x1c/0x230 [ 157.016741][ T7613] ? kernfs_root+0x1c/0x230 [ 157.016762][ T7613] ? kernfs_root+0x1c/0x230 [ 157.016792][ T7613] kernfs_new_node+0x102/0x210 [ 157.016823][ T7613] __kernfs_create_file+0x4b/0x2e0 [ 157.016847][ T7613] sysfs_add_file_mode_ns+0x238/0x300 [ 157.016878][ T7613] internal_create_group+0x673/0x1180 [ 157.016918][ T7613] ? __pfx_internal_create_group+0x10/0x10 [ 157.016941][ T7613] ? kernfs_add_one+0x477/0x5c0 [ 157.016970][ T7613] ? up_write+0x1ab/0x410 [ 157.016991][ T7613] sysfs_create_groups+0x59/0x120 [ 157.017019][ T7613] device_add_attrs+0xdd/0x5b0 [ 157.017042][ T7613] ? __pfx_device_add_attrs+0x10/0x10 [ 157.017059][ T7613] ? kobject_put+0x516/0x560 [ 157.017088][ T7613] ? device_add_class_symlinks+0x21f/0x240 [ 157.017111][ T7613] device_add+0x496/0xb70 [ 157.017135][ T7613] wiphy_register+0x1d73/0x2d50 [ 157.017170][ T7613] ? __pfx_wiphy_register+0x10/0x10 [ 157.017190][ T7613] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 157.017221][ T7613] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 157.017248][ T7613] ieee80211_register_hw+0x3562/0x4200 [ 157.017285][ T7613] ? ieee80211_register_hw+0x1461/0x4200 [ 157.017319][ T7613] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 157.017359][ T7613] ? __hrtimer_setup+0x181/0x200 [ 157.017381][ T7613] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 157.017411][ T7613] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 157.017465][ T7613] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 157.017487][ T7613] ? ___ratelimit+0x58c/0x8d0 [ 157.017516][ T7613] hwsim_new_radio_nl+0xf35/0x1bd0 [ 157.017562][ T7613] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.017593][ T7613] ? rcu_is_watching+0x15/0xb0 [ 157.017615][ T7613] ? trace_kmalloc+0x2a/0x110 [ 157.017638][ T7613] ? __nla_parse+0x40/0x60 [ 157.017663][ T7613] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 157.017702][ T7613] genl_family_rcv_msg_doit+0x22a/0x330 [ 157.017733][ T7613] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 157.017769][ T7613] ? bpf_lsm_capable+0x9/0x20 [ 157.017790][ T7613] ? security_capable+0x7e/0x2c0 [ 157.017816][ T7613] genl_rcv_msg+0x61c/0x7a0 [ 157.017845][ T7613] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.017868][ T7613] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.017893][ T7613] ? __lock_acquire+0x6b5/0x2cf0 [ 157.017927][ T7613] netlink_rcv_skb+0x232/0x4b0 [ 157.017949][ T7613] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.017973][ T7613] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.018010][ T7613] ? down_read+0x272/0x2e0 [ 157.018031][ T7613] ? genl_rcv+0xd/0x40 [ 157.018054][ T7613] genl_rcv+0x28/0x40 [ 157.018075][ T7613] netlink_unicast+0x80f/0x9b0 [ 157.018121][ T7613] ? __pfx_netlink_unicast+0x10/0x10 [ 157.018141][ T7613] ? netlink_sendmsg+0x650/0xb40 [ 157.018158][ T7613] ? skb_put+0x11b/0x210 [ 157.018181][ T7613] netlink_sendmsg+0x813/0xb40 [ 157.018210][ T7613] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.018232][ T7613] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 157.018262][ T7613] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.018281][ T7613] sock_sendmsg_nosec+0x18f/0x1d0 [ 157.018302][ T7613] ____sys_sendmsg+0x589/0x8c0 [ 157.018334][ T7613] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.018366][ T7613] ? import_iovec+0x73/0xa0 [ 157.018392][ T7613] ___sys_sendmsg+0x2a5/0x360 [ 157.018420][ T7613] ? __pfx____sys_sendmsg+0x10/0x10 [ 157.018479][ T7613] ? __fget_files+0x2a/0x420 [ 157.018502][ T7613] ? __fget_files+0x3a0/0x420 [ 157.018534][ T7613] __x64_sys_sendmsg+0x1bd/0x2a0 [ 157.018560][ T7613] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 157.018591][ T7613] ? __pfx_ksys_write+0x10/0x10 [ 157.018621][ T7613] do_syscall_64+0x14d/0xf80 [ 157.018641][ T7613] ? trace_irq_disable+0x3b/0x150 [ 157.018663][ T7613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.018687][ T7613] ? clear_bhb_loop+0x40/0x90 [ 157.018708][ T7613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.018725][ T7613] RIP: 0033:0x7feb92b9c799 [ 157.018743][ T7613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.018756][ T7613] RSP: 002b:00007feb93a6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.018774][ T7613] RAX: ffffffffffffffda RBX: 00007feb92e15fa0 RCX: 00007feb92b9c799 [ 157.018786][ T7613] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 157.018797][ T7613] RBP: 00007feb93a6d090 R08: 0000000000000000 R09: 0000000000000000 [ 157.018807][ T7613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.018817][ T7613] R13: 00007feb92e16038 R14: 00007feb92e15fa0 R15: 00007fffc079e5e8 [ 157.018846][ T7613] [ 157.609991][ T7616] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 157.611495][ T7617] netlink: 44 bytes leftover after parsing attributes in process `syz.3.622'. [ 157.702550][ T5934] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 157.723509][ T5934] usb 3-1: device descriptor read/8, error -71 [ 157.728190][ T7619] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 157.736287][ T7619] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 157.746662][ T7617] FAULT_INJECTION: forcing a failure. [ 157.746662][ T7617] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.760468][ T7617] CPU: 0 UID: 0 PID: 7617 Comm: syz.3.622 Tainted: G L syzkaller #0 PREEMPT(full) [ 157.760495][ T7617] Tainted: [L]=SOFTLOCKUP [ 157.760501][ T7617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.760511][ T7617] Call Trace: [ 157.760518][ T7617] [ 157.760525][ T7617] dump_stack_lvl+0xe8/0x150 [ 157.760564][ T7617] should_fail_ex+0x412/0x560 [ 157.760589][ T7617] _copy_to_user+0x31/0xb0 [ 157.760613][ T7617] simple_read_from_buffer+0xe1/0x170 [ 157.760642][ T7617] proc_fail_nth_read+0x1bb/0x230 [ 157.760670][ T7617] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.760696][ T7617] ? rw_verify_area+0x2a6/0x4d0 [ 157.760714][ T7617] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 157.760739][ T7617] vfs_read+0x20c/0xa70 [ 157.760755][ T7617] ? fdget_pos+0x246/0x320 [ 157.760782][ T7617] ? __pfx___mutex_lock+0x10/0x10 [ 157.760805][ T7617] ? __pfx_vfs_read+0x10/0x10 [ 157.760824][ T7617] ? __fget_files+0x2a/0x420 [ 157.760851][ T7617] ? __fget_files+0x3a0/0x420 [ 157.760873][ T7617] ? __fget_files+0x2a/0x420 [ 157.760904][ T7617] ksys_read+0x150/0x270 [ 157.760925][ T7617] ? __pfx_ksys_read+0x10/0x10 [ 157.760954][ T7617] do_syscall_64+0x14d/0xf80 [ 157.760974][ T7617] ? trace_irq_disable+0x3b/0x150 [ 157.760997][ T7617] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.761014][ T7617] ? clear_bhb_loop+0x40/0x90 [ 157.761036][ T7617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.761053][ T7617] RIP: 0033:0x7f7097b5cfce [ 157.761069][ T7617] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 157.761083][ T7617] RSP: 002b:00007f7098ac4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 157.761101][ T7617] RAX: ffffffffffffffda RBX: 00007f7098ac56c0 RCX: 00007f7097b5cfce [ 157.761114][ T7617] RDX: 000000000000000f RSI: 00007f7098ac50a0 RDI: 0000000000000004 [ 157.761124][ T7617] RBP: 00007f7098ac5090 R08: 0000000000000000 R09: 0000000000000000 [ 157.761135][ T7617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.761145][ T7617] R13: 00007f7097e16038 R14: 00007f7097e15fa0 R15: 00007ffdce421b68 [ 157.761174][ T7617] [ 157.975924][ T5934] usb usb3-port1: unable to enumerate USB device [ 157.992626][ T7619] vhci_hcd vhci_hcd.0: Device attached [ 158.058076][ T7627] netlink: 44 bytes leftover after parsing attributes in process `syz.3.623'. [ 158.128212][ T7631] binder: 7630:7631 ioctl c0306201 0 returned -14 [ 158.141750][ T7621] vhci_hcd: connection closed [ 158.143322][ T84] vhci_hcd vhci_hcd.0: stop threads [ 158.153542][ T84] vhci_hcd vhci_hcd.0: release socket [ 158.159962][ T84] vhci_hcd vhci_hcd.0: disconnect device [ 158.192580][ T29] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 158.937542][ T7652] netlink: 'syz.0.632': attribute type 12 has an invalid length. [ 158.983500][ T5934] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 159.013808][ T7654] netlink: 'syz.3.633': attribute type 12 has an invalid length. [ 159.043785][ T7654] FAULT_INJECTION: forcing a failure. [ 159.043785][ T7654] name failslab, interval 1, probability 0, space 0, times 0 [ 159.062193][ T7656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.634'. [ 159.065583][ T7654] CPU: 1 UID: 0 PID: 7654 Comm: syz.3.633 Tainted: G L syzkaller #0 PREEMPT(full) [ 159.065611][ T7654] Tainted: [L]=SOFTLOCKUP [ 159.065616][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.065627][ T7654] Call Trace: [ 159.065633][ T7654] [ 159.065640][ T7654] dump_stack_lvl+0xe8/0x150 [ 159.065667][ T7654] should_fail_ex+0x412/0x560 [ 159.065693][ T7654] should_failslab+0xa8/0x100 [ 159.065713][ T7654] ? __kernfs_new_node+0xea/0x970 [ 159.065737][ T7654] kmem_cache_alloc_noprof+0x87/0x650 [ 159.065763][ T7654] __kernfs_new_node+0xea/0x970 [ 159.065793][ T7654] ? __pfx___kernfs_new_node+0x10/0x10 [ 159.065818][ T7654] ? kernfs_root+0x1c/0x230 [ 159.065846][ T7654] ? kernfs_root+0x1c/0x230 [ 159.065868][ T7654] ? kernfs_root+0x1c/0x230 [ 159.065888][ T7654] ? kernfs_root+0x1c/0x230 [ 159.065915][ T7654] kernfs_new_node+0x102/0x210 [ 159.065943][ T7654] __kernfs_create_file+0x4b/0x2e0 [ 159.065966][ T7654] sysfs_add_file_mode_ns+0x238/0x300 [ 159.065995][ T7654] internal_create_group+0x673/0x1180 [ 159.066042][ T7654] ? __pfx_internal_create_group+0x10/0x10 [ 159.066063][ T7654] ? kernfs_add_one+0x477/0x5c0 [ 159.066091][ T7654] ? up_write+0x1ab/0x410 [ 159.066111][ T7654] sysfs_create_groups+0x59/0x120 [ 159.066136][ T7654] device_add_attrs+0xdd/0x5b0 [ 159.066159][ T7654] ? __pfx_device_add_attrs+0x10/0x10 [ 159.066176][ T7654] ? kobject_put+0x516/0x560 [ 159.066205][ T7654] ? device_add_class_symlinks+0x21f/0x240 [ 159.066227][ T7654] device_add+0x496/0xb70 [ 159.066250][ T7654] wiphy_register+0x1d73/0x2d50 [ 159.066284][ T7654] ? __pfx_wiphy_register+0x10/0x10 [ 159.066303][ T7654] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 159.066334][ T7654] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 159.066361][ T7654] ieee80211_register_hw+0x3562/0x4200 [ 159.066397][ T7654] ? ieee80211_register_hw+0x1461/0x4200 [ 159.066429][ T7654] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 159.066466][ T7654] ? __hrtimer_setup+0x181/0x200 [ 159.066489][ T7654] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 159.066517][ T7654] mac80211_hwsim_new_radio+0x2f97/0x5330 [ 159.066568][ T7654] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 159.066590][ T7654] ? ___ratelimit+0x58c/0x8d0 [ 159.066618][ T7654] hwsim_new_radio_nl+0xf35/0x1bd0 [ 159.066663][ T7654] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 159.066695][ T7654] ? rcu_is_watching+0x15/0xb0 [ 159.066718][ T7654] ? trace_kmalloc+0x2a/0x110 [ 159.066741][ T7654] ? __nla_parse+0x40/0x60 [ 159.066766][ T7654] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 159.066798][ T7654] genl_family_rcv_msg_doit+0x22a/0x330 [ 159.066828][ T7654] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 159.066863][ T7654] ? bpf_lsm_capable+0x9/0x20 [ 159.066883][ T7654] ? security_capable+0x7e/0x2c0 [ 159.066907][ T7654] genl_rcv_msg+0x61c/0x7a0 [ 159.066935][ T7654] ? __pfx_genl_rcv_msg+0x10/0x10 [ 159.066957][ T7654] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 159.066980][ T7654] ? __lock_acquire+0x6b5/0x2cf0 [ 159.067012][ T7654] netlink_rcv_skb+0x232/0x4b0 [ 159.067036][ T7654] ? __pfx_genl_rcv_msg+0x10/0x10 [ 159.067060][ T7654] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 159.067096][ T7654] ? down_read+0x272/0x2e0 [ 159.067116][ T7654] ? genl_rcv+0xd/0x40 [ 159.067139][ T7654] genl_rcv+0x28/0x40 [ 159.067159][ T7654] netlink_unicast+0x80f/0x9b0 [ 159.067185][ T7654] ? __pfx_netlink_unicast+0x10/0x10 [ 159.067204][ T7654] ? netlink_sendmsg+0x650/0xb40 [ 159.067221][ T7654] ? skb_put+0x11b/0x210 [ 159.067246][ T7654] netlink_sendmsg+0x813/0xb40 [ 159.067274][ T7654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.067295][ T7654] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 159.067325][ T7654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.067342][ T7654] sock_sendmsg_nosec+0x18f/0x1d0 [ 159.067363][ T7654] ____sys_sendmsg+0x589/0x8c0 [ 159.067394][ T7654] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.067425][ T7654] ? import_iovec+0x73/0xa0 [ 159.067449][ T7654] ___sys_sendmsg+0x2a5/0x360 [ 159.067477][ T7654] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.067533][ T7654] ? __fget_files+0x2a/0x420 [ 159.067554][ T7654] ? __fget_files+0x3a0/0x420 [ 159.067587][ T7654] __x64_sys_sendmsg+0x1bd/0x2a0 [ 159.067612][ T7654] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 159.067643][ T7654] ? __pfx_ksys_write+0x10/0x10 [ 159.067673][ T7654] do_syscall_64+0x14d/0xf80 [ 159.067692][ T7654] ? trace_irq_disable+0x3b/0x150 [ 159.067715][ T7654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.067731][ T7654] ? clear_bhb_loop+0x40/0x90 [ 159.067752][ T7654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.067768][ T7654] RIP: 0033:0x7f7097b9c799 [ 159.067785][ T7654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.067798][ T7654] RSP: 002b:00007f7098ac5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.067817][ T7654] RAX: ffffffffffffffda RBX: 00007f7097e15fa0 RCX: 00007f7097b9c799 [ 159.067829][ T7654] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 159.067840][ T7654] RBP: 00007f7098ac5090 R08: 0000000000000000 R09: 0000000000000000 [ 159.067849][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 159.067859][ T7654] R13: 00007f7097e16038 R14: 00007f7097e15fa0 R15: 00007ffdce421b68 [ 159.067889][ T7654] [ 159.152506][ T5934] usb 3-1: Using ep0 maxpacket: 8 [ 159.212708][ T7656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.634'. [ 159.220795][ T5934] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 159.227718][ T7658] comedi comedi3: das16m1: I/O port conflict (0x5,16) [ 159.233638][ T5934] usb 3-1: config 179 has no interface number 0 [ 159.243069][ T7658] binder: BINDER_SET_CONTEXT_MGR already set [ 159.243100][ T7658] binder: 7657:7658 ioctl 4018620d 200000004a80 returned -16 [ 159.299289][ T7659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.635'. [ 159.304097][ T5934] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 159.668675][ T5934] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 159.668704][ T5934] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 159.668723][ T5934] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 159.668741][ T5934] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 159.668775][ T5934] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 159.668791][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.672259][ T7635] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 160.059540][ T7679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.087054][ T5878] usb 3-1: USB disconnect, device number 41 [ 160.087169][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 160.093686][ T7679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.101633][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 160.118306][ C1] ================================================================== [ 160.126386][ C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x28b/0x2f0 [ 160.134206][ C1] Read of size 4 at addr ffff88803195085c by task syz.1.641/7671 [ 160.141929][ C1] [ 160.144271][ C1] CPU: 1 UID: 0 PID: 7671 Comm: syz.1.641 Tainted: G L syzkaller #0 PREEMPT(full) [ 160.144301][ C1] Tainted: [L]=SOFTLOCKUP [ 160.144309][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 160.144321][ C1] Call Trace: [ 160.144329][ C1] [ 160.144336][ C1] dump_stack_lvl+0xe8/0x150 [ 160.144368][ C1] print_report+0xba/0x230 [ 160.144393][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 160.144412][ C1] kasan_report+0x117/0x150 [ 160.144435][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 160.144455][ C1] do_raw_spin_lock+0x28b/0x2f0 [ 160.144471][ C1] ? lock_acquire+0xf0/0x2e0 [ 160.144501][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 160.144522][ C1] _raw_spin_lock_irqsave+0x4c/0x60 [ 160.144543][ C1] __wake_up_common_lock+0x2f/0x1f0 [ 160.144566][ C1] __usb_hcd_giveback_urb+0x3b0/0x540 [ 160.144587][ C1] dummy_timer+0xbbd/0x45d0 [ 160.144608][ C1] ? __resched_curr+0x1ff/0x3f0 [ 160.144635][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 160.144666][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 160.144686][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 160.144704][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 160.144724][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 160.144741][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 160.144757][ C1] __hrtimer_run_queues+0x53a/0xcc0 [ 160.144791][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 160.144816][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 160.144841][ C1] hrtimer_run_softirq+0x182/0x5a0 [ 160.144871][ C1] handle_softirqs+0x22a/0x870 [ 160.144909][ C1] ? __irq_exit_rcu+0x5f/0x150 [ 160.144936][ C1] __irq_exit_rcu+0x5f/0x150 [ 160.144959][ C1] irq_exit_rcu+0x9/0x30 [ 160.144980][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 160.145002][ C1] [ 160.145008][ C1] [ 160.145015][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 160.145035][ C1] RIP: 0010:__kasan_check_byte+0xd/0x40 [ 160.145057][ C1] Code: 5f e9 17 fa ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 41 56 53 48 89 f3 49 89 fe 8e 15 00 00 84 c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 [ 160.145073][ C1] RSP: 0018:ffffc900025df3d0 EFLAGS: 00000202 [ 160.145091][ C1] RAX: 0000000000000001 RBX: ffffffff823c6587 RCX: 0000000080000001 [ 160.145105][ C1] RDX: 0000000000000000 RSI: ffffffff823c6587 RDI: ffffffff8e960620 [ 160.145118][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 160.145129][ C1] R10: dffffc0000000000 R11: ffffed100b955e1c R12: 0000000000000002 [ 160.145142][ C1] R13: ffffffff8e960620 R14: ffffffff8e960620 R15: 0000000000000000 [ 160.145157][ C1] ? __page_table_check_zero+0x87/0x3e0 [ 160.145178][ C1] ? __page_table_check_zero+0x87/0x3e0 [ 160.145200][ C1] lock_acquire+0x79/0x2e0 [ 160.145221][ C1] ? __set_page_owner+0x3ae/0x4c0 [ 160.145241][ C1] ? __page_table_check_zero+0x6a/0x3e0 [ 160.145261][ C1] __page_table_check_zero+0x87/0x3e0 [ 160.145279][ C1] ? __page_table_check_zero+0x6a/0x3e0 [ 160.145297][ C1] ? bad_range+0x8b/0x2c0 [ 160.145325][ C1] post_alloc_hook+0x240/0x280 [ 160.145344][ C1] get_page_from_freelist+0x23a1/0x2440 [ 160.145384][ C1] __alloc_frozen_pages_noprof+0x18d/0x380 [ 160.145406][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 160.145431][ C1] alloc_pages_bulk_noprof+0x569/0x710 [ 160.145456][ C1] __kasan_populate_vmalloc+0xc1/0x1d0 [ 160.145491][ C1] alloc_vmap_area+0xd73/0x14b0 [ 160.145524][ C1] ? __pfx_alloc_vmap_area+0x10/0x10 [ 160.145547][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 160.145566][ C1] ? __get_vm_area_node+0x13f/0x300 [ 160.145591][ C1] ? __kmalloc_cache_node_noprof+0x248/0x6b0 [ 160.145608][ C1] ? xskq_create+0xbf/0x170 [ 160.145627][ C1] __get_vm_area_node+0x1f8/0x300 [ 160.145656][ C1] __vmalloc_node_range_noprof+0x355/0x1a80 [ 160.145676][ C1] ? xskq_create+0xbf/0x170 [ 160.145702][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 160.145721][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 160.145738][ C1] vmalloc_user_noprof+0xad/0xe0 [ 160.145753][ C1] ? xskq_create+0xbf/0x170 [ 160.145763][ C1] xskq_create+0xbf/0x170 [ 160.145774][ C1] xsk_init_queue+0x8a/0xe0 [ 160.145784][ C1] xsk_setsockopt+0x603/0x990 [ 160.145794][ C1] ? __pfx_xsk_setsockopt+0x10/0x10 [ 160.145804][ C1] ? __pfx_aa_sk_perm+0x10/0x10 [ 160.145814][ C1] ? __fget_files+0x2a/0x420 [ 160.145827][ C1] ? aa_sock_opt_perm+0xff/0x1a0 [ 160.145838][ C1] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 160.145848][ C1] ? __pfx_xsk_setsockopt+0x10/0x10 [ 160.145858][ C1] do_sock_setsockopt+0x17c/0x1b0 [ 160.145872][ C1] __x64_sys_setsockopt+0x13d/0x1b0 [ 160.145885][ C1] do_syscall_64+0x14d/0xf80 [ 160.145896][ C1] ? trace_irq_disable+0x3b/0x150 [ 160.145910][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.145920][ C1] ? clear_bhb_loop+0x40/0x90 [ 160.145930][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.145939][ C1] RIP: 0033:0x7f6395b9c799 [ 160.145949][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.145957][ C1] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 160.145968][ C1] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 160.145976][ C1] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 160.145984][ C1] RBP: 00007f6395c32bd9 R08: 0000000000000004 R09: 0000000000000000 [ 160.145990][ C1] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 [ 160.145996][ C1] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 160.146006][ C1] [ 160.146010][ C1] [ 160.697450][ C1] Allocated by task 5934: [ 160.701759][ C1] kasan_save_track+0x3e/0x80 [ 160.706430][ C1] __kasan_kmalloc+0x93/0xb0 [ 160.711004][ C1] __kmalloc_cache_noprof+0x31c/0x660 [ 160.716366][ C1] xpad_probe+0x428/0x1fc0 [ 160.720776][ C1] usb_probe_interface+0x668/0xc90 [ 160.725879][ C1] really_probe+0x267/0xaf0 [ 160.730372][ C1] __driver_probe_device+0x18c/0x320 [ 160.735645][ C1] driver_probe_device+0x4f/0x240 [ 160.740659][ C1] __device_attach_driver+0x2d4/0x4c0 [ 160.746021][ C1] bus_for_each_drv+0x258/0x2f0 [ 160.750864][ C1] __device_attach+0x2c5/0x450 [ 160.755617][ C1] device_initial_probe+0xa1/0xd0 [ 160.760625][ C1] bus_probe_device+0x12a/0x220 [ 160.765466][ C1] device_add+0x7b6/0xb70 [ 160.769785][ C1] usb_set_configuration+0x1a87/0x2110 [ 160.775235][ C1] usb_generic_driver_probe+0x8d/0x150 [ 160.780689][ C1] usb_probe_device+0x1c4/0x3b0 [ 160.785528][ C1] really_probe+0x267/0xaf0 [ 160.790020][ C1] __driver_probe_device+0x18c/0x320 [ 160.795294][ C1] driver_probe_device+0x4f/0x240 [ 160.800307][ C1] __device_attach_driver+0x2d4/0x4c0 [ 160.805670][ C1] bus_for_each_drv+0x258/0x2f0 [ 160.810513][ C1] __device_attach+0x2c5/0x450 [ 160.815263][ C1] device_initial_probe+0xa1/0xd0 [ 160.820277][ C1] bus_probe_device+0x12a/0x220 [ 160.825118][ C1] device_add+0x7b6/0xb70 [ 160.829437][ C1] usb_new_device+0xa08/0x16f0 [ 160.834189][ C1] hub_event+0x2a1c/0x4f30 [ 160.838593][ C1] process_one_work+0x949/0x1650 [ 160.843518][ C1] worker_thread+0xb46/0x1140 [ 160.848184][ C1] kthread+0x388/0x470 [ 160.852236][ C1] ret_from_fork+0x51e/0xb90 [ 160.856814][ C1] ret_from_fork_asm+0x1a/0x30 [ 160.861573][ C1] [ 160.863883][ C1] Freed by task 5878: [ 160.867845][ C1] kasan_save_track+0x3e/0x80 [ 160.872510][ C1] kasan_save_free_info+0x46/0x50 [ 160.877523][ C1] __kasan_slab_free+0x5c/0x80 [ 160.882273][ C1] kfree+0x1c1/0x630 [ 160.886161][ C1] xpad_disconnect+0x350/0x480 [ 160.890916][ C1] usb_unbind_interface+0x26e/0x910 [ 160.896117][ C1] device_release_driver_internal+0x4d9/0x860 [ 160.902177][ C1] bus_remove_device+0x34d/0x440 [ 160.907097][ C1] device_del+0x527/0x8f0 [ 160.911418][ C1] usb_disable_device+0x3d4/0x8d0 [ 160.916432][ C1] usb_disconnect+0x32f/0x990 [ 160.921094][ C1] hub_event+0x1cc9/0x4f30 [ 160.925500][ C1] process_one_work+0x949/0x1650 [ 160.930437][ C1] worker_thread+0xb46/0x1140 [ 160.935114][ C1] kthread+0x388/0x470 [ 160.939175][ C1] ret_from_fork+0x51e/0xb90 [ 160.943763][ C1] ret_from_fork_asm+0x1a/0x30 [ 160.948523][ C1] [ 160.950835][ C1] The buggy address belongs to the object at ffff888031950800 [ 160.950835][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 160.964881][ C1] The buggy address is located 92 bytes inside of [ 160.964881][ C1] freed 1024-byte region [ffff888031950800, ffff888031950c00) [ 160.978684][ C1] [ 160.980995][ C1] The buggy address belongs to the physical page: [ 160.987405][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031956800 pfn:0x31950 [ 160.997449][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 161.005933][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 161.014431][ C1] page_type: f5(slab) [ 161.018400][ C1] raw: 00fff00000000240 ffff88813ffbcdc0 ffffea00016fe210 ffffea00016c5e10 [ 161.026970][ C1] raw: ffff888031956800 000000080010000e 00000000f5000000 0000000000000000 [ 161.035540][ C1] head: 00fff00000000240 ffff88813ffbcdc0 ffffea00016fe210 ffffea00016c5e10 [ 161.044196][ C1] head: ffff888031956800 000000080010000e 00000000f5000000 0000000000000000 [ 161.052858][ C1] head: 00fff00000000003 ffffea0000c65401 00000000ffffffff 00000000ffffffff [ 161.061514][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 161.070166][ C1] page dumped because: kasan: bad access detected [ 161.076571][ C1] page_owner tracks the page as allocated [ 161.082276][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5667, tgid 5667 (dhcpcd), ts 56346453657, free_ts 56344541333 [ 161.103107][ C1] post_alloc_hook+0x231/0x280 [ 161.107864][ C1] get_page_from_freelist+0x23a1/0x2440 [ 161.113399][ C1] __alloc_frozen_pages_noprof+0x18d/0x380 [ 161.119194][ C1] allocate_slab+0x77/0x660 [ 161.123695][ C1] refill_objects+0x331/0x3c0 [ 161.128379][ C1] __pcs_replace_empty_main+0x2b9/0x620 [ 161.133921][ C1] __kmalloc_noprof+0x474/0x760 [ 161.138766][ C1] load_elf_binary+0x30f/0x2980 [ 161.143610][ C1] bprm_execve+0x93d/0x1460 [ 161.148097][ C1] do_execveat_common+0x50d/0x690 [ 161.153106][ C1] __x64_sys_execve+0x97/0xc0 [ 161.157764][ C1] do_syscall_64+0x14d/0xf80 [ 161.162353][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.168238][ C1] page last free pid 5483 tgid 5483 stack trace: [ 161.174543][ C1] __free_frozen_pages+0xbe2/0xd60 [ 161.179637][ C1] skb_release_data+0x6f0/0x940 [ 161.184478][ C1] __kfree_skb+0x5d/0x210 [ 161.188802][ C1] netlink_recvmsg+0x5d6/0xa50 [ 161.193551][ C1] sock_recvmsg_nosec+0x186/0x1c0 [ 161.198558][ C1] ____sys_recvmsg+0x245/0x510 [ 161.203312][ C1] ___sys_recvmsg+0x215/0x590 [ 161.207978][ C1] __x64_sys_recvmsg+0x1ba/0x2a0 [ 161.212905][ C1] do_syscall_64+0x14d/0xf80 [ 161.217483][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.223360][ C1] [ 161.225669][ C1] Memory state around the buggy address: [ 161.231281][ C1] ffff888031950700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 161.239331][ C1] ffff888031950780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 161.247378][ C1] >ffff888031950800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 161.255420][ C1] ^ [ 161.262340][ C1] ffff888031950880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 161.270386][ C1] ffff888031950900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 161.278427][ C1] ================================================================== [ 161.286484][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 161.293665][ C1] CPU: 1 UID: 0 PID: 7671 Comm: syz.1.641 Tainted: G L syzkaller #0 PREEMPT(full) [ 161.304425][ C1] Tainted: [L]=SOFTLOCKUP [ 161.308741][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.318786][ C1] Call Trace: [ 161.322058][ C1] [ 161.324890][ C1] vpanic+0x56c/0xa60 [ 161.328888][ C1] ? __pfx_vpanic+0x10/0x10 [ 161.333398][ C1] panic+0xc5/0xd0 [ 161.337113][ C1] ? __pfx_panic+0x10/0x10 [ 161.341524][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.346541][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.351584][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.356622][ C1] check_panic_on_warn+0x89/0xb0 [ 161.361550][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.366560][ C1] end_report+0x73/0x180 [ 161.370792][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.375801][ C1] kasan_report+0x128/0x150 [ 161.380296][ C1] ? do_raw_spin_lock+0x28b/0x2f0 [ 161.385309][ C1] do_raw_spin_lock+0x28b/0x2f0 [ 161.390147][ C1] ? lock_acquire+0xf0/0x2e0 [ 161.394727][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 161.400089][ C1] _raw_spin_lock_irqsave+0x4c/0x60 [ 161.405276][ C1] __wake_up_common_lock+0x2f/0x1f0 [ 161.410466][ C1] __usb_hcd_giveback_urb+0x3b0/0x540 [ 161.415826][ C1] dummy_timer+0xbbd/0x45d0 [ 161.420318][ C1] ? __resched_curr+0x1ff/0x3f0 [ 161.425161][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 161.430108][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 161.435470][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 161.440398][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 161.446195][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 161.451119][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 161.456040][ C1] __hrtimer_run_queues+0x53a/0xcc0 [ 161.461237][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 161.466948][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 161.473099][ C1] hrtimer_run_softirq+0x182/0x5a0 [ 161.478209][ C1] handle_softirqs+0x22a/0x870 [ 161.482968][ C1] ? __irq_exit_rcu+0x5f/0x150 [ 161.487727][ C1] __irq_exit_rcu+0x5f/0x150 [ 161.492310][ C1] irq_exit_rcu+0x9/0x30 [ 161.496547][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 161.502175][ C1] [ 161.505104][ C1] [ 161.508021][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 161.513990][ C1] RIP: 0010:__kasan_check_byte+0xd/0x40 [ 161.519526][ C1] Code: 5f e9 17 fa ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 41 56 53 48 89 f3 49 89 fe 8e 15 00 00 84 c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 [ 161.539124][ C1] RSP: 0018:ffffc900025df3d0 EFLAGS: 00000202 [ 161.545188][ C1] RAX: 0000000000000001 RBX: ffffffff823c6587 RCX: 0000000080000001 [ 161.553152][ C1] RDX: 0000000000000000 RSI: ffffffff823c6587 RDI: ffffffff8e960620 [ 161.561115][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.569076][ C1] R10: dffffc0000000000 R11: ffffed100b955e1c R12: 0000000000000002 [ 161.577039][ C1] R13: ffffffff8e960620 R14: ffffffff8e960620 R15: 0000000000000000 [ 161.585003][ C1] ? __page_table_check_zero+0x87/0x3e0 [ 161.590547][ C1] ? __page_table_check_zero+0x87/0x3e0 [ 161.596085][ C1] lock_acquire+0x79/0x2e0 [ 161.600494][ C1] ? __set_page_owner+0x3ae/0x4c0 [ 161.605508][ C1] ? __page_table_check_zero+0x6a/0x3e0 [ 161.611039][ C1] __page_table_check_zero+0x87/0x3e0 [ 161.616395][ C1] ? __page_table_check_zero+0x6a/0x3e0 [ 161.621930][ C1] ? bad_range+0x8b/0x2c0 [ 161.626254][ C1] post_alloc_hook+0x240/0x280 [ 161.631005][ C1] get_page_from_freelist+0x23a1/0x2440 [ 161.636551][ C1] __alloc_frozen_pages_noprof+0x18d/0x380 [ 161.642350][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 161.648680][ C1] alloc_pages_bulk_noprof+0x569/0x710 [ 161.654137][ C1] __kasan_populate_vmalloc+0xc1/0x1d0 [ 161.659597][ C1] alloc_vmap_area+0xd73/0x14b0 [ 161.664447][ C1] ? __pfx_alloc_vmap_area+0x10/0x10 [ 161.669723][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 161.674475][ C1] ? __get_vm_area_node+0x13f/0x300 [ 161.679664][ C1] ? __kmalloc_cache_node_noprof+0x248/0x6b0 [ 161.685631][ C1] ? xskq_create+0xbf/0x170 [ 161.690132][ C1] __get_vm_area_node+0x1f8/0x300 [ 161.695153][ C1] __vmalloc_node_range_noprof+0x355/0x1a80 [ 161.701036][ C1] ? xskq_create+0xbf/0x170 [ 161.705534][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 161.711850][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 161.716608][ C1] vmalloc_user_noprof+0xad/0xe0 [ 161.721533][ C1] ? xskq_create+0xbf/0x170 [ 161.726026][ C1] xskq_create+0xbf/0x170 [ 161.730345][ C1] xsk_init_queue+0x8a/0xe0 [ 161.734839][ C1] xsk_setsockopt+0x603/0x990 [ 161.739508][ C1] ? __pfx_xsk_setsockopt+0x10/0x10 [ 161.744695][ C1] ? __pfx_aa_sk_perm+0x10/0x10 [ 161.749536][ C1] ? __fget_files+0x2a/0x420 [ 161.754120][ C1] ? aa_sock_opt_perm+0xff/0x1a0 [ 161.759048][ C1] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 161.764580][ C1] ? __pfx_xsk_setsockopt+0x10/0x10 [ 161.769765][ C1] do_sock_setsockopt+0x17c/0x1b0 [ 161.774787][ C1] __x64_sys_setsockopt+0x13d/0x1b0 [ 161.779982][ C1] do_syscall_64+0x14d/0xf80 [ 161.784565][ C1] ? trace_irq_disable+0x3b/0x150 [ 161.789583][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.795636][ C1] ? clear_bhb_loop+0x40/0x90 [ 161.800300][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.806179][ C1] RIP: 0033:0x7f6395b9c799 [ 161.810583][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.830175][ C1] RSP: 002b:00007f6396a26028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 161.838582][ C1] RAX: ffffffffffffffda RBX: 00007f6395e15fa0 RCX: 00007f6395b9c799 [ 161.846548][ C1] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 161.854513][ C1] RBP: 00007f6395c32bd9 R08: 0000000000000004 R09: 0000000000000000 [ 161.862472][ C1] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 [ 161.870429][ C1] R13: 00007f6395e16038 R14: 00007f6395e15fa0 R15: 00007ffe10ac5588 [ 161.878396][ C1] [ 161.881652][ C1] Kernel Offset: disabled [ 161.885968][ C1] Rebooting in 86400 seconds..