last executing test programs: 2m10.042753847s ago: executing program 4 (id=4625): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x4, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x8, 0xe, 0x5, 0xa, 0x9}}]}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xc}, {0x6, 0xb}, {0xd, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x200040f0}, 0x4890) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 2m9.934662995s ago: executing program 4 (id=4626): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) io_uring_setup(0x1612, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x5, 0x0) epoll_create1(0x0) socket$nl_route(0x10, 0x3, 0x0) eventfd2(0x7, 0x801) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}}, 0x0) 2m9.658547065s ago: executing program 4 (id=4628): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}]}, 0x3c}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xa}, "0214779b0ba942f344cf"}}, 0xd) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x21c, 0x0, 0x8, 0xfa04, 0xb4, 0x6c02, 0x188, 0x194, 0x194, 0x188, 0x194, 0x3, 0x0, {[{{@ip={@empty, @broadcast, 0xff000000, 0xffffffff, 'vlan0\x00', 'veth0_vlan\x00', {}, {0xff}, 0x6, 0x2, 0x4}, 0x0, 0x90, 0xb4, 0x0, {0x0, 0x74020000}, [@common=@socket0={{0x20}}]}, @common=@inet=@SYNPROXY={0x24, 'SYNPROXY\x00', 0x0, {0x0, 0x36}}}, {{@ip={@rand_addr=0x64010101, @rand_addr=0x64010100, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'ipvlan0\x00', {}, {0xff}, 0xc, 0x3, 0x23}, 0x0, 0x94, 0xd4, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x4}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8, 0xd5, {0x8}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x278) 2m9.526711393s ago: executing program 4 (id=4629): mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000000c0)=0x7f) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000002480)=""/4110, 0x48}], 0x1) r1 = getpgrp(0x0) r2 = gettid() rt_tgsigqueueinfo(r1, r2, 0x1d, &(0x7f00000000c0)={0x3b, 0x8000006, 0x3}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0xbffffffe, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x2}, 0x2, 0x2, 0x5, r1, 0x0, 0x4ff, 'syz0\x00', 0x0}) 2m9.329392622s ago: executing program 4 (id=4631): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r1 = syz_open_pts(r0, 0x0) poll(&(0x7f0000000000)=[{r1, 0x63be}], 0x1, 0xa1) r2 = dup3(r1, r0, 0x0) ioctl$TCSETSW2(r2, 0x402c542c, 0x0) 2m8.910808992s ago: executing program 4 (id=4634): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f00000002c0)='pstore\x00', 0x1) msgsnd(0x0, 0x0, 0x8, 0x800) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x80000006, @private0, 0xefce}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000080) sched_setattr(0x0, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000140)={@dev={0xfe, 0x80, '\x00', 0xf}}, 0x14) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x67, 0x0, 0x0, @tick=0x5, {0x9}, {0xfd}, @raw32={[0x25fc]}}], 0xfffffffffffffe7e) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) write$sndseq(r6, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffe, 0x4}, {}, {}, @result={0x1f00}}], 0x1c) msgctl$MSG_STAT_ANY(0x0, 0xd, &(0x7f00000002c0)=""/99) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r7 = syz_open_procfs(0x0, &(0x7f00000007c0)='gid_map\x00') writev(r7, &(0x7f0000000100), 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0xc) setsockopt(r8, 0x84, 0x7f, &(0x7f0000000140)="010000000980ffff", 0x8) ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000001bc0)) 1m53.697112243s ago: executing program 32 (id=4634): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f00000002c0)='pstore\x00', 0x1) msgsnd(0x0, 0x0, 0x8, 0x800) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x80000006, @private0, 0xefce}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000080) sched_setattr(0x0, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000140)={@dev={0xfe, 0x80, '\x00', 0xf}}, 0x14) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x67, 0x0, 0x0, @tick=0x5, {0x9}, {0xfd}, @raw32={[0x25fc]}}], 0xfffffffffffffe7e) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) write$sndseq(r6, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffe, 0x4}, {}, {}, @result={0x1f00}}], 0x1c) msgctl$MSG_STAT_ANY(0x0, 0xd, &(0x7f00000002c0)=""/99) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r7 = syz_open_procfs(0x0, &(0x7f00000007c0)='gid_map\x00') writev(r7, &(0x7f0000000100), 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0xc) setsockopt(r8, 0x84, 0x7f, &(0x7f0000000140)="010000000980ffff", 0x8) ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000001bc0)) 10.550656589s ago: executing program 5 (id=4980): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000040)={0x1000, 0x3}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1301"], 0x16) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sync() sync() r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'}) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000004000a20000000000a01030000000000000000010000090900010073797a31000000002c000000030a01030000000000000000010000000900030073797a32000000000900010073797a31000000002c000000050a01420000000000000000010000000c00024000000000000000010900010073797a3100000000340000000e0a01020000000000000000040000070900020073797a300000000008000440000000010900020073797a3200000000140000001100010000000000000000000000000a"], 0xd4}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', r6, 0x700, 0x7800, 0xffff, 0x8001, {{0x5, 0x4, 0x0, 0x28, 0x14, 0x68, 0x0, 0x10, 0x4, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x32c180) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'pim6reg1\x00', &(0x7f00000001c0)=@ethtool_stats={0x1d, 0x5, [0xc000000000, 0x8, 0x3, 0x0, 0x0]}}) socket$kcm(0x10, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 9.113599248s ago: executing program 5 (id=4986): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x40008000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x806}, @TCA_FLOWER_KEY_ARP_OP={0x5, 0x3d, 0x8}]}}]}, 0x44}}, 0x800) r4 = landlock_create_ruleset(&(0x7f0000000000)={0x25, 0x2, 0x1}, 0x18, 0x0) unshare(0x400) r5 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_SEND_PRIO(r5, 0x6b, 0x3, 0x0, 0x0) landlock_restrict_self(r4, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f0000000480)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="000007000000070012279dfe7e97dab283d65215d600378ff739aad23335568b4f5ae8e3bfb7bda64be007ebf014ec0bc9baf0"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r7, &(0x7f0000000340)={0x18, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00030c0080"], 0x0, 0x0, 0x0}, 0x0) bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r6, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) 9.059059906s ago: executing program 0 (id=4987): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b040000000000000000020000005000040100736f636b65740000140002800800024000000003080001400000000228000180080001006e6174001c0002800800054000000003080002"], 0xa4}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="a013000040000701fcffffff00000100017c0000040042800c00018006000600801c00007c13028078131480731315806f1301"], 0x13a0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 8.918783123s ago: executing program 0 (id=4989): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_usb_connect(0x0, 0x181, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001f055110240419cf96a40102030109020e0201000000000904"], 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x7, 0x3, 0xffffffff}, 0x0) socket(0x1d, 0x2, 0x6) r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ca32c7329458e68a330a721f000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000674ae874c8a3ac27c779eb0000000000000000000000000000000000000000000000000000000000000000fcffffff00"/144]}, 0xe0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x1, 0x0, {0xfffffffd, 0x4, 0x2000008, 0x8000b}}) r5 = open(0x0, 0x7f6042, 0x23) pwritev2(r5, &(0x7f0000000240), 0x0, 0x7000, 0x100, 0x3) r6 = socket$qrtr(0x2a, 0x2, 0x0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000010000000000000000ffff0000000000000000000000000000ffff"], 0x4c}}, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000300)={0x202001fe0000, 0x40}) sendmsg$sock(r6, &(0x7f0000001540)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x40000c0) capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x6, 0x10087, 0x0, 0x40}) syz_open_procfs(0x0, &(0x7f0000000080)='setgroups\x00') socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 8.105253502s ago: executing program 5 (id=4992): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010800d972a440b72040155ab7010203010902120001000000000904000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000200)={0x40, 0x17, 0x1, "1f"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000bc0)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="e01506"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.410386615s ago: executing program 3 (id=4994): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f00000005c0)=ANY=[], 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 6.4554989s ago: executing program 1 (id=4996): r0 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000080)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x80000002}, 0x1c) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe64, 0x4, @empty, 0x82}, 0x1c) 6.382593339s ago: executing program 1 (id=4997): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000040)={0x1000, 0x3}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1301"], 0x16) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sync() sync() r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'}) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000004000a20000000000a01030000000000000000010000090900010073797a31000000002c000000030a01030000000000000000010000000900030073797a32000000000900010073797a31000000002c000000050a01420000000000000000010000000c00024000000000000000010900010073797a3100000000340000000e0a01020000000000000000040000070900020073797a300000000008000440000000010900020073797a3200000000140000001100010000000000000000000000000a"], 0xd4}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', r6, 0x700, 0x7800, 0xffff, 0x8001, {{0x5, 0x4, 0x0, 0x28, 0x14, 0x68, 0x0, 0x10, 0x4, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x32c180) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'pim6reg1\x00', &(0x7f00000001c0)=@ethtool_stats={0x1d, 0x5, [0xc000000000, 0x8, 0x3, 0x0, 0x0]}}) socket$kcm(0x10, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 5.600106428s ago: executing program 2 (id=4998): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000000)=0x80, 0x800) ioctl$XFS_IOC_FSGEOMETRY_V4(r0, 0x8070587c, &(0x7f0000000100)) r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000004c0)={0x12, 0x2, 0x0, "dd3e1ddbc8e90eff74531a27a41db3064000", 0x32315659}) r2 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x2982, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000040)=@l={0x92, 0x0, 0xe0, 0x0, 0x0, 0x1}) unshare(0x2040400) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = epoll_create1(0x80000) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000005c0)={0x4}) r8 = syz_genetlink_get_family_id$smc(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r8, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x4000011) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) read(r2, &(0x7f00000011c0)=""/221, 0x8) 5.408694418s ago: executing program 2 (id=4999): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="a013000040000701fcffffff00000100017c0000040042800c00018006000600801c00007c13028078131480731315806f1301"], 0x13a0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 5.366697167s ago: executing program 1 (id=5000): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000040)={0x1000, 0x3}) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1301"], 0x16) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sync() sync() r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'}) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) 5.300350238s ago: executing program 2 (id=5001): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0434c100000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be9010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x18, &(0x7f0000000040)={0x40, 0xd, 0x77, {0x77, 0xc, "369d8419dbd726756a64ca8f5b9b441506ddd9f6a111dcc0e9a8919931bd261075d5d2c8291704ad1f0e26ce727b6f22ee938d47bfd86ba2d2d3bbd5efe814849db4fb7b96dc8e0a1c6ba118338501b75ee50c0815ed0e8be60e7098562fa9fa4b3c762099c722627bb92effebf300154553cb4eaf"}}, &(0x7f00000000c0)={0x0, 0x3, 0x60, @string={0x60, 0x3, "6784a04a4627c63e30710c3479a7fafad1add7032d5abe17973bef2b531a03f0b3f6d32d39d2f9ed47e869f086d1704cff5eaea654ce7d7ab77d9df3453c2fde5bc6002b696ea71f35737a80f1a97fa23784ac748cfd1cc6fa9f70fef8f0"}}, &(0x7f0000000140)={0x0, 0xf, 0x20, {0x5, 0xf, 0x20, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x6, 0x4, 0x2}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "b0e6750eb0a028a296a7b15b6aba726f"}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5d, 0x0, 0xe6, 0x0, "cb6e8250", "b2bdfbca"}}, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xe, 0x10, 0x7, 0x13, 0x2, 0x3, 0x4}}}, &(0x7f00000006c0)={0x44, &(0x7f0000000240)={0x40, 0x15, 0xa2, "58b168d89ab1a36a922092bdf3ad8d2f14d839e7780c1b6468aa3ab8a9456562e14ee2df0cc71334eed314354852c45224150aed0bf2dafd871c448926c48449dd43c1be49b33ddcf3aa041ba1e0a4c7c2b048f5f663f729185a9fc4d8aeb26168baed047e21d7aaf3e160e512cdea7915a3ff8a7f4f76792b50d3342e44668b6a83168c08d4487caa68d232bc2693d10f265e85687ba49f7995dbac0da697110851"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x0, 0x80}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000480)={0x40, 0xb, 0x2, '?l'}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x8000}, &(0x7f0000000500)={0x40, 0x13, 0x6, @random="6a39a5518826"}, &(0x7f0000000540)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, &(0x7f0000000580)={0x40, 0x19, 0x2, "11d2"}, &(0x7f00000005c0)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000600)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000000640)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000680)={0x40, 0x21, 0x1, 0x8c}}) 4.9460728s ago: executing program 0 (id=5002): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x0, 0x4, 0x2, 0x0, 0xd, 0x1, 0x0, 0x0, 0x0, 0x5}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x4, 0x4, 0x1, 0x8, r1}, &(0x7f0000000400)=0x10) 4.86649221s ago: executing program 5 (id=5003): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) fsetxattr$security_ima(r0, &(0x7f0000000040), &(0x7f00000000c0)=@md5={0x1, "deb06e1743b113142f6011ad9200c466"}, 0x11, 0x2) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x0, 0x4, 0x2, 0x0, 0xd, 0x1, 0x0, 0x0, 0x1, 0x5, 0x0, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x4, 0x4, 0x1, 0x8, r1}, &(0x7f0000000400)=0x10) 4.805652568s ago: executing program 0 (id=5004): r0 = syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042) readv(r0, &(0x7f0000000000), 0x0) read$FUSE(r0, &(0x7f0000001c40)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 4.746171897s ago: executing program 5 (id=5005): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r3, 0x8800000) r4 = openat$null(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendfile(r4, r3, 0x0, 0x558410e9) 4.279987673s ago: executing program 3 (id=5006): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @loopback, 0x3681}, 0x1c) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 3.978294055s ago: executing program 3 (id=5007): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan1\x00'}) socket$kcm(0x10, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000080)={'full', 0x20, 0x2000000007, 0x20, 0x10000000fffff}, 0x2f) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r3, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) socket(0x1d, 0x2, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f0000000600)=[{{&(0x7f0000000300)=@nfc_llcp, 0x80, &(0x7f0000000200)=[{&(0x7f0000000380)=""/134, 0x86}, {&(0x7f0000000440)=""/185, 0xb9}, {&(0x7f0000000040)=""/61, 0x3d}], 0x3, &(0x7f0000000500)=""/175, 0xaf}, 0x2}], 0x1, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x296dc0, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008888}, 0x24008000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) syz_usb_connect(0x0, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f6276000905000000000000000705e37e1b82e60905f2020000060000090501"], 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{0x0, 0x18}], 0x1, 0x0, 0x0, 0x2000}, 0x4000880) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) 3.851622793s ago: executing program 0 (id=5008): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0xfe, 0x0}}, 0x4d4}, @in=@remote, {@in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in6=@local, 0x0, 0x0, 0x0, 0x6}, {{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0xa0}, {}, {}, 0x4, 0x6e6bbf}, 0xfffffffe}}, 0x128}}, 0x20004040) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[], 0xc48}, 0x0, 0xe3d08660d3cd4684}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x1}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r7, 0x0, 0x0) 3.683397501s ago: executing program 1 (id=5009): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000000)=0x80, 0x800) ioctl$XFS_IOC_FSGEOMETRY_V4(r0, 0x8070587c, &(0x7f0000000100)) r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000004c0)={0x12, 0x2, 0x0, "dd3e1ddbc8e90eff74531a27a41db3064000", 0x32315659}) r2 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x2982, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000040)=@l={0x92, 0x0, 0xe0, 0x0, 0x0, 0x1}) unshare(0x2040400) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = epoll_create1(0x80000) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000005c0)={0x4}) syz_genetlink_get_family_id$smc(&(0x7f0000000380), 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) read(r2, &(0x7f00000011c0)=""/221, 0x8) 3.550413815s ago: executing program 2 (id=5010): r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) r2 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10) socket$inet_sctp(0x2, 0x1, 0x84) r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x3, 0x400) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0485510, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r4}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x2, 0x1e}) syz_clone(0x42020000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000004480)={0x18004000, &(0x7f0000004240), 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58) 3.105230121s ago: executing program 1 (id=5011): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="a013000040000701fcffffff00000100017c0000040042800c00018006000600801c00007c13028078131480731315806f1301"], 0x13a0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 2.83938764s ago: executing program 5 (id=5012): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_usb_connect(0x0, 0x181, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001f055110240419cf96a40102030109020e0201000000000904"], 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x7, 0x3, 0xffffffff}, 0x0) socket(0x1d, 0x2, 0x6) r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ca32c7329458e68a330a721f000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000674ae874c8a3ac27c779eb0000000000000000000000000000000000000000000000000000000000000000fcffffff00"/144]}, 0xe0) ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x1, 0x0, {0xfffffffd, 0x4, 0x2000008, 0x8000b}}) r5 = open(0x0, 0x7f6042, 0x23) pwritev2(r5, &(0x7f0000000240), 0x0, 0x7000, 0x100, 0x3) r6 = socket$qrtr(0x2a, 0x2, 0x0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000010000000000000000ffff0000000000000000000000000000ffff"], 0x4c}}, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000300)={0x202001fe0000, 0x40}) sendmsg$sock(r6, &(0x7f0000001540)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x40000c0) capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x6, 0x10087, 0x0, 0x40}) syz_open_procfs(0x0, &(0x7f0000000080)='setgroups\x00') socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 2.486174861s ago: executing program 1 (id=5013): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010800d972a440b72040155ab7010203010902120001000000000904000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000200)={0x40, 0x17, 0x1, "1f"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000bc0)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="e01506"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.225566327s ago: executing program 2 (id=5014): r0 = syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042) readv(r0, &(0x7f0000000000), 0x0) read$FUSE(r0, &(0x7f0000001c40)={0x2020, 0x0, 0x0}, 0x2020) r2 = geteuid() r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x8, 0xffffffffd24b2432, 0x83, 0xffff, 0x0, 0xabe6, 0x0, 0x0, 0x80, 0x8001}}, 0x50) syz_fuse_handle_req(r3, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x12, 0x0, 0x6, {0xc, 0x3, 0x0, {0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x0, 0x8, 0x100000000, 0xfffffffe, 0x5, 0x80003, 0x8000, 0x0, r2, r5, 0x1, 0x3}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000240)={0xa0, 0xfffffffffffffff5, r1, {{0x5, 0x1, 0xffff, 0x4117, 0xe, 0x7, {0x0, 0x6, 0xa, 0x7f, 0x34d, 0x1, 0x9, 0x9, 0x0, 0x6000, 0x400, r2, r5, 0xffff7fff, 0xff0}}}}, 0xa0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) umount2(&(0x7f0000000080)='./file0\x00', 0x8) 2.033501915s ago: executing program 0 (id=5015): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f00000005c0)=ANY=[], 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 1.2659033s ago: executing program 2 (id=5016): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f00000005c0)=ANY=[], 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 878.460383ms ago: executing program 3 (id=5017): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @loopback, 0x3681}, 0x1c) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) 873.789579ms ago: executing program 3 (id=5018): r0 = syz_open_dev$mouse(&(0x7f0000000340), 0x0, 0x8042) readv(r0, &(0x7f0000000000), 0x0) read$FUSE(r0, &(0x7f0000001c40)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 0s ago: executing program 3 (id=5019): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x20402) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, 0x0, 0x0, 0xa, 0x0, 0x0, 0x40f00}, 0x94) r1 = epoll_create1(0x0) ioctl$TIOCGPGRP(r1, 0x5450, &(0x7f0000000180)=0x0) getpgid(r2) ioctl$int_in(r0, 0x5452, &(0x7f0000000200)=0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r3, 0x6, 0x2d, 0x0, &(0x7f00000017c0)) write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) kernel console output (not intermixed with test programs): x: I2c Bus Busy Wait 00 [ 1289.791639][ T6717] gspca_vc032x: I2c Bus Busy Wait 00 [ 1289.818644][ T6717] gspca_vc032x: Unknown sensor... [ 1289.823747][ T6717] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 1289.836176][ T5950] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1289.869736][ T6717] usb 1-1: USB disconnect, device number 72 [ 1289.914157][T20534] FAULT_INJECTION: forcing a failure. [ 1289.914157][T20534] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.985735][T20534] CPU: 1 UID: 0 PID: 20534 Comm: syz.2.4714 Tainted: G L syzkaller #0 PREEMPT(full) [ 1289.985770][T20534] Tainted: [L]=SOFTLOCKUP [ 1289.985778][T20534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1289.985791][T20534] Call Trace: [ 1289.985800][T20534] [ 1289.985809][T20534] dump_stack_lvl+0xe8/0x150 [ 1289.985843][T20534] should_fail_ex+0x412/0x560 [ 1289.985876][T20534] _copy_from_user+0x2d/0xb0 [ 1289.985907][T20534] __sys_connect+0x156/0x450 [ 1289.985931][T20534] ? __pfx___sys_connect+0x10/0x10 [ 1289.985971][T20534] __ia32_sys_connect+0x7a/0x90 [ 1289.985992][T20534] __do_fast_syscall_32+0x20d/0x640 [ 1289.986018][T20534] ? do_fast_syscall_32+0x33/0x70 [ 1289.986039][T20534] ? asm_int80_emulation+0x1a/0x20 [ 1289.986059][T20534] ? do_int80_emulation+0x274/0x4d0 [ 1289.986084][T20534] ? trace_irq_disable+0x3b/0x150 [ 1289.986117][T20534] do_fast_syscall_32+0x33/0x70 [ 1289.986140][T20534] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1289.986163][T20534] RIP: 0023:0xf707ef6c [ 1289.986182][T20534] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1289.986199][T20534] RSP: 002b:00000000f546d50c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 1289.986221][T20534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 1289.986235][T20534] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 1289.986247][T20534] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1289.986259][T20534] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1289.986271][T20534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1289.986299][T20534] [ 1290.324917][ T5950] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1290.334133][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1290.343493][ T5950] usb 2-1: Product: syz [ 1290.347860][ T5950] usb 2-1: Manufacturer: syz [ 1290.356288][ T5950] usb 2-1: SerialNumber: syz [ 1290.363749][ T5950] usb 2-1: config 0 descriptor?? [ 1290.558564][ T82] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1290.595718][T20544] netlink: 'syz.0.4715': attribute type 3 has an invalid length. [ 1290.774928][ T82] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1290.833824][ T6717] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1290.893566][ T82] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1290.992162][ T82] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1291.013378][ T6717] usb 4-1: Using ep0 maxpacket: 32 [ 1291.013838][ T5950] usb 2-1: Firmware: major: 226, minor: 88, hardware type: UNKNOWN (237) [ 1291.105628][ T6717] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1291.174321][ T6717] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1291.205999][ T6717] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1291.218230][ T6717] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1291.251920][ T5950] usb 2-1: failed to fetch extended address, random address set [ 1291.290506][ T5950] usb 2-1: atusb_probe: initialization failed, error = -524 [ 1291.316380][ T5950] atusb 2-1:0.0: probe with driver atusb failed with error -524 [ 1291.345441][ T5950] usb 2-1: USB disconnect, device number 48 [ 1291.377722][ T6717] usb 4-1: config 0 descriptor?? [ 1291.417204][T20550] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4719'. [ 1291.426448][T20550] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4719'. [ 1291.513861][ T82] bridge_slave_0: left allmulticast mode [ 1291.531514][ T82] bridge_slave_0: left promiscuous mode [ 1291.543807][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 1291.575511][ T82] batman_adv: batadv0: Interface deactivated: gretap1 [ 1291.778496][ T5950] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1291.817408][ T6717] hid_parser_main: 45 callbacks suppressed [ 1291.817432][ T6717] ft260 0003:0403:6030.0071: unknown main item tag 0x7 [ 1291.936153][ T5950] usb 6-1: Using ep0 maxpacket: 16 [ 1291.943408][ T5950] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1291.954330][ T5950] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1291.975297][ T5950] usb 6-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 1291.994410][T20538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1292.003329][T20538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1292.037423][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.047288][ T82] batman_adv: batadv0: Removing interface: gretap1 [ 1292.083673][ T5950] usb 6-1: config 0 descriptor?? [ 1292.095024][ T6717] ft260 0003:0403:6030.0071: failed to retrieve chip version [ 1292.113594][ T5950] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1292.138319][ T6717] ft260 0003:0403:6030.0071: probe with driver ft260 failed with error -5 [ 1292.362094][ T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1292.379092][ T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1292.392387][ T82] bond0 (unregistering): Released all slaves [ 1292.578160][ T82] tipc: Left network mode [ 1292.692161][T20557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4721'. [ 1292.787491][ T5950] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1292.940899][T20574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4723'. [ 1293.091197][ T5950] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1293.101640][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1293.122765][ T5950] usb 3-1: Product: syz [ 1293.137125][ T5950] usb 3-1: Manufacturer: syz [ 1293.151222][ T5950] usb 3-1: SerialNumber: syz [ 1293.211135][ T82] hsr_slave_0: left promiscuous mode [ 1293.223047][ T82] hsr_slave_1: left promiscuous mode [ 1293.236598][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1293.250597][ T82] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1293.267255][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1293.285784][ T82] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1293.316198][T14388] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 1293.327833][ T82] veth1_macvtap: left promiscuous mode [ 1293.339239][ T82] veth0_macvtap: left promiscuous mode [ 1293.351750][ T82] veth1_vlan: left promiscuous mode [ 1293.363160][ T82] veth0_vlan: left promiscuous mode [ 1293.487943][T14388] usb 2-1: Using ep0 maxpacket: 8 [ 1293.502153][T14388] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1293.517390][ T24] usb 4-1: USB disconnect, device number 74 [ 1293.551523][T14388] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1293.591768][T14388] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1293.851581][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1293.864501][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1293.916142][T14388] usb 2-1: Product: syz [ 1293.920382][T14388] usb 2-1: Manufacturer: syz [ 1293.925023][T14388] usb 2-1: SerialNumber: syz [ 1294.307617][T14388] usb 2-1: palm_os_3_probe - error -110 getting connection information [ 1294.345662][T14388] visor 2-1:1.0: probe with driver visor failed with error -110 [ 1294.563220][T20592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4726'. [ 1294.593348][ T24] usb 6-1: USB disconnect, device number 3 [ 1295.153547][ T82] team0 (unregistering): Port device team_slave_1 removed [ 1295.288971][ T82] team0 (unregistering): Port device team_slave_0 removed [ 1295.852939][ T6717] usb 2-1: USB disconnect, device number 49 [ 1296.208571][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000084. ret = -EPROTO [ 1296.239157][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to init LTM with error -EPROTO [ 1296.265650][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1296.299668][ T5950] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1296.347060][T20609] delete_channel: no stack [ 1296.362568][ T5950] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 1296.396612][ T5950] usb 3-1: USB disconnect, device number 63 [ 1296.976203][ T5950] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1297.136481][ T24] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1297.155945][ T5950] usb 1-1: Using ep0 maxpacket: 32 [ 1297.175711][ T5950] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1297.192043][ T5950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.212624][ T5950] usb 1-1: Product: syz [ 1297.227069][ T5950] usb 1-1: Manufacturer: syz [ 1297.231886][ T5950] usb 1-1: SerialNumber: syz [ 1297.270989][ T5950] usb 1-1: config 0 descriptor?? [ 1297.295330][ T5950] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1297.306232][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 1297.314699][ T24] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 1297.316458][T14383] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1297.332044][ T24] usb 3-1: config 0 has no interface number 0 [ 1297.339691][ T24] usb 3-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1297.355271][ T24] usb 3-1: config 0 interface 89 has no altsetting 0 [ 1297.374040][ T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1297.397368][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.415602][ T24] usb 3-1: Product: syz [ 1297.438504][ T24] usb 3-1: Manufacturer: syz [ 1297.453669][ T24] usb 3-1: SerialNumber: syz [ 1297.495801][ T24] usb 3-1: config 0 descriptor?? [ 1297.519716][ T24] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1297.542287][T14383] usb 6-1: Using ep0 maxpacket: 32 [ 1297.546819][ T24] em28xx 3-1:0.89: Video interface 89 found: [ 1297.560736][T14383] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1297.577270][T14383] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1297.588140][T20632] FAULT_INJECTION: forcing a failure. [ 1297.588140][T20632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1297.597549][T14383] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1297.630858][T14383] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1297.637477][T20632] CPU: 1 UID: 0 PID: 20632 Comm: syz.1.4737 Tainted: G L syzkaller #0 PREEMPT(full) [ 1297.637570][T20632] Tainted: [L]=SOFTLOCKUP [ 1297.637590][T20632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1297.637622][T20632] Call Trace: [ 1297.637643][T20632] [ 1297.637666][T20632] dump_stack_lvl+0xe8/0x150 [ 1297.637758][T20632] should_fail_ex+0x412/0x560 [ 1297.637843][T20632] _copy_from_user+0x2d/0xb0 [ 1297.637903][T20632] get_compat_msghdr+0xb3/0x4c0 [ 1297.637978][T20632] ? __lock_acquire+0x6b5/0x2cf0 [ 1297.638067][T20632] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1297.638130][T20632] ? kstrtoull+0x12f/0x1d0 [ 1297.638221][T20632] ___sys_sendmsg+0x201/0x360 [ 1297.638330][T20632] ? __pfx____sys_sendmsg+0x10/0x10 [ 1297.638396][T20632] ? get_pid_task+0x20/0x1f0 [ 1297.638447][T20632] ? get_pid_task+0x20/0x1f0 [ 1297.638494][T20632] ? get_pid_task+0x20/0x1f0 [ 1297.638622][T20632] ? __fget_files+0x2a/0x420 [ 1297.638693][T20632] ? __fget_files+0x3a0/0x420 [ 1297.638780][T20632] __sys_sendmsg+0x183/0x260 [ 1297.638841][T20632] ? __pfx___sys_sendmsg+0x10/0x10 [ 1297.638911][T20632] __do_fast_syscall_32+0x20d/0x640 [ 1297.638940][T20632] ? do_fast_syscall_32+0x33/0x70 [ 1297.638962][T20632] ? asm_int80_emulation+0x1a/0x20 [ 1297.639036][T20632] ? do_int80_emulation+0x274/0x4d0 [ 1297.639136][T20632] do_fast_syscall_32+0x33/0x70 [ 1297.639196][T20632] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1297.639256][T20632] RIP: 0023:0xf7fb2f6c [ 1297.639316][T20632] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1297.639373][T20632] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1297.639432][T20632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002ac0 [ 1297.639464][T20632] RDX: 0000000020040051 RSI: 0000000000000000 RDI: 0000000000000000 [ 1297.639495][T20632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1297.639525][T20632] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1297.639555][T20632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1297.639636][T20632] [ 1297.885196][T14383] usb 6-1: config 0 descriptor?? [ 1298.116200][T14379] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1298.124883][ T5950] gspca_ov534_9: reg_w failed -71 [ 1298.176251][T14383] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1298.279203][ T24] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 1298.287654][T14379] usb 4-1: Using ep0 maxpacket: 16 [ 1298.294616][T14379] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1298.305496][T14379] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1298.321894][T14379] usb 4-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 1298.334084][T14379] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1298.355490][T14379] usb 4-1: config 0 descriptor?? [ 1298.372588][T14383] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1298.379595][T14379] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1298.383984][T14383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.399073][T14383] usb 2-1: Product: syz [ 1298.403277][T14383] usb 2-1: Manufacturer: syz [ 1298.409387][T14383] usb 2-1: SerialNumber: syz [ 1298.446407][ T5950] gspca_ov534_9: Unknown sensor 0000 [ 1298.446502][ T5950] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 1298.466754][ T5950] usb 1-1: USB disconnect, device number 73 [ 1298.825231][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1298.856238][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1298.908155][ T24] em28xx 3-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64) [ 1298.918785][ T24] em28xx 3-1:0.89: board has no eeprom [ 1299.046251][T14379] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1299.186540][ T24] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 1299.193810][ T24] em28xx 3-1:0.89: analog set to bulk mode. [ 1299.216286][T14379] usb 1-1: Using ep0 maxpacket: 16 [ 1299.221914][ T5950] em28xx 3-1:0.89: Registering V4L2 extension [ 1299.229726][T14379] usb 1-1: config index 0 descriptor too short (expected 526, got 367) [ 1299.249943][T14379] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1299.262897][ T24] usb 3-1: USB disconnect, device number 64 [ 1299.282656][ T24] em28xx 3-1:0.89: Disconnecting em28xx [ 1299.298475][T14379] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1299.310213][T14379] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1299.329459][T14379] usb 1-1: Product: syz [ 1299.333729][T14379] usb 1-1: Manufacturer: syz [ 1299.338470][T14379] usb 1-1: SerialNumber: syz [ 1299.353171][T14379] usb 1-1: config 0 descriptor?? [ 1299.374294][ T5950] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 1299.399407][ T5950] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 1299.410847][ T5950] em28xx 3-1:0.89: No AC97 audio processor [ 1299.420424][ T5950] usb 3-1: Decoder not found [ 1299.430672][ T5950] em28xx 3-1:0.89: failed to create media graph [ 1299.446294][ T5950] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 1299.457099][ T5950] em28xx 3-1:0.89: Registering snapshot button... [ 1299.465508][ T5950] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input132 [ 1299.486446][ T5950] em28xx 3-1:0.89: Remote control support is not available for this card. [ 1299.506477][ T24] em28xx 3-1:0.89: Closing input extension [ 1299.512345][ T24] em28xx 3-1:0.89: Deregistering snapshot button [ 1299.547902][ T24] em28xx 3-1:0.89: Freeing device [ 1299.964357][ T24] usb 6-1: USB disconnect, device number 4 [ 1300.099750][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.109444][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.417122][T20695] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4745'. [ 1300.815094][T14388] usb 4-1: USB disconnect, device number 75 [ 1301.151951][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x000000e0. ret = -EPROTO [ 1301.166201][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to init LTM with error -EPROTO [ 1301.177715][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1301.196026][T14383] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1301.324939][T14383] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 1301.515478][T14383] usb 2-1: USB disconnect, device number 50 [ 1301.881894][T20712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4750'. [ 1302.080316][T14383] usb 1-1: USB disconnect, device number 74 [ 1302.404827][T20716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4752'. [ 1302.414277][T20716] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4752'. [ 1302.429470][T20716] netlink: 'syz.1.4752': attribute type 15 has an invalid length. [ 1302.623655][T14388] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1302.756302][T14383] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1302.796761][T14388] usb 6-1: Using ep0 maxpacket: 32 [ 1302.809878][T14388] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1302.820010][T14388] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1302.828343][T14388] usb 6-1: Product: syz [ 1302.832615][T14388] usb 6-1: Manufacturer: syz [ 1302.837703][T14388] usb 6-1: SerialNumber: syz [ 1302.855801][T14388] usb 6-1: config 0 descriptor?? [ 1302.873160][T14388] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1302.936163][T14383] usb 1-1: Using ep0 maxpacket: 32 [ 1302.943615][T14383] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1302.953472][T14383] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1302.962867][T14383] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1302.987801][T14383] usb 1-1: config 0 descriptor?? [ 1303.056141][ T9890] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1303.217904][ T9890] usb 2-1: device descriptor read/64, error -71 [ 1303.466279][ T5950] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1303.486387][ T9890] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1303.617964][ T5950] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1303.629681][ T5950] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1303.639831][ T5950] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1303.654256][ T5950] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1303.663371][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1303.671492][ T9890] usb 2-1: device descriptor read/64, error -71 [ 1303.679838][T14388] gspca_ov534_9: reg_w failed -71 [ 1303.749295][ T5950] usb 3-1: config 0 descriptor?? [ 1303.766354][T14383] usb 4-1: new full-speed USB device number 76 using dummy_hcd [ 1303.776690][ T9890] usb usb2-port1: attempt power cycle [ 1303.941099][T14383] usb 4-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 1303.956133][T14383] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1303.964155][T14383] usb 4-1: Product: syz [ 1303.976363][T14383] usb 4-1: Manufacturer: syz [ 1303.981024][T14383] usb 4-1: SerialNumber: syz [ 1303.994013][T14383] usb 4-1: config 0 descriptor?? [ 1303.999195][T14388] gspca_ov534_9: Unknown sensor 0000 [ 1303.999282][T14388] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22 [ 1304.020009][T14383] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 1304.037320][T14388] usb 6-1: USB disconnect, device number 5 [ 1304.044591][T14383] dw2102: su3000_power_ctrl: 1, initialized 0 [ 1304.059232][T14383] dvb-usb: bulk message failed: -22 (2/0) [ 1304.078722][T14383] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1304.092839][T14383] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 error while loading driver (-19) [ 1304.126166][ T9890] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 1304.157748][ T9890] usb 2-1: device descriptor read/8, error -71 [ 1304.178363][ T5950] usbhid 3-1:0.0: can't add hid device: -71 [ 1304.189520][ T5950] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1304.205986][ T5950] usb 3-1: USB disconnect, device number 65 [ 1304.416170][ T9890] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 1304.436987][ T9890] usb 2-1: device descriptor read/8, error -71 [ 1304.556550][ T9890] usb usb2-port1: unable to enumerate USB device [ 1304.609819][T20746] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4761'. [ 1305.042734][T20749] delete_channel: no stack [ 1305.841330][ T5950] usb 1-1: USB disconnect, device number 75 [ 1306.769452][T18157] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1307.026197][T18157] usb 1-1: Using ep0 maxpacket: 16 [ 1307.065163][T18157] usb 1-1: config index 0 descriptor too short (expected 526, got 367) [ 1307.086202][T18157] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1307.147301][T18157] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1307.157471][T18157] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.165504][T18157] usb 1-1: Product: syz [ 1307.193176][T18157] usb 1-1: Manufacturer: syz [ 1307.203314][T18157] usb 1-1: SerialNumber: syz [ 1307.221235][T18157] usb 1-1: config 0 descriptor?? [ 1307.586813][T18157] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1307.766183][T18157] usb 3-1: Using ep0 maxpacket: 32 [ 1307.778716][T18157] usb 3-1: config 2 has an invalid interface number: 45 but max is 0 [ 1307.789692][T18157] usb 3-1: config 2 has no interface number 0 [ 1307.804408][T18157] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1307.825528][T18157] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1307.850255][T18157] usb 3-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92 [ 1307.862135][T18157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.878614][T18157] usb 3-1: Product: syz [ 1307.886544][T18157] usb 3-1: Manufacturer: syz [ 1307.896835][T18157] usb 3-1: SerialNumber: syz [ 1307.926414][T18157] kobil_sct 3-1:2.45: KOBIL USB smart card terminal converter detected [ 1307.967721][T18157] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 1308.278796][ T9890] usb 3-1: USB disconnect, device number 66 [ 1308.300316][T20771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4767'. [ 1308.397284][ T9890] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 1308.415599][ T9890] kobil_sct 3-1:2.45: device disconnected [ 1309.246633][T14388] usb 1-1: USB disconnect, device number 76 [ 1309.418471][T20792] FAULT_INJECTION: forcing a failure. [ 1309.418471][T20792] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1309.472362][T20792] CPU: 1 UID: 0 PID: 20792 Comm: syz.0.4771 Tainted: G L syzkaller #0 PREEMPT(full) [ 1309.472396][T20792] Tainted: [L]=SOFTLOCKUP [ 1309.472405][T20792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1309.472426][T20792] Call Trace: [ 1309.472436][T20792] [ 1309.472446][T20792] dump_stack_lvl+0xe8/0x150 [ 1309.472482][T20792] should_fail_ex+0x412/0x560 [ 1309.472541][T20792] _copy_from_user+0x2d/0xb0 [ 1309.472566][T20792] get_compat_msghdr+0xb3/0x4c0 [ 1309.472589][T20792] ? __lock_acquire+0x6b5/0x2cf0 [ 1309.472621][T20792] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1309.472645][T20792] ? kstrtoull+0x12f/0x1d0 [ 1309.472680][T20792] ___sys_sendmsg+0x201/0x360 [ 1309.472710][T20792] ? __pfx____sys_sendmsg+0x10/0x10 [ 1309.472737][T20792] ? get_pid_task+0x20/0x1f0 [ 1309.472757][T20792] ? get_pid_task+0x20/0x1f0 [ 1309.472775][T20792] ? get_pid_task+0x20/0x1f0 [ 1309.472821][T20792] ? __fget_files+0x2a/0x420 [ 1309.472851][T20792] ? __fget_files+0x3a0/0x420 [ 1309.472891][T20792] __sys_sendmsg+0x183/0x260 [ 1309.472916][T20792] ? __pfx___sys_sendmsg+0x10/0x10 [ 1309.472957][T20792] __do_fast_syscall_32+0x20d/0x640 [ 1309.472984][T20792] ? do_fast_syscall_32+0x33/0x70 [ 1309.473007][T20792] ? asm_int80_emulation+0x1a/0x20 [ 1309.473027][T20792] ? do_int80_emulation+0x274/0x4d0 [ 1309.473050][T20792] ? trace_irq_disable+0x3b/0x150 [ 1309.473085][T20792] do_fast_syscall_32+0x33/0x70 [ 1309.473110][T20792] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1309.473135][T20792] RIP: 0023:0xf701ef6c [ 1309.473155][T20792] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1309.473173][T20792] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1309.473196][T20792] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 1309.473211][T20792] RDX: 0000000000044004 RSI: 0000000000000000 RDI: 0000000000000000 [ 1309.473224][T20792] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1309.473236][T20792] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1309.473248][T20792] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1309.473278][T20792] [ 1310.030312][T14383] IPVS: starting estimator thread 0... [ 1310.126284][T20799] IPVS: using max 26 ests per chain, 62400 per kthread [ 1310.214048][T20806] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1310.356191][T18157] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1310.382913][T20810] syz.1.4775 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1310.656197][T18157] usb 1-1: Using ep0 maxpacket: 32 [ 1310.665786][T18157] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1310.675413][T18157] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1310.760358][T18157] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1310.822166][T18157] usb 1-1: config 0 descriptor?? [ 1311.148867][T20819] delete_channel: no stack [ 1312.075055][ T24] usb 4-1: USB disconnect, device number 76 [ 1312.499157][T20839] FAULT_INJECTION: forcing a failure. [ 1312.499157][T20839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1312.537185][T20839] CPU: 1 UID: 0 PID: 20839 Comm: syz.3.4778 Tainted: G L syzkaller #0 PREEMPT(full) [ 1312.537210][T20839] Tainted: [L]=SOFTLOCKUP [ 1312.537216][T20839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1312.537226][T20839] Call Trace: [ 1312.537232][T20839] [ 1312.537240][T20839] dump_stack_lvl+0xe8/0x150 [ 1312.537266][T20839] should_fail_ex+0x412/0x560 [ 1312.537292][T20839] _copy_from_user+0x2d/0xb0 [ 1312.537309][T20839] do_tcp_getsockopt+0x22e/0x2950 [ 1312.537429][T20839] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 1312.537451][T20839] ? sock_recv_errqueue+0x520/0x590 [ 1312.537479][T20839] ? aa_label_sk_perm+0x532/0x6e0 [ 1312.537500][T20839] ? __lock_acquire+0x6b5/0x2cf0 [ 1312.537525][T20839] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1312.537544][T20839] ? kstrtoull+0x12f/0x1d0 [ 1312.537569][T20839] ? kstrtouint+0x6e/0xe0 [ 1312.537593][T20839] ? get_pid_task+0x20/0x1f0 [ 1312.537620][T20839] ? aa_sk_perm+0x6d5/0x900 [ 1312.537645][T20839] ? __pfx_aa_sk_perm+0x10/0x10 [ 1312.537665][T20839] ? ksys_write+0x1e6/0x270 [ 1312.537683][T20839] tcp_getsockopt+0x83/0x130 [ 1312.537704][T20839] ? sock_recv_errqueue+0x520/0x590 [ 1312.537725][T20839] ? sock_recv_errqueue+0x520/0x590 [ 1312.537745][T20839] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1312.537768][T20839] do_sock_getsockopt+0x2d3/0x3f0 [ 1312.537786][T20839] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1312.537803][T20839] ? __fget_files+0x2a/0x420 [ 1312.537825][T20839] ? __fget_files+0x3a0/0x420 [ 1312.537845][T20839] ? __fget_files+0x2a/0x420 [ 1312.537872][T20839] __ia32_sys_getsockopt+0x1a4/0x240 [ 1312.537895][T20839] __do_fast_syscall_32+0x20d/0x640 [ 1312.537914][T20839] ? do_fast_syscall_32+0x33/0x70 [ 1312.537930][T20839] ? asm_int80_emulation+0x1a/0x20 [ 1312.537944][T20839] ? do_int80_emulation+0x274/0x4d0 [ 1312.537961][T20839] ? trace_irq_disable+0x3b/0x150 [ 1312.537985][T20839] do_fast_syscall_32+0x33/0x70 [ 1312.538003][T20839] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1312.538021][T20839] RIP: 0023:0xf70bef6c [ 1312.538035][T20839] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1312.538048][T20839] RSP: 002b:00000000f54ad50c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 1312.538070][T20839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006 [ 1312.538080][T20839] RDX: 0000000000000023 RSI: 0000000080001f40 RDI: 0000000080001f80 [ 1312.538090][T20839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1312.538099][T20839] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1312.538116][T20839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1312.538137][T20839] [ 1312.874424][ T24] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1313.040079][ T24] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1313.049213][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.057381][ T24] usb 3-1: Product: syz [ 1313.061562][ T24] usb 3-1: Manufacturer: syz [ 1313.066226][ T24] usb 3-1: SerialNumber: syz [ 1313.126203][T14395] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1313.143619][T14388] usb 1-1: USB disconnect, device number 77 [ 1313.283574][T14395] usb 4-1: Using ep0 maxpacket: 32 [ 1313.319645][T14395] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1313.329306][T14395] usb 4-1: config 0 has no interface number 0 [ 1313.344270][T14395] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1313.354735][T14395] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1313.364939][T14395] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1313.374316][T14395] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.386897][T14395] usb 4-1: Product: syz [ 1313.391123][T14395] usb 4-1: Manufacturer: syz [ 1313.395980][T14395] usb 4-1: SerialNumber: syz [ 1313.404744][T14395] usb 4-1: config 0 descriptor?? [ 1313.427841][T14395] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1313.437557][T14395] em28xx 4-1:0.89: Video interface 89 found: [ 1313.494223][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1313.506550][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1313.526427][T14388] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 1313.650740][T14383] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1313.696949][T14388] usb 2-1: Using ep0 maxpacket: 16 [ 1313.704019][T14388] usb 2-1: config index 0 descriptor too short (expected 526, got 367) [ 1313.712972][T14388] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1313.729824][T14388] usb 2-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1313.740388][T14388] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.748865][T14388] usb 2-1: Product: syz [ 1313.753165][T14388] usb 2-1: Manufacturer: syz [ 1313.764155][T14388] usb 2-1: SerialNumber: syz [ 1313.773587][T14388] usb 2-1: config 0 descriptor?? [ 1313.806138][T14383] usb 6-1: Using ep0 maxpacket: 32 [ 1313.819493][T14383] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1313.841349][T14383] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1313.851784][T14383] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1313.861309][T14383] usb 6-1: Product: syz [ 1313.865559][T14383] usb 6-1: Manufacturer: syz [ 1313.875353][T14383] usb 6-1: SerialNumber: syz [ 1313.890382][T14383] usb 6-1: config 0 descriptor?? [ 1313.897132][T20858] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 1313.906680][T14383] hub 6-1:0.0: bad descriptor, ignoring hub [ 1313.912691][T14383] hub 6-1:0.0: probe with driver hub failed with error -5 [ 1314.037392][T14395] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 1314.200595][T20880] FAULT_INJECTION: forcing a failure. [ 1314.200595][T20880] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1314.219117][T20880] CPU: 0 UID: 0 PID: 20880 Comm: syz.0.4784 Tainted: G L syzkaller #0 PREEMPT(full) [ 1314.219152][T20880] Tainted: [L]=SOFTLOCKUP [ 1314.219161][T20880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1314.219174][T20880] Call Trace: [ 1314.219184][T20880] [ 1314.219194][T20880] dump_stack_lvl+0xe8/0x150 [ 1314.219229][T20880] should_fail_ex+0x412/0x560 [ 1314.219265][T20880] _copy_from_user+0x2d/0xb0 [ 1314.219292][T20880] get_compat_msghdr+0xb3/0x4c0 [ 1314.219315][T20880] ? __lock_acquire+0x6b5/0x2cf0 [ 1314.219348][T20880] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1314.219403][T20880] ___sys_sendmsg+0x201/0x360 [ 1314.219436][T20880] ? __pfx____sys_sendmsg+0x10/0x10 [ 1314.219464][T20880] ? kstrtoull+0x12f/0x1d0 [ 1314.219518][T20880] ? __fget_files+0x2a/0x420 [ 1314.219548][T20880] ? __fget_files+0x3a0/0x420 [ 1314.219589][T20880] __sys_sendmmsg+0x2e7/0x4e0 [ 1314.219617][T20880] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1314.219669][T20880] ? fput+0xa0/0xd0 [ 1314.219700][T20880] ? ksys_write+0x242/0x270 [ 1314.219730][T20880] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1314.219755][T20880] __do_fast_syscall_32+0x20d/0x640 [ 1314.219784][T20880] ? do_fast_syscall_32+0x33/0x70 [ 1314.219806][T20880] ? asm_int80_emulation+0x1a/0x20 [ 1314.219826][T20880] ? do_int80_emulation+0x274/0x4d0 [ 1314.219850][T20880] ? trace_irq_disable+0x3b/0x150 [ 1314.219884][T20880] do_fast_syscall_32+0x33/0x70 [ 1314.219908][T20880] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1314.219932][T20880] RIP: 0023:0xf701ef6c [ 1314.219951][T20880] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1314.219969][T20880] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1314.219990][T20880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000740 [ 1314.220012][T20880] RDX: 0000000000000002 RSI: 0000000020004000 RDI: 0000000000000000 [ 1314.220026][T20880] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1314.220038][T20880] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1314.220050][T20880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1314.220080][T20880] [ 1314.689302][T14395] em28xx 4-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64) [ 1314.719355][T20890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4785'. [ 1314.781078][T14395] em28xx 4-1:0.89: board has no eeprom [ 1314.946243][T14395] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 1314.953994][T14395] em28xx 4-1:0.89: analog set to bulk mode. [ 1314.964763][T18157] em28xx 4-1:0.89: Registering V4L2 extension [ 1314.988973][T14395] usb 4-1: USB disconnect, device number 77 [ 1315.018492][T14395] em28xx 4-1:0.89: Disconnecting em28xx [ 1315.141821][T18157] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 1315.149602][T18157] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 1315.159185][T18157] em28xx 4-1:0.89: No AC97 audio processor [ 1315.209809][T18157] usb 4-1: Decoder not found [ 1315.220511][T18157] em28xx 4-1:0.89: failed to create media graph [ 1315.240006][T18157] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 1315.255444][T18157] em28xx 4-1:0.89: Registering snapshot button... [ 1315.272523][T18157] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input133 [ 1315.303363][T18157] em28xx 4-1:0.89: Remote control support is not available for this card. [ 1315.318991][T14395] em28xx 4-1:0.89: Closing input extension [ 1315.336030][T14395] em28xx 4-1:0.89: Deregistering snapshot button [ 1315.365889][T14395] em28xx 4-1:0.89: Freeing device [ 1315.892995][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x000000e0. ret = -EPROTO [ 1315.908355][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to init LTM with error -EPROTO [ 1315.924351][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1315.944719][ T24] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1315.957095][ T24] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 1316.010352][ T24] usb 3-1: USB disconnect, device number 67 [ 1316.301435][ T6717] usb 2-1: USB disconnect, device number 55 [ 1316.351161][T20908] delete_channel: no stack [ 1317.056219][ T6717] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1317.196587][ T6717] usb 3-1: device descriptor read/64, error -71 [ 1317.606808][ T6717] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1317.736166][T14388] usb 1-1: new full-speed USB device number 78 using dummy_hcd [ 1317.991131][ T6717] usb 3-1: device descriptor read/64, error -71 [ 1318.160150][ T6717] usb usb3-port1: attempt power cycle [ 1318.241397][T14388] usb 1-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c [ 1318.250609][T14388] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1318.280978][T14388] usb 1-1: Product: syz [ 1318.289293][T14388] usb 1-1: Manufacturer: syz [ 1318.297608][T14388] usb 1-1: SerialNumber: syz [ 1318.316569][T14388] usb 1-1: config 0 descriptor?? [ 1318.332946][T14388] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state. [ 1318.360056][T14388] dw2102: su3000_power_ctrl: 1, initialized 0 [ 1318.376158][T14388] dvb-usb: bulk message failed: -22 (2/0) [ 1318.400855][T14388] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1318.440597][T14388] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 error while loading driver (-19) [ 1318.586697][ T6717] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1319.297961][ T6717] usb 3-1: device descriptor read/8, error -71 [ 1319.536177][ T6717] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1319.628429][ T6717] usb 3-1: device descriptor read/8, error -71 [ 1319.746464][ T6717] usb usb3-port1: unable to enumerate USB device [ 1319.760667][ T5950] usb 6-1: USB disconnect, device number 6 [ 1319.849178][T20929] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4796'. [ 1319.857544][T14379] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1319.869075][T20929] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4796'. [ 1319.896464][T20930] netlink: 'syz.3.4797': attribute type 12 has an invalid length. [ 1319.970417][T20930] bond1: option primary_reselect: invalid value (255) [ 1319.994239][T20930] bond1 (unregistering): Released all slaves [ 1320.027174][T14379] usb 2-1: Using ep0 maxpacket: 32 [ 1320.041067][T14379] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1320.073131][T14379] usb 2-1: config 0 has no interfaces? [ 1320.086765][T14379] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1320.116275][T14379] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1320.134621][T14379] usb 2-1: Product: syz [ 1320.140005][T14379] usb 2-1: Manufacturer: syz [ 1320.154916][T14379] usb 2-1: SerialNumber: syz [ 1320.163094][T14379] usb 2-1: config 0 descriptor?? [ 1320.206297][T20936] RDS: rds_bind could not find a transport for fe80::3e, load rds_tcp or rds_rdma? [ 1320.226216][ T6717] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1320.260420][T20938] FAULT_INJECTION: forcing a failure. [ 1320.260420][T20938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1320.273595][T20938] CPU: 1 UID: 0 PID: 20938 Comm: syz.5.4800 Tainted: G L syzkaller #0 PREEMPT(full) [ 1320.273626][T20938] Tainted: [L]=SOFTLOCKUP [ 1320.273633][T20938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1320.273647][T20938] Call Trace: [ 1320.273656][T20938] [ 1320.273665][T20938] dump_stack_lvl+0xe8/0x150 [ 1320.273704][T20938] should_fail_ex+0x412/0x560 [ 1320.273741][T20938] _copy_from_user+0x2d/0xb0 [ 1320.273765][T20938] get_compat_msghdr+0xb3/0x4c0 [ 1320.273787][T20938] ? __lock_acquire+0x6b5/0x2cf0 [ 1320.273821][T20938] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1320.273855][T20938] ___sys_sendmsg+0x201/0x360 [ 1320.273886][T20938] ? __pfx____sys_sendmsg+0x10/0x10 [ 1320.273915][T20938] ? kstrtoull+0x12f/0x1d0 [ 1320.273971][T20938] ? __fget_files+0x2a/0x420 [ 1320.274002][T20938] ? __fget_files+0x3a0/0x420 [ 1320.274042][T20938] __sys_sendmmsg+0x2e7/0x4e0 [ 1320.274071][T20938] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1320.274121][T20938] ? fput+0xa0/0xd0 [ 1320.274151][T20938] ? ksys_write+0x242/0x270 [ 1320.274190][T20938] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1320.274215][T20938] __do_fast_syscall_32+0x20d/0x640 [ 1320.274242][T20938] ? do_fast_syscall_32+0x33/0x70 [ 1320.274265][T20938] ? asm_int80_emulation+0x1a/0x20 [ 1320.274285][T20938] ? do_int80_emulation+0x274/0x4d0 [ 1320.274307][T20938] ? trace_irq_disable+0x3b/0x150 [ 1320.274343][T20938] do_fast_syscall_32+0x33/0x70 [ 1320.274367][T20938] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1320.274392][T20938] RIP: 0023:0xf7fa6f6c [ 1320.274411][T20938] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1320.274429][T20938] RSP: 002b:00000000f546650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1320.274451][T20938] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240 [ 1320.274465][T20938] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000000 [ 1320.274477][T20938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1320.274489][T20938] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1320.274500][T20938] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1320.274529][T20938] [ 1320.575562][ T6717] usb 4-1: Using ep0 maxpacket: 16 [ 1320.641098][ T6717] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1320.659060][ T6717] usb 4-1: config 4 has an invalid interface number: 127 but max is 0 [ 1320.671727][ T6717] usb 4-1: config 4 has no interface number 0 [ 1320.695715][ T6717] usb 4-1: config 4 interface 127 has no altsetting 0 [ 1320.724520][ T6717] usb 4-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=2b.48 [ 1320.737341][ T6717] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1320.756145][ T6717] usb 4-1: Product: syz [ 1320.760385][ T6717] usb 4-1: SerialNumber: syz [ 1320.946233][ T5950] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1321.092321][ T6717] usb 4-1: USB disconnect, device number 78 [ 1321.156246][ T5950] usb 6-1: Using ep0 maxpacket: 16 [ 1321.173696][ T5950] usb 6-1: config index 0 descriptor too short (expected 526, got 367) [ 1321.193529][ T5950] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1321.239447][ T5950] usb 6-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1321.259793][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1321.276160][ T5950] usb 6-1: Product: syz [ 1321.286429][ T5950] usb 6-1: Manufacturer: syz [ 1321.300108][ T5950] usb 6-1: SerialNumber: syz [ 1321.332661][ T5950] usb 6-1: config 0 descriptor?? [ 1321.760709][T20957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4804'. [ 1322.362111][ T5950] usb 2-1: USB disconnect, device number 56 [ 1322.725265][ T6717] usb 1-1: USB disconnect, device number 78 [ 1322.732907][T20964] delete_channel: no stack [ 1323.436519][ T6717] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1323.566508][ T6717] usb 1-1: device descriptor read/64, error -71 [ 1323.626201][ T24] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1323.676208][ T5950] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1323.713320][T20974] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4809'. [ 1323.722595][T20974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4809'. [ 1323.787099][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 1323.794463][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1323.805925][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1323.816125][ T6717] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 1323.817496][ T24] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1323.834630][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1323.842798][ T5950] usb 4-1: Using ep0 maxpacket: 16 [ 1323.850224][ T5950] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1323.861111][ T5950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1323.873940][ T24] usb 3-1: config 0 descriptor?? [ 1323.879839][ T5950] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1323.894664][ T5950] usb 4-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 1323.907797][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1323.934838][ T5950] usb 4-1: config 0 descriptor?? [ 1323.946510][ T5950] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1323.966240][ T6717] usb 1-1: device descriptor read/64, error -71 [ 1324.086616][ T6717] usb usb1-port1: attempt power cycle [ 1324.278441][T20983] FAULT_INJECTION: forcing a failure. [ 1324.278441][T20983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1324.298514][T20983] CPU: 1 UID: 0 PID: 20983 Comm: syz.1.4812 Tainted: G L syzkaller #0 PREEMPT(full) [ 1324.298541][T20983] Tainted: [L]=SOFTLOCKUP [ 1324.298546][T20983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1324.298556][T20983] Call Trace: [ 1324.298563][T20983] [ 1324.298569][T20983] dump_stack_lvl+0xe8/0x150 [ 1324.298595][T20983] should_fail_ex+0x412/0x560 [ 1324.298621][T20983] _copy_to_user+0x31/0xb0 [ 1324.298642][T20983] simple_read_from_buffer+0xe1/0x170 [ 1324.298668][T20983] proc_fail_nth_read+0x1bb/0x230 [ 1324.298693][T20983] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1324.298716][T20983] ? rw_verify_area+0x2a6/0x4d0 [ 1324.298732][T20983] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1324.298754][T20983] vfs_read+0x20c/0xa70 [ 1324.298769][T20983] ? fdget_pos+0x246/0x320 [ 1324.298794][T20983] ? __pfx___mutex_lock+0x10/0x10 [ 1324.298814][T20983] ? __pfx_vfs_read+0x10/0x10 [ 1324.298830][T20983] ? __fget_files+0x2a/0x420 [ 1324.298855][T20983] ? __fget_files+0x3a0/0x420 [ 1324.298876][T20983] ? __fget_files+0x2a/0x420 [ 1324.298904][T20983] ksys_read+0x150/0x270 [ 1324.298922][T20983] ? __pfx_ksys_read+0x10/0x10 [ 1324.298943][T20983] ? asm_int80_emulation+0x1a/0x20 [ 1324.298962][T20983] do_int80_emulation+0x173/0x4d0 [ 1324.298979][T20983] ? trace_irq_disable+0x3b/0x150 [ 1324.299001][T20983] ? asm_int80_emulation+0x1a/0x20 [ 1324.299015][T20983] ? clear_bhb_loop+0x40/0x90 [ 1324.299030][T20983] ? clear_bhb_loop+0x40/0x90 [ 1324.299048][T20983] asm_int80_emulation+0x1a/0x20 [ 1324.299062][T20983] RIP: 0023:0xf71b5cab [ 1324.299076][T20983] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 1324.299089][T20983] RSP: 002b:00000000f54344bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1324.299105][T20983] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54345d0 [ 1324.299115][T20983] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 1324.299123][T20983] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1324.299132][T20983] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1324.299140][T20983] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1324.299161][T20983] [ 1324.575460][ T24] ft260 0003:0403:6030.0072: unknown main item tag 0x7 [ 1324.596747][ T6717] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1324.617179][ T6717] usb 1-1: device descriptor read/8, error -71 [ 1324.630875][ T5950] usb 6-1: USB disconnect, device number 7 [ 1324.775080][T20970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1324.784793][T20970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1324.861415][ T24] ft260 0003:0403:6030.0072: chip code: 2088 3e87 [ 1324.869455][ T6717] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1324.915214][T20991] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1324.927857][T14388] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 1324.982274][ T6717] usb 1-1: device descriptor read/8, error -71 [ 1325.092947][T14388] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1325.101419][ T6717] usb usb1-port1: unable to enumerate USB device [ 1325.109242][T14388] usb 2-1: not running at top speed; connect to a high speed hub [ 1325.120537][T14388] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4 [ 1325.226966][ T24] ft260 0003:0403:6030.0072: failed to retrieve system status [ 1325.244938][ T24] ft260 0003:0403:6030.0072: probe with driver ft260 failed with error -71 [ 1325.263102][T14388] usb 2-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40 [ 1325.280245][ T24] usb 3-1: USB disconnect, device number 72 [ 1325.286454][T14388] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1325.307283][T14388] usb 2-1: Product: syz [ 1325.311582][T14388] usb 2-1: Manufacturer: syz [ 1325.385652][T14388] usb 2-1: SerialNumber: syz [ 1325.682787][T14388] usb 2-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 1325.695892][T14388] usb 2-1: found format II with max.bitrate = 512, frame size=4095 [ 1325.708798][T14388] usb 2-1: 1:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 1325.721088][T14388] usb 2-1: found format II with max.bitrate = 512, frame size=4095 [ 1325.770260][T14388] usb 2-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 1325.879688][T20996] FAULT_INJECTION: forcing a failure. [ 1325.879688][T20996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1325.893191][T20996] CPU: 1 UID: 0 PID: 20996 Comm: syz.1.4815 Tainted: G L syzkaller #0 PREEMPT(full) [ 1325.893216][T20996] Tainted: [L]=SOFTLOCKUP [ 1325.893222][T20996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1325.893231][T20996] Call Trace: [ 1325.893238][T20996] [ 1325.893244][T20996] dump_stack_lvl+0xe8/0x150 [ 1325.893272][T20996] should_fail_ex+0x412/0x560 [ 1325.893297][T20996] _copy_from_user+0x2d/0xb0 [ 1325.893330][T20996] ucma_write+0x15d/0x2f0 [ 1325.893432][T20996] ? __pfx_ucma_write+0x10/0x10 [ 1325.893451][T20996] ? security_file_permission+0x75/0x260 [ 1325.893471][T20996] ? rw_verify_area+0x255/0x4d0 [ 1325.893487][T20996] ? __pfx_ucma_write+0x10/0x10 [ 1325.893524][T20996] vfs_write+0x29a/0xb90 [ 1325.893546][T20996] ? __pfx_vfs_write+0x10/0x10 [ 1325.893563][T20996] ? __fget_files+0x2a/0x420 [ 1325.893587][T20996] ? __fget_files+0x2a/0x420 [ 1325.893610][T20996] ? __fget_files+0x3a0/0x420 [ 1325.893631][T20996] ? __fget_files+0x2a/0x420 [ 1325.893658][T20996] ksys_write+0x150/0x270 [ 1325.893676][T20996] ? __pfx_ksys_write+0x10/0x10 [ 1325.893699][T20996] __do_fast_syscall_32+0x20d/0x640 [ 1325.893718][T20996] ? do_fast_syscall_32+0x33/0x70 [ 1325.893734][T20996] ? asm_int80_emulation+0x1a/0x20 [ 1325.893749][T20996] ? do_int80_emulation+0x274/0x4d0 [ 1325.893765][T20996] ? trace_irq_disable+0x3b/0x150 [ 1325.893790][T20996] do_fast_syscall_32+0x33/0x70 [ 1325.893807][T20996] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1325.893825][T20996] RIP: 0023:0xf7fb2f6c [ 1325.893839][T20996] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1325.893851][T20996] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1325.893867][T20996] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180 [ 1325.893878][T20996] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 1325.893886][T20996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1325.893895][T20996] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1325.893904][T20996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1325.893924][T20996] [ 1326.402106][T14388] usb 2-1: USB disconnect, device number 57 [ 1326.491978][ T24] usb 4-1: USB disconnect, device number 79 [ 1326.509738][T21005] fuse: Invalid uid '00000000000000000003' [ 1326.559022][T21007] delete_channel: no stack [ 1326.630181][T21009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4820'. [ 1326.641769][T21009] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4820'. [ 1326.666030][T21011] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4817'. [ 1326.865194][ T5950] usb 1-1: new full-speed USB device number 83 using dummy_hcd [ 1327.058120][ T5950] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1327.068530][ T5950] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0a1d, bcdDevice= 0.00 [ 1327.081083][ T5950] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1327.102709][ T5950] usb 1-1: config 0 descriptor?? [ 1327.117677][ T5950] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1327.176168][T14379] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 1327.520103][T14379] usb 6-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85 [ 1327.536446][T14379] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1327.544901][T14379] usb 6-1: Product: syz [ 1327.556185][T14379] usb 6-1: Manufacturer: syz [ 1327.577985][T14379] usb 6-1: SerialNumber: syz [ 1327.598602][T14379] usb 6-1: config 0 descriptor?? [ 1327.618020][T14379] usb 6-1: selecting invalid altsetting 1 [ 1327.623969][T14379] technisat-usb2: could not set alternate setting to 0 [ 1327.736388][T21021] ptrace attach of "./syz-executor exec"[21023] was attempted by "./syz-executor exec"[21021] [ 1327.813717][T21018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1327.824927][T21018] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1327.894281][T14379] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in cold state, will try to load a firmware [ 1327.932360][T14379] usb 6-1: Direct firmware load for dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw failed with error -2 [ 1327.950126][T14379] usb 6-1: Falling back to sysfs fallback for: dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw [ 1328.086763][T14383] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1328.236237][T14383] usb 3-1: Using ep0 maxpacket: 16 [ 1328.243931][T14383] usb 3-1: config index 0 descriptor too short (expected 526, got 367) [ 1328.252375][T14383] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1328.266254][T14383] usb 3-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1328.275406][T14383] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1328.283687][T14383] usb 3-1: Product: syz [ 1328.288302][T14383] usb 3-1: Manufacturer: syz [ 1328.292918][T14383] usb 3-1: SerialNumber: syz [ 1328.300223][T14383] usb 3-1: config 0 descriptor?? [ 1328.346205][ T6717] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1328.476165][ T6717] usb 4-1: device descriptor read/64, error -71 [ 1328.716193][ T6717] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1328.848339][ T6717] usb 4-1: device descriptor read/64, error -71 [ 1328.957479][ T6717] usb usb4-port1: attempt power cycle [ 1328.976397][T14383] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1329.116298][T14383] usb 2-1: device descriptor read/64, error -71 [ 1329.296642][ T6717] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1329.316946][ T6717] usb 4-1: device descriptor read/8, error -71 [ 1329.356213][T14383] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1329.483678][ T5950] usb 1-1: USB disconnect, device number 83 [ 1329.488650][T14383] usb 2-1: device descriptor read/64, error -71 [ 1329.541348][T21047] FAULT_INJECTION: forcing a failure. [ 1329.541348][T21047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1329.556966][T21047] CPU: 1 UID: 0 PID: 21047 Comm: syz.0.4829 Tainted: G L syzkaller #0 PREEMPT(full) [ 1329.556999][T21047] Tainted: [L]=SOFTLOCKUP [ 1329.557007][T21047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1329.557021][T21047] Call Trace: [ 1329.557030][T21047] [ 1329.557039][T21047] dump_stack_lvl+0xe8/0x150 [ 1329.557080][T21047] should_fail_ex+0x412/0x560 [ 1329.557130][T21047] _copy_from_user+0x2d/0xb0 [ 1329.557154][T21047] get_compat_msghdr+0xb3/0x4c0 [ 1329.557178][T21047] ? __lock_acquire+0x6b5/0x2cf0 [ 1329.557209][T21047] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1329.557231][T21047] ? kstrtoull+0x12f/0x1d0 [ 1329.557267][T21047] ___sys_sendmsg+0x201/0x360 [ 1329.557298][T21047] ? __pfx____sys_sendmsg+0x10/0x10 [ 1329.557324][T21047] ? get_pid_task+0x20/0x1f0 [ 1329.557344][T21047] ? get_pid_task+0x20/0x1f0 [ 1329.557366][T21047] ? get_pid_task+0x20/0x1f0 [ 1329.557398][T21047] ? __fget_files+0x2a/0x420 [ 1329.557420][T21047] ? __fget_files+0x3a0/0x420 [ 1329.557448][T21047] __sys_sendmsg+0x183/0x260 [ 1329.557466][T21047] ? __pfx___sys_sendmsg+0x10/0x10 [ 1329.557498][T21047] __do_fast_syscall_32+0x20d/0x640 [ 1329.557517][T21047] ? do_fast_syscall_32+0x33/0x70 [ 1329.557533][T21047] ? asm_int80_emulation+0x1a/0x20 [ 1329.557548][T21047] ? do_int80_emulation+0x274/0x4d0 [ 1329.557564][T21047] ? trace_irq_disable+0x3b/0x150 [ 1329.557589][T21047] do_fast_syscall_32+0x33/0x70 [ 1329.557609][T21047] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1329.557628][T21047] RIP: 0023:0xf701ef6c [ 1329.557642][T21047] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1329.557655][T21047] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1329.557671][T21047] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0 [ 1329.557681][T21047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1329.557690][T21047] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1329.557699][T21047] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1329.557708][T21047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1329.557729][T21047] [ 1329.566435][ T6717] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1329.798473][T14383] usb usb2-port1: attempt power cycle [ 1329.826908][ T6717] usb 4-1: device descriptor read/8, error -71 [ 1329.946427][ T6717] usb usb4-port1: unable to enumerate USB device [ 1330.126256][ T6717] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1330.136277][T14383] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1330.156834][T14383] usb 2-1: device descriptor read/8, error -71 [ 1330.286188][ T6717] usb 1-1: Using ep0 maxpacket: 16 [ 1330.293073][ T6717] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1330.303092][ T6717] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.315521][ T6717] usb 1-1: config 0 descriptor?? [ 1330.325184][ T6717] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1330.406124][T14383] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1330.426993][T14383] usb 2-1: device descriptor read/8, error -71 [ 1330.536758][T14383] usb usb2-port1: unable to enumerate USB device [ 1330.839940][ T5950] usb 3-1: USB disconnect, device number 73 [ 1331.062894][T21053] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4831'. [ 1331.211994][T21058] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4832'. [ 1331.221093][T21058] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4832'. [ 1331.336188][T18486] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1331.426972][ T6717] gspca_sonixj: reg_w1 err -71 [ 1331.456328][ T6717] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 1331.479935][ T6717] usb 1-1: USB disconnect, device number 84 [ 1331.506173][T18486] usb 3-1: Using ep0 maxpacket: 16 [ 1331.515251][T18486] usb 3-1: config index 0 descriptor too short (expected 526, got 367) [ 1331.524324][T18486] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1331.539205][T18486] usb 3-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1331.550085][T18486] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1331.558140][T18486] usb 3-1: Product: syz [ 1331.562399][T18486] usb 3-1: Manufacturer: syz [ 1331.567061][T18486] usb 3-1: SerialNumber: syz [ 1331.574907][T18486] usb 3-1: config 0 descriptor?? [ 1331.677485][T21065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4834'. [ 1331.831744][T21067] delete_channel: no stack [ 1332.443294][T21076] FAULT_INJECTION: forcing a failure. [ 1332.443294][T21076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1332.459084][T21076] CPU: 1 UID: 0 PID: 21076 Comm: syz.0.4836 Tainted: G L syzkaller #0 PREEMPT(full) [ 1332.459109][T21076] Tainted: [L]=SOFTLOCKUP [ 1332.459115][T21076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1332.459124][T21076] Call Trace: [ 1332.459131][T21076] [ 1332.459138][T21076] dump_stack_lvl+0xe8/0x150 [ 1332.459164][T21076] should_fail_ex+0x412/0x560 [ 1332.459189][T21076] _copy_from_user+0x2d/0xb0 [ 1332.459206][T21076] get_compat_msghdr+0xb3/0x4c0 [ 1332.459222][T21076] ? __lock_acquire+0x6b5/0x2cf0 [ 1332.459246][T21076] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1332.459262][T21076] ? kstrtoull+0x12f/0x1d0 [ 1332.459288][T21076] ___sys_sendmsg+0x201/0x360 [ 1332.459311][T21076] ? __pfx____sys_sendmsg+0x10/0x10 [ 1332.459330][T21076] ? get_pid_task+0x20/0x1f0 [ 1332.459344][T21076] ? get_pid_task+0x20/0x1f0 [ 1332.459356][T21076] ? get_pid_task+0x20/0x1f0 [ 1332.459387][T21076] ? __fget_files+0x2a/0x420 [ 1332.459409][T21076] ? __fget_files+0x3a0/0x420 [ 1332.459438][T21076] __sys_sendmsg+0x183/0x260 [ 1332.459456][T21076] ? __pfx___sys_sendmsg+0x10/0x10 [ 1332.459488][T21076] __do_fast_syscall_32+0x20d/0x640 [ 1332.459508][T21076] ? do_fast_syscall_32+0x33/0x70 [ 1332.459547][T21076] ? asm_int80_emulation+0x1a/0x20 [ 1332.459568][T21076] ? do_int80_emulation+0x274/0x4d0 [ 1332.459590][T21076] ? trace_irq_disable+0x3b/0x150 [ 1332.459624][T21076] do_fast_syscall_32+0x33/0x70 [ 1332.459648][T21076] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1332.459672][T21076] RIP: 0023:0xf701ef6c [ 1332.459690][T21076] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1332.459708][T21076] RSP: 002b:00000000f53ec50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1332.459730][T21076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 1332.459745][T21076] RDX: 0000000024044040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1332.459757][T21076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1332.459770][T21076] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1332.459781][T21076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1332.459818][T21076] [ 1334.218112][ T6717] usb 3-1: USB disconnect, device number 74 [ 1334.516849][T14395] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1334.533462][T21101] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4844'. [ 1334.542976][T21101] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4844'. [ 1334.656325][T14395] usb 1-1: device descriptor read/64, error -71 [ 1334.689740][T21103] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1334.707165][ T24] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1334.907559][T14395] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1334.943795][ T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1334.963212][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1334.979593][ T24] usb 3-1: Product: syz [ 1334.983894][ T24] usb 3-1: Manufacturer: syz [ 1335.005826][ T24] usb 3-1: SerialNumber: syz [ 1335.012871][T21114] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4848'. [ 1335.038728][ T24] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1335.056391][T14395] usb 1-1: device descriptor read/64, error -71 [ 1335.063006][ T6717] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1335.065743][T14378] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1335.226987][T21119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4850'. [ 1335.241339][T14395] usb usb1-port1: attempt power cycle [ 1335.306324][ T6717] usb 2-1: device descriptor read/64, error -71 [ 1335.567250][ T6717] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1335.636176][T14395] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 1335.673861][T21120] tipc: Enabled bearer , priority 0 [ 1335.684730][T14395] usb 1-1: device descriptor read/8, error -71 [ 1335.694909][T21120] syzkaller0: entered promiscuous mode [ 1335.706356][ T6717] usb 2-1: device descriptor read/64, error -71 [ 1335.713574][T21120] syzkaller0: entered allmulticast mode [ 1335.866399][T21120] tipc: Resetting bearer [ 1335.927213][ T6717] usb usb2-port1: attempt power cycle [ 1335.966384][T14395] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 1335.986859][T14395] usb 1-1: device descriptor read/8, error -71 [ 1336.096611][T14395] usb usb1-port1: unable to enumerate USB device [ 1336.286415][ T6717] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1336.322244][ T6717] usb 2-1: device descriptor read/8, error -71 [ 1336.342613][T14378] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1336.374468][T14378] ath9k_htc: Failed to initialize the device [ 1336.430908][T14378] usb 3-1: ath9k_htc: USB layer deinitialized [ 1336.576913][ T6717] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1336.606533][ T6717] usb 2-1: device descriptor read/8, error -71 [ 1336.674002][T21094] tipc: Resetting bearer [ 1336.700379][T21094] tipc: Disabling bearer [ 1336.720929][ T6717] usb usb2-port1: unable to enumerate USB device [ 1336.779536][ T6717] usb 3-1: USB disconnect, device number 75 [ 1337.381914][T21137] FAULT_INJECTION: forcing a failure. [ 1337.381914][T21137] name failslab, interval 1, probability 0, space 0, times 0 [ 1337.395121][T21137] CPU: 0 UID: 0 PID: 21137 Comm: syz.0.4853 Tainted: G L syzkaller #0 PREEMPT(full) [ 1337.395152][T21137] Tainted: [L]=SOFTLOCKUP [ 1337.395159][T21137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1337.395172][T21137] Call Trace: [ 1337.395180][T21137] [ 1337.395190][T21137] dump_stack_lvl+0xe8/0x150 [ 1337.395234][T21137] should_fail_ex+0x412/0x560 [ 1337.395268][T21137] should_failslab+0xa8/0x100 [ 1337.395298][T21137] __kvmalloc_node_noprof+0x178/0x8a0 [ 1337.395323][T21137] ? file_tty_write+0x2e7/0xa20 [ 1337.395471][T21137] file_tty_write+0x2e7/0xa20 [ 1337.395509][T21137] vfs_write+0x61d/0xb90 [ 1337.395540][T21137] ? __pfx_vfs_write+0x10/0x10 [ 1337.395584][T21137] ksys_write+0x150/0x270 [ 1337.395609][T21137] ? __pfx_ksys_write+0x10/0x10 [ 1337.395642][T21137] __do_fast_syscall_32+0x20d/0x640 [ 1337.395668][T21137] ? do_fast_syscall_32+0x33/0x70 [ 1337.395690][T21137] ? asm_int80_emulation+0x1a/0x20 [ 1337.395710][T21137] ? do_int80_emulation+0x274/0x4d0 [ 1337.395732][T21137] ? trace_irq_disable+0x3b/0x150 [ 1337.395766][T21137] do_fast_syscall_32+0x33/0x70 [ 1337.395790][T21137] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1337.395815][T21137] RIP: 0023:0xf701ef6c [ 1337.395833][T21137] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1337.395851][T21137] RSP: 002b:00000000f53ec50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1337.395872][T21137] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000 [ 1337.395886][T21137] RDX: 00000000fffffedf RSI: 0000000000000000 RDI: 0000000000000000 [ 1337.395898][T21137] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1337.395909][T21137] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1337.395920][T21137] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1337.395951][T21137] [ 1337.742647][T21140] delete_channel: no stack [ 1338.316753][ T5950] usb 1-1: new full-speed USB device number 89 using dummy_hcd [ 1338.417283][ T5829] Bluetooth: hci2: command 0x2016 tx timeout [ 1338.478849][ T5950] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1338.488139][ T5950] usb 1-1: config 1 has no interface number 0 [ 1338.494282][ T5950] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1338.558284][ T5950] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1338.706162][ T5950] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1338.738928][ T5950] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1338.766792][ T5950] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 120, setting to 64 [ 1338.804901][ T5950] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1338.815672][ T5950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1338.839862][ T5950] usb 1-1: Product: syz [ 1338.851224][ T5950] usb 1-1: Manufacturer: syz [ 1338.868095][ T5950] usb 1-1: SerialNumber: syz [ 1338.889561][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.108380][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.120430][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.344605][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.526677][T21168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4862'. [ 1339.580469][T21167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4861'. [ 1339.777591][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.810957][T21147] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1339.825757][ T5950] cdc_ncm 1-1:1.1: bind() failure [ 1340.506470][ T5835] Bluetooth: hci2: command 0x2016 tx timeout [ 1340.573852][ T6717] usb 1-1: USB disconnect, device number 89 [ 1341.626544][T21186] FAULT_INJECTION: forcing a failure. [ 1341.626544][T21186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1341.639699][T21186] CPU: 0 UID: 0 PID: 21186 Comm: syz.2.4867 Tainted: G L syzkaller #0 PREEMPT(full) [ 1341.639723][T21186] Tainted: [L]=SOFTLOCKUP [ 1341.639729][T21186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1341.639738][T21186] Call Trace: [ 1341.639745][T21186] [ 1341.639752][T21186] dump_stack_lvl+0xe8/0x150 [ 1341.639778][T21186] should_fail_ex+0x412/0x560 [ 1341.639804][T21186] _copy_from_user+0x2d/0xb0 [ 1341.639821][T21186] __ia32_compat_sys_socketcall+0x169/0xa10 [ 1341.639843][T21186] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 1341.639861][T21186] ? fput+0xa0/0xd0 [ 1341.639882][T21186] ? ksys_write+0x242/0x270 [ 1341.639900][T21186] ? __pfx_ksys_write+0x10/0x10 [ 1341.639919][T21186] ? asm_int80_emulation+0x1a/0x20 [ 1341.639938][T21186] do_int80_emulation+0x173/0x4d0 [ 1341.639956][T21186] ? trace_irq_disable+0x3b/0x150 [ 1341.639978][T21186] ? asm_int80_emulation+0x1a/0x20 [ 1341.639991][T21186] ? clear_bhb_loop+0x40/0x90 [ 1341.640007][T21186] ? clear_bhb_loop+0x40/0x90 [ 1341.640025][T21186] asm_int80_emulation+0x1a/0x20 [ 1341.640038][T21186] RIP: 0023:0xf71b5cab [ 1341.640052][T21186] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 1341.640065][T21186] RSP: 002b:00000000f546c34c EFLAGS: 00000246 ORIG_RAX: 0000000000000066 [ 1341.640080][T21186] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f546c3f4 [ 1341.640091][T21186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1341.640100][T21186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1341.640108][T21186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1341.640117][T21186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1341.640138][T21186] [ 1342.253333][T21190] delete_channel: no stack [ 1343.335470][T21202] FAULT_INJECTION: forcing a failure. [ 1343.335470][T21202] name failslab, interval 1, probability 0, space 0, times 0 [ 1343.381602][T21202] CPU: 1 UID: 0 PID: 21202 Comm: syz.3.4872 Tainted: G L syzkaller #0 PREEMPT(full) [ 1343.381636][T21202] Tainted: [L]=SOFTLOCKUP [ 1343.381644][T21202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1343.381656][T21202] Call Trace: [ 1343.381666][T21202] [ 1343.381675][T21202] dump_stack_lvl+0xe8/0x150 [ 1343.381710][T21202] should_fail_ex+0x412/0x560 [ 1343.381746][T21202] should_failslab+0xa8/0x100 [ 1343.381774][T21202] __kvmalloc_node_noprof+0x178/0x8a0 [ 1343.381800][T21202] ? fuse_readdir+0x1581/0x2ee0 [ 1343.381873][T21202] fuse_readdir+0x1581/0x2ee0 [ 1343.381905][T21202] ? is_bpf_text_address+0x26/0x2b0 [ 1343.381940][T21202] ? register_lock_class+0x31/0x2e0 [ 1343.381971][T21202] ? __lock_acquire+0x6b5/0x2cf0 [ 1343.381999][T21202] ? __pfx_fuse_readdir+0x10/0x10 [ 1343.382042][T21202] ? aa_file_perm+0x192/0x15e0 [ 1343.382073][T21202] ? look_up_lock_class+0x57/0x110 [ 1343.382098][T21202] ? register_lock_class+0x31/0x2e0 [ 1343.382122][T21202] ? aa_file_perm+0x50e/0x15e0 [ 1343.382154][T21202] ? __lock_acquire+0x6b5/0x2cf0 [ 1343.382182][T21202] ? trace_contention_end+0x3d/0x150 [ 1343.382216][T21202] ? __mutex_lock+0x319/0x1300 [ 1343.382268][T21202] ? iterate_dir+0x292/0x570 [ 1343.382292][T21202] ? down_read_killable+0x1bb/0x340 [ 1343.382323][T21202] iterate_dir+0x399/0x570 [ 1343.382353][T21202] __se_sys_getdents64+0xf1/0x280 [ 1343.382400][T21202] ? __pfx___se_sys_getdents64+0x10/0x10 [ 1343.382425][T21202] ? __pfx_filldir64+0x10/0x10 [ 1343.382467][T21202] __do_fast_syscall_32+0x20d/0x640 [ 1343.382494][T21202] ? do_fast_syscall_32+0x33/0x70 [ 1343.382516][T21202] ? asm_int80_emulation+0x1a/0x20 [ 1343.382537][T21202] ? do_int80_emulation+0x274/0x4d0 [ 1343.382560][T21202] ? trace_irq_disable+0x3b/0x150 [ 1343.382596][T21202] do_fast_syscall_32+0x33/0x70 [ 1343.382633][T21202] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1343.382658][T21202] RIP: 0023:0xf70bef6c [ 1343.382677][T21202] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1343.382694][T21202] RSP: 002b:00000000f548c50c EFLAGS: 00000206 ORIG_RAX: 00000000000000dc [ 1343.382716][T21202] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 1343.382729][T21202] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000 [ 1343.382742][T21202] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1343.382753][T21202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1343.382765][T21202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1343.382794][T21202] [ 1344.438970][T21218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4876'. [ 1345.727555][T21227] bridge5: entered promiscuous mode [ 1345.729372][T21231] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4878'. [ 1346.786182][T14383] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1347.026436][T14383] usb 4-1: Using ep0 maxpacket: 16 [ 1347.038098][T14383] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1347.051443][T14383] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1347.155430][T14383] usb 4-1: config 0 descriptor?? [ 1347.193647][T14383] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1347.466174][ T6717] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1347.681153][ T6717] usb 2-1: Using ep0 maxpacket: 32 [ 1347.697139][ T6717] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1347.705406][ T6717] usb 2-1: config 0 has no interface number 0 [ 1347.712602][ T6717] usb 2-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1347.731919][ T6717] usb 2-1: config 0 interface 89 has no altsetting 0 [ 1347.746871][ T6717] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1347.756292][ T6717] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1347.779012][ T6717] usb 2-1: Product: syz [ 1347.786951][ T6717] usb 2-1: Manufacturer: syz [ 1347.801545][ T6717] usb 2-1: SerialNumber: syz [ 1347.822181][ T6717] usb 2-1: config 0 descriptor?? [ 1347.841671][ T6717] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1347.865588][ T6717] em28xx 2-1:0.89: Video interface 89 found: [ 1348.329088][T14383] gspca_sonixj: reg_w1 err -71 [ 1348.459899][ T6717] em28xx 2-1:0.89: unknown em28xx chip ID (0) [ 1348.476534][T14383] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 1348.487989][T14383] usb 4-1: USB disconnect, device number 84 [ 1348.543741][T21256] netlink: 'syz.2.4888': attribute type 1 has an invalid length. [ 1348.552016][T21256] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1348.568727][T21256] netlink: 108 bytes leftover after parsing attributes in process `syz.2.4888'. [ 1348.586267][T21256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4888'. [ 1348.681719][T21225] delete_channel: no stack [ 1348.757046][T21259] delete_channel: no stack [ 1349.096695][ T6717] em28xx 2-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64) [ 1349.106493][ T6717] em28xx 2-1:0.89: board has no eeprom [ 1349.323335][T21267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4892'. [ 1349.333243][T21267] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4892'. [ 1349.358823][ T6717] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 1349.372916][ T6717] em28xx 2-1:0.89: analog set to bulk mode. [ 1349.398966][T14388] em28xx 2-1:0.89: Registering V4L2 extension [ 1349.438466][ T6717] usb 2-1: USB disconnect, device number 66 [ 1349.463151][T21270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4891'. [ 1349.669005][ T6717] em28xx 2-1:0.89: Disconnecting em28xx [ 1349.689430][T14388] em28xx 2-1:0.89: Config register raw data: 0xffffffed [ 1349.714593][T14388] em28xx 2-1:0.89: AC97 chip type couldn't be determined [ 1349.740986][T14388] em28xx 2-1:0.89: No AC97 audio processor [ 1349.764131][T14388] usb 2-1: Decoder not found [ 1349.815483][T14388] em28xx 2-1:0.89: failed to create media graph [ 1349.882300][T14388] em28xx 2-1:0.89: V4L2 device video103 deregistered [ 1349.900964][T14388] em28xx 2-1:0.89: Registering snapshot button... [ 1349.959036][T14388] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input134 [ 1350.074138][T14388] em28xx 2-1:0.89: Remote control support is not available for this card. [ 1350.104824][ T6717] em28xx 2-1:0.89: Closing input extension [ 1350.114274][ T6717] em28xx 2-1:0.89: Deregistering snapshot button [ 1350.145722][ T6717] em28xx 2-1:0.89: Freeing device [ 1350.398472][T21284] tipc: Enabling of bearer rejected, failed to enable media [ 1350.596221][ T6717] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1350.760159][ T6717] usb 2-1: Using ep0 maxpacket: 16 [ 1350.769723][ T6717] usb 2-1: config index 0 descriptor too short (expected 526, got 367) [ 1350.801891][ T6717] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1350.855191][ T6717] usb 2-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1350.916547][ T6717] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.933932][ T6717] usb 2-1: Product: syz [ 1350.950274][ T6717] usb 2-1: Manufacturer: syz [ 1350.955002][ T6717] usb 2-1: SerialNumber: syz [ 1350.980702][ T6717] usb 2-1: config 0 descriptor?? [ 1351.135539][T21294] FAULT_INJECTION: forcing a failure. [ 1351.135539][T21294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1351.150917][T21294] CPU: 0 UID: 0 PID: 21294 Comm: syz.0.4901 Tainted: G L syzkaller #0 PREEMPT(full) [ 1351.150949][T21294] Tainted: [L]=SOFTLOCKUP [ 1351.150957][T21294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1351.150969][T21294] Call Trace: [ 1351.150977][T21294] [ 1351.150987][T21294] dump_stack_lvl+0xe8/0x150 [ 1351.151020][T21294] should_fail_ex+0x412/0x560 [ 1351.151054][T21294] _copy_from_user+0x2d/0xb0 [ 1351.151078][T21294] get_compat_msghdr+0xb3/0x4c0 [ 1351.151099][T21294] ? __lock_acquire+0x6b5/0x2cf0 [ 1351.151131][T21294] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1351.151165][T21294] ___sys_recvmsg+0x1dd/0x590 [ 1351.151193][T21294] ? __lock_acquire+0x6b5/0x2cf0 [ 1351.151219][T21294] ? __pfx____sys_recvmsg+0x10/0x10 [ 1351.151266][T21294] ? __fget_files+0x3a0/0x420 [ 1351.151307][T21294] do_recvmmsg+0x3a5/0x800 [ 1351.151339][T21294] ? __pfx_do_recvmmsg+0x10/0x10 [ 1351.151376][T21294] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1351.151406][T21294] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1351.151438][T21294] __sys_recvmmsg+0x1a5/0x290 [ 1351.151464][T21294] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1351.151489][T21294] ? ksys_write+0x242/0x270 [ 1351.151518][T21294] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 1351.151544][T21294] __do_fast_syscall_32+0x20d/0x640 [ 1351.151570][T21294] ? do_fast_syscall_32+0x33/0x70 [ 1351.151592][T21294] ? asm_int80_emulation+0x1a/0x20 [ 1351.151621][T21294] ? do_int80_emulation+0x274/0x4d0 [ 1351.151643][T21294] ? trace_irq_disable+0x3b/0x150 [ 1351.151677][T21294] do_fast_syscall_32+0x33/0x70 [ 1351.151701][T21294] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1351.151726][T21294] RIP: 0023:0xf701ef6c [ 1351.151745][T21294] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1351.151761][T21294] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 1351.151783][T21294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001740 [ 1351.151798][T21294] RDX: 0000000000000001 RSI: 0000000000002000 RDI: 0000000000000000 [ 1351.151809][T21294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1351.151821][T21294] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1351.151834][T21294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1351.151862][T21294] [ 1351.602843][T21303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4904'. [ 1351.623827][T21303] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4904'. [ 1352.032356][T21308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4905'. [ 1352.676581][T21316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4907'. [ 1353.308308][ T24] usb 2-1: USB disconnect, device number 67 [ 1353.490565][T21322] delete_channel: no stack [ 1353.756161][ T24] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1354.037763][ T24] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF [ 1354.059462][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1354.117243][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1354.186762][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1354.225432][ T24] usb 4-1: Product: syz [ 1354.238214][ T24] usb 4-1: Manufacturer: syz [ 1354.251887][ T24] usb 4-1: SerialNumber: syz [ 1354.424825][T21336] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4912'. [ 1355.546191][T21339] Bluetooth: hci1: command 0x0406 tx timeout [ 1355.930216][T21347] FAULT_INJECTION: forcing a failure. [ 1355.930216][T21347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1355.979699][T21347] CPU: 0 UID: 0 PID: 21347 Comm: syz.1.4913 Tainted: G L syzkaller #0 PREEMPT(full) [ 1355.979736][T21347] Tainted: [L]=SOFTLOCKUP [ 1355.979745][T21347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1355.979757][T21347] Call Trace: [ 1355.979765][T21347] [ 1355.979774][T21347] dump_stack_lvl+0xe8/0x150 [ 1355.979808][T21347] should_fail_ex+0x412/0x560 [ 1355.979841][T21347] _copy_from_user+0x2d/0xb0 [ 1355.979868][T21347] do_ipv6_setsockopt+0x264/0x31c0 [ 1355.979893][T21347] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1355.979909][T21347] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1355.979956][T21347] ? get_pid_task+0x20/0x1f0 [ 1355.979975][T21347] ? get_pid_task+0x20/0x1f0 [ 1355.979991][T21347] ? get_pid_task+0x20/0x1f0 [ 1355.980023][T21347] ? __lock_acquire+0x6b5/0x2cf0 [ 1355.980060][T21347] ? aa_sk_perm+0x6d5/0x900 [ 1355.980105][T21347] ? __pfx_aa_sk_perm+0x10/0x10 [ 1355.980134][T21347] ? aa_sock_opt_perm+0xff/0x1a0 [ 1355.980165][T21347] ipv6_setsockopt+0x59/0x170 [ 1355.980188][T21347] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1355.980211][T21347] do_sock_setsockopt+0x17c/0x1b0 [ 1355.980244][T21347] __ia32_sys_setsockopt+0x13d/0x1b0 [ 1355.980273][T21347] __do_fast_syscall_32+0x20d/0x640 [ 1355.980299][T21347] ? do_fast_syscall_32+0x33/0x70 [ 1355.980319][T21347] ? asm_int80_emulation+0x1a/0x20 [ 1355.980342][T21347] ? do_int80_emulation+0x274/0x4d0 [ 1355.980358][T21347] ? trace_irq_disable+0x3b/0x150 [ 1355.980397][T21347] do_fast_syscall_32+0x33/0x70 [ 1355.980421][T21347] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1355.980445][T21347] RIP: 0023:0xf7fb2f6c [ 1355.980463][T21347] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1355.980480][T21347] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 1355.980503][T21347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029 [ 1355.980513][T21347] RDX: 0000000000000001 RSI: 0000000080000080 RDI: 0000000000000004 [ 1355.980522][T21347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1355.980533][T21347] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1355.980556][T21347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1355.980585][T21347] [ 1356.511781][T21355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4915'. [ 1356.520991][T21355] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4915'. [ 1356.576317][T21339] Bluetooth: hci5: command 0x2016 tx timeout [ 1356.887415][ T24] cdc_ncm 4-1:1.0: bind() failure [ 1356.908827][ T24] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1357.035413][ T24] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1357.130475][ T24] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 1357.154653][T21391] netlink: 'syz.2.4917': attribute type 1 has an invalid length. [ 1357.204669][T21391] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1357.276556][ T24] usb 4-1: USB disconnect, device number 85 [ 1357.616551][ T5835] Bluetooth: hci1: command 0x0406 tx timeout [ 1357.667020][T21404] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 1357.707496][T21405] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4919'. [ 1357.936147][ T6717] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 1358.126585][ T6717] usb 1-1: Using ep0 maxpacket: 16 [ 1358.456655][ T6717] usb 1-1: config index 0 descriptor too short (expected 526, got 367) [ 1358.475004][ T6717] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1358.510322][ T6717] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1358.520003][ T6717] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1358.529950][ T6717] usb 1-1: Product: syz [ 1358.538323][ T6717] usb 1-1: Manufacturer: syz [ 1358.550588][ T6717] usb 1-1: SerialNumber: syz [ 1358.577484][ T6717] usb 1-1: config 0 descriptor?? [ 1358.658442][ T5829] Bluetooth: hci5: command 0x2016 tx timeout [ 1358.874453][T21416] delete_channel: no stack [ 1359.326184][T14395] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1359.526577][T14395] usb 4-1: Using ep0 maxpacket: 32 [ 1359.535725][T14395] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1359.569718][T21425] fuse: Invalid uid '00000000000000000003' [ 1359.576186][T14395] usb 4-1: config 0 has no interface number 0 [ 1359.587527][T14395] usb 4-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1359.604813][T14395] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1359.631708][T14395] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 1359.647244][T14395] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1359.662749][T14395] usb 4-1: Product: syz [ 1359.671616][T14395] usb 4-1: Manufacturer: syz [ 1359.683431][T14395] usb 4-1: SerialNumber: syz [ 1359.755377][T14395] usb 4-1: config 0 descriptor?? [ 1359.767977][T14395] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1359.777927][T14395] em28xx 4-1:0.89: Video interface 89 found: [ 1359.925785][T21431] netlink: 'syz.2.4931': attribute type 1 has an invalid length. [ 1359.933836][T21431] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1360.390259][T14395] em28xx 4-1:0.89: unknown em28xx chip ID (0) [ 1360.487432][ T5950] usb 1-1: USB disconnect, device number 90 [ 1360.977565][T21440] FAULT_INJECTION: forcing a failure. [ 1360.977565][T21440] name failslab, interval 1, probability 0, space 0, times 0 [ 1361.009715][T21440] CPU: 1 UID: 0 PID: 21440 Comm: syz.0.4933 Tainted: G L syzkaller #0 PREEMPT(full) [ 1361.009749][T21440] Tainted: [L]=SOFTLOCKUP [ 1361.009756][T21440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1361.009769][T21440] Call Trace: [ 1361.009780][T21440] [ 1361.009789][T21440] dump_stack_lvl+0xe8/0x150 [ 1361.009823][T21440] should_fail_ex+0x412/0x560 [ 1361.009858][T21440] should_failslab+0xa8/0x100 [ 1361.009885][T21440] __kmalloc_noprof+0xe8/0x760 [ 1361.009909][T21440] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1361.010088][T21440] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1361.010130][T21440] ? tomoyo_path_number_perm+0x219/0x630 [ 1361.010156][T21440] tomoyo_path_number_perm+0x246/0x630 [ 1361.010185][T21440] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1361.010215][T21440] ? __lock_acquire+0x6b5/0x2cf0 [ 1361.010275][T21440] ? __fget_files+0x2a/0x420 [ 1361.010309][T21440] ? __fget_files+0x3a0/0x420 [ 1361.010337][T21440] ? __fget_files+0x2a/0x420 [ 1361.010369][T21440] security_file_ioctl_compat+0xc3/0x2a0 [ 1361.010399][T21440] __ia32_compat_sys_ioctl+0x139/0x950 [ 1361.010426][T21440] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1361.010455][T21440] ? __fget_files+0x3a0/0x420 [ 1361.010490][T21440] ? fput+0xa0/0xd0 [ 1361.010518][T21440] ? ksys_write+0x242/0x270 [ 1361.010552][T21440] __do_fast_syscall_32+0x20d/0x640 [ 1361.010579][T21440] ? do_fast_syscall_32+0x33/0x70 [ 1361.010601][T21440] ? asm_int80_emulation+0x1a/0x20 [ 1361.010621][T21440] ? do_int80_emulation+0x274/0x4d0 [ 1361.010642][T21440] ? trace_irq_disable+0x3b/0x150 [ 1361.010676][T21440] do_fast_syscall_32+0x33/0x70 [ 1361.010699][T21440] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1361.010724][T21440] RIP: 0023:0xf701ef6c [ 1361.010760][T21440] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1361.010777][T21440] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1361.010800][T21440] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541b [ 1361.010814][T21440] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1361.010827][T21440] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1361.010839][T21440] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1361.010851][T21440] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1361.010882][T21440] [ 1361.010915][T21440] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1361.270026][T14395] em28xx 4-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64) [ 1361.291878][T14395] em28xx 4-1:0.89: board has no eeprom [ 1361.526119][T14395] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67) [ 1361.539905][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.547068][T14395] em28xx 4-1:0.89: analog set to bulk mode. [ 1361.553092][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.562462][ T5950] em28xx 4-1:0.89: Registering V4L2 extension [ 1361.628506][T14395] usb 4-1: USB disconnect, device number 86 [ 1361.684613][T14395] em28xx 4-1:0.89: Disconnecting em28xx [ 1361.772515][ T5950] em28xx 4-1:0.89: Config register raw data: 0xffffffed [ 1361.780711][ T5950] em28xx 4-1:0.89: AC97 chip type couldn't be determined [ 1361.791125][ T5950] em28xx 4-1:0.89: No AC97 audio processor [ 1361.798674][ T5950] usb 4-1: Decoder not found [ 1361.803341][ T5950] em28xx 4-1:0.89: failed to create media graph [ 1361.810782][ T5950] em28xx 4-1:0.89: V4L2 device video103 deregistered [ 1361.821455][ T5950] em28xx 4-1:0.89: Registering snapshot button... [ 1361.831881][ T5950] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input135 [ 1361.857141][T21456] ipip0: entered promiscuous mode [ 1361.862230][T21456] ipip0: entered allmulticast mode [ 1361.889774][T21456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4937'. [ 1361.899112][T18157] usb 3-1: new full-speed USB device number 76 using dummy_hcd [ 1361.918047][ T5950] em28xx 4-1:0.89: Remote control support is not available for this card. [ 1361.927407][T14395] em28xx 4-1:0.89: Closing input extension [ 1361.943915][T14395] em28xx 4-1:0.89: Deregistering snapshot button [ 1361.973269][T14395] em28xx 4-1:0.89: Freeing device [ 1362.060935][T18157] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1362.072072][T18157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1362.110509][T18157] usb 3-1: Product: syz [ 1362.125342][T18157] usb 3-1: Manufacturer: syz [ 1362.139602][T21462] delete_channel: no stack [ 1362.147102][T18157] usb 3-1: SerialNumber: syz [ 1362.168849][T18157] usb 3-1: config 0 descriptor?? [ 1362.468158][T18157] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1363.338780][ T30] audit: type=1326 audit(1773581754.415:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21465 comm="syz.5.4942" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa6f6c code=0x0 [ 1363.916418][T14388] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1363.978613][T18157] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1363.992039][T18157] usb 3-1: USB disconnect, device number 76 [ 1364.136937][T14388] usb 2-1: Using ep0 maxpacket: 16 [ 1364.213158][T14388] usb 2-1: config index 0 descriptor too short (expected 526, got 367) [ 1364.223203][T14388] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1364.373137][T14388] usb 2-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1364.384791][T14388] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1364.458556][T14388] usb 2-1: Product: syz [ 1364.483192][T14388] usb 2-1: Manufacturer: syz [ 1364.556111][T14388] usb 2-1: SerialNumber: syz [ 1364.577587][T14388] usb 2-1: config 0 descriptor?? [ 1364.688542][T21483] netlink: 'syz.5.4945': attribute type 1 has an invalid length. [ 1364.893131][T21483] bond1: (slave gretap1): making interface the new active one [ 1364.934377][T21483] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 1364.956176][T18157] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 1365.106582][T18157] usb 1-1: Using ep0 maxpacket: 16 [ 1365.128629][T18157] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1365.147311][T18157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1365.296183][T18157] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1365.324506][T18157] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1365.341137][T21496] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4948'. [ 1365.350258][T18157] usb 1-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 1365.359903][T18157] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.370946][T18157] usb 1-1: config 0 descriptor?? [ 1366.075726][T18157] usbhid 1-1:0.0: can't add hid device: -71 [ 1366.081911][T18157] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1366.119418][T18157] usb 1-1: USB disconnect, device number 91 [ 1366.313972][T21504] fuse: Invalid uid '00000000000000000003' [ 1366.559140][T21510] netlink: 'syz.2.4953': attribute type 1 has an invalid length. [ 1366.568204][T21510] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1366.606135][T14383] usb 4-1: new full-speed USB device number 87 using dummy_hcd [ 1366.756366][T14395] usb 2-1: USB disconnect, device number 68 [ 1366.790928][T14383] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1366.801213][T14383] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0a1d, bcdDevice= 0.00 [ 1366.833736][T14383] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1366.856963][T14383] usb 4-1: config 0 descriptor?? [ 1366.871762][T14383] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1366.919863][T21516] delete_channel: no stack [ 1367.166129][T18486] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 1367.186150][T14395] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1367.340630][T18486] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1367.349837][T18486] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1367.387945][T14395] usb 2-1: Using ep0 maxpacket: 32 [ 1367.394895][T18486] usb 1-1: Product: syz [ 1367.404467][T18486] usb 1-1: Manufacturer: syz [ 1367.411405][T14395] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1367.449371][T14395] usb 2-1: config 0 has no interfaces? [ 1367.460563][T14395] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1367.476281][T14395] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1367.498957][T14395] usb 2-1: config 0 descriptor?? [ 1367.530195][T18486] usb 1-1: SerialNumber: syz [ 1367.555364][T18486] usb 1-1: config 0 descriptor?? [ 1369.374457][T14388] usb 4-1: USB disconnect, device number 87 [ 1370.276129][T14395] usb 1-1: USB disconnect, device number 92 [ 1370.387936][T18157] usb 2-1: USB disconnect, device number 69 [ 1370.648548][T21545] FAULT_INJECTION: forcing a failure. [ 1370.648548][T21545] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.666409][ T5829] Bluetooth: hci4: command 0x2016 tx timeout [ 1370.679392][T21545] CPU: 0 UID: 0 PID: 21545 Comm: syz.1.4963 Tainted: G L syzkaller #0 PREEMPT(full) [ 1370.679422][T21545] Tainted: [L]=SOFTLOCKUP [ 1370.679431][T21545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1370.679443][T21545] Call Trace: [ 1370.679451][T21545] [ 1370.679461][T21545] dump_stack_lvl+0xe8/0x150 [ 1370.679494][T21545] should_fail_ex+0x412/0x560 [ 1370.679529][T21545] should_failslab+0xa8/0x100 [ 1370.679555][T21545] ? do_set_mempolicy+0x214/0x630 [ 1370.679583][T21545] kmem_cache_alloc_noprof+0x87/0x650 [ 1370.679613][T21545] do_set_mempolicy+0x214/0x630 [ 1370.679642][T21545] ? __pfx_do_set_mempolicy+0x10/0x10 [ 1370.679670][T21545] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1370.679720][T21545] ? compat_get_bitmap+0x129/0x170 [ 1370.679748][T21545] __se_sys_set_mempolicy+0x197/0x500 [ 1370.679781][T21545] ? __pfx___se_sys_set_mempolicy+0x10/0x10 [ 1370.679804][T21545] ? ksys_write+0x242/0x270 [ 1370.679840][T21545] __do_fast_syscall_32+0x20d/0x640 [ 1370.679868][T21545] ? do_fast_syscall_32+0x33/0x70 [ 1370.679892][T21545] ? asm_int80_emulation+0x1a/0x20 [ 1370.679912][T21545] ? do_int80_emulation+0x274/0x4d0 [ 1370.679935][T21545] ? trace_irq_disable+0x3b/0x150 [ 1370.679970][T21545] do_fast_syscall_32+0x33/0x70 [ 1370.679995][T21545] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1370.680021][T21545] RIP: 0023:0xf7fb2f6c [ 1370.680041][T21545] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1370.680059][T21545] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000114 [ 1370.680082][T21545] RAX: ffffffffffffffda RBX: 0000000000002002 RCX: 0000000080000000 [ 1370.680097][T21545] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 1370.680110][T21545] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1370.680123][T21545] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1370.680136][T21545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1370.680165][T21545] [ 1371.376818][T18157] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1371.526167][ T24] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 1371.537502][T18157] usb 2-1: Using ep0 maxpacket: 16 [ 1371.544094][T18157] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1371.565734][T18157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1371.586780][T18157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1371.598466][T21557] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1371.617235][T18157] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1371.646144][T18157] usb 2-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 1371.661021][T18157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.676157][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1371.688112][ T24] usb 1-1: config index 0 descriptor too short (expected 526, got 367) [ 1371.703805][T18157] usb 2-1: config 0 descriptor?? [ 1371.715321][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1371.759038][ T24] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1371.783301][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.794764][ T24] usb 1-1: Product: syz [ 1371.799669][ T24] usb 1-1: Manufacturer: syz [ 1371.804460][ T24] usb 1-1: SerialNumber: syz [ 1371.825357][ T24] usb 1-1: config 0 descriptor?? [ 1371.928637][T21561] fuse: Invalid uid '00000000000000000003' [ 1372.176694][T18157] usbhid 2-1:0.0: can't add hid device: -71 [ 1372.182826][T18157] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1372.196505][ T24] usb 4-1: new full-speed USB device number 88 using dummy_hcd [ 1372.207139][T18157] usb 2-1: USB disconnect, device number 70 [ 1372.631817][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1372.656132][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1372.743493][ T5829] Bluetooth: hci4: command 0x2016 tx timeout [ 1372.897540][ T24] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0a1d, bcdDevice= 0.00 [ 1372.906973][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1372.919267][ T24] usb 4-1: config 0 descriptor?? [ 1372.928586][ T24] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1373.276810][T18157] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1373.451418][T18157] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1373.462137][T18157] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1373.472280][T18157] usb 2-1: Product: syz [ 1373.477644][T18157] usb 2-1: Manufacturer: syz [ 1373.485189][T18157] usb 2-1: SerialNumber: syz [ 1373.497793][T18157] usb 2-1: config 0 descriptor?? [ 1373.666202][T18157] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1373.826139][T18157] usb 3-1: Using ep0 maxpacket: 32 [ 1373.835012][T18157] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1373.862270][T18157] usb 3-1: config 0 has no interfaces? [ 1373.871450][T18157] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1373.887908][T18157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.913838][T18157] usb 3-1: config 0 descriptor?? [ 1374.684505][T21588] FAULT_INJECTION: forcing a failure. [ 1374.684505][T21588] name failslab, interval 1, probability 0, space 0, times 0 [ 1374.697689][T21588] CPU: 0 UID: 0 PID: 21588 Comm: syz.5.4977 Tainted: G L syzkaller #0 PREEMPT(full) [ 1374.697722][T21588] Tainted: [L]=SOFTLOCKUP [ 1374.697730][T21588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1374.697743][T21588] Call Trace: [ 1374.697752][T21588] [ 1374.697761][T21588] dump_stack_lvl+0xe8/0x150 [ 1374.697796][T21588] should_fail_ex+0x412/0x560 [ 1374.697831][T21588] should_failslab+0xa8/0x100 [ 1374.697860][T21588] __kmalloc_noprof+0xe8/0x760 [ 1374.697884][T21588] ? ip_options_get+0x51/0x4c0 [ 1374.698042][T21588] ip_options_get+0x51/0x4c0 [ 1374.698075][T21588] ? __local_bh_enable_ip+0xd0/0x130 [ 1374.698107][T21588] do_ip_setsockopt+0x1e0f/0x2ea0 [ 1374.698142][T21588] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 1374.698172][T21588] ? aa_sk_perm+0x6d5/0x900 [ 1374.698209][T21588] ? __pfx_aa_sk_perm+0x10/0x10 [ 1374.698238][T21588] ? aa_sock_opt_perm+0xff/0x1a0 [ 1374.698271][T21588] ip_setsockopt+0x66/0x110 [ 1374.698306][T21588] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1374.698348][T21588] do_sock_setsockopt+0x17c/0x1b0 [ 1374.698374][T21588] __ia32_sys_setsockopt+0x13d/0x1b0 [ 1374.698399][T21588] __do_fast_syscall_32+0x20d/0x640 [ 1374.698423][T21588] ? do_fast_syscall_32+0x33/0x70 [ 1374.698444][T21588] ? asm_int80_emulation+0x1a/0x20 [ 1374.698462][T21588] ? do_int80_emulation+0x274/0x4d0 [ 1374.698483][T21588] ? trace_irq_disable+0x3b/0x150 [ 1374.698513][T21588] do_fast_syscall_32+0x33/0x70 [ 1374.698536][T21588] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1374.698558][T21588] RIP: 0023:0xf7fa6f6c [ 1374.698575][T21588] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1374.698591][T21588] RSP: 002b:00000000f544550c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 1374.698611][T21588] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 1374.698623][T21588] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 1374.698634][T21588] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1374.698645][T21588] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1374.698656][T21588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1374.698683][T21588] [ 1374.962224][T14383] usb 4-1: USB disconnect, device number 88 [ 1375.036354][T14395] usb 1-1: USB disconnect, device number 93 [ 1375.346118][T14383] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1375.516656][T14383] usb 4-1: Using ep0 maxpacket: 32 [ 1375.530787][T14383] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1375.557554][T14383] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1375.568029][T14383] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1375.579370][T14383] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1375.595969][T14383] usb 4-1: config 0 descriptor?? [ 1376.030679][T14383] ft260 0003:0403:6030.0073: unknown main item tag 0x7 [ 1376.060547][T14388] usb 2-1: USB disconnect, device number 71 [ 1376.496475][T21590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1376.507486][T21590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1376.582906][T14395] usb 3-1: USB disconnect, device number 77 [ 1376.621444][T14383] ft260 0003:0403:6030.0073: failed to retrieve chip version [ 1376.638222][T14383] ft260 0003:0403:6030.0073: probe with driver ft260 failed with error -5 [ 1376.704417][T21604] ======================================================= [ 1376.704417][T21604] WARNING: The mand mount option has been deprecated and [ 1376.704417][T21604] and is ignored by this kernel. Remove the mand [ 1376.704417][T21604] option from the mount to silence this warning. [ 1376.704417][T21604] ======================================================= [ 1376.750573][T21604] fuse: blksize only supported for fuseblk [ 1377.171702][T21622] fuse: Invalid uid '00000000000000000003' [ 1377.416200][T18157] usb 3-1: new full-speed USB device number 78 using dummy_hcd [ 1377.465418][T14383] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 1377.521461][T21627] FAULT_INJECTION: forcing a failure. [ 1377.521461][T21627] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.534916][T21627] CPU: 1 UID: 0 PID: 21627 Comm: syz.1.4990 Tainted: G L syzkaller #0 PREEMPT(full) [ 1377.534947][T21627] Tainted: [L]=SOFTLOCKUP [ 1377.534953][T21627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1377.534961][T21627] Call Trace: [ 1377.534967][T21627] [ 1377.534972][T21627] dump_stack_lvl+0xe8/0x150 [ 1377.534995][T21627] should_fail_ex+0x412/0x560 [ 1377.535017][T21627] _copy_to_user+0x31/0xb0 [ 1377.535032][T21627] simple_read_from_buffer+0xe1/0x170 [ 1377.535055][T21627] proc_fail_nth_read+0x1bb/0x230 [ 1377.535076][T21627] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1377.535096][T21627] ? rw_verify_area+0x2a6/0x4d0 [ 1377.535109][T21627] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1377.535128][T21627] vfs_read+0x20c/0xa70 [ 1377.535140][T21627] ? fdget_pos+0x246/0x320 [ 1377.535162][T21627] ? __pfx___mutex_lock+0x10/0x10 [ 1377.535178][T21627] ? __pfx_vfs_read+0x10/0x10 [ 1377.535193][T21627] ? __fget_files+0x2a/0x420 [ 1377.535213][T21627] ? __fget_files+0x3a0/0x420 [ 1377.535231][T21627] ? __fget_files+0x2a/0x420 [ 1377.535255][T21627] ksys_read+0x150/0x270 [ 1377.535269][T21627] ? __pfx_ksys_read+0x10/0x10 [ 1377.535285][T21627] ? asm_int80_emulation+0x1a/0x20 [ 1377.535301][T21627] do_int80_emulation+0x173/0x4d0 [ 1377.535316][T21627] ? trace_irq_disable+0x3b/0x150 [ 1377.535335][T21627] ? asm_int80_emulation+0x1a/0x20 [ 1377.535347][T21627] ? clear_bhb_loop+0x40/0x90 [ 1377.535360][T21627] ? clear_bhb_loop+0x40/0x90 [ 1377.535375][T21627] asm_int80_emulation+0x1a/0x20 [ 1377.535387][T21627] RIP: 0023:0xf71b5cab [ 1377.535399][T21627] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 1377.535410][T21627] RSP: 002b:00000000f54764bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1377.535423][T21627] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54765d0 [ 1377.535432][T21627] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 1377.535440][T21627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1377.535447][T21627] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1377.535455][T21627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1377.535472][T21627] [ 1377.770976][ T5829] Bluetooth: hci2: command 0x2016 tx timeout [ 1377.786175][T14383] usb 1-1: Using ep0 maxpacket: 16 [ 1377.796461][T14383] usb 1-1: config index 0 descriptor too short (expected 526, got 367) [ 1377.804851][T14383] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1377.826698][T14383] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a4.96 [ 1377.836380][T18157] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1377.840534][T14383] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1377.847014][T18157] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0a1d, bcdDevice= 0.00 [ 1377.854507][T14383] usb 1-1: Product: syz [ 1377.863647][T18157] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1377.880871][T14383] usb 1-1: Manufacturer: syz [ 1377.885193][T18157] usb 3-1: config 0 descriptor?? [ 1377.885506][T14383] usb 1-1: SerialNumber: syz [ 1377.899442][T18157] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1378.010170][T14383] usb 1-1: config 0 descriptor?? [ 1378.302518][T18157] usb 4-1: USB disconnect, device number 89 [ 1379.021718][T14383] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1379.208270][T14383] usb 4-1: Using ep0 maxpacket: 32 [ 1379.232523][T14383] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1379.252574][T14383] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1379.270771][T14383] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1379.290067][T14383] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1379.315507][T14383] usb 4-1: config 0 descriptor?? [ 1379.856148][T21339] Bluetooth: hci2: command 0x2016 tx timeout [ 1380.462819][T14388] usb 3-1: USB disconnect, device number 78 [ 1380.730822][T21659] netlink: 'syz.2.4999': attribute type 1 has an invalid length. [ 1380.738946][T21659] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1380.815379][ T5829] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 1380.826362][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 1380.826394][ T5829] Tainted: [L]=SOFTLOCKUP [ 1380.826403][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1380.826417][ T5829] Workqueue: hci1 hci_rx_work [ 1380.826448][ T5829] Call Trace: [ 1380.826458][ T5829] [ 1380.826468][ T5829] dump_stack_lvl+0xe8/0x150 [ 1380.826501][ T5829] sysfs_create_dir_ns+0x271/0x2a0 [ 1380.826533][ T5829] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1380.826563][ T5829] ? do_raw_spin_unlock+0xf5/0x210 [ 1380.826590][ T5829] kobject_add_internal+0x62b/0xd00 [ 1380.826628][ T5829] kobject_add+0x163/0x240 [ 1380.826658][ T5829] ? __pfx_kobject_add+0x10/0x10 [ 1380.826685][ T5829] ? _raw_spin_unlock+0x28/0x50 [ 1380.826720][ T5829] ? get_device_parent+0x366/0x3a0 [ 1380.826751][ T5829] device_add+0x408/0xb70 [ 1380.826780][ T5829] hci_conn_add_sysfs+0xd5/0x210 [ 1380.826805][ T5829] le_conn_complete_evt+0xf1d/0x1430 [ 1380.826845][ T5829] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1380.826888][ T5829] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1380.826917][ T5829] ? __pfx___mutex_lock+0x10/0x10 [ 1380.826941][ T5829] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1380.826964][ T5829] ? skb_pull_data+0xfb/0x200 [ 1380.826995][ T5829] hci_le_conn_complete_evt+0x187/0x470 [ 1380.827031][ T5829] hci_event_packet+0x7af/0x12c0 [ 1380.827061][ T5829] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1380.827090][ T5829] ? __pfx_hci_event_packet+0x10/0x10 [ 1380.827119][ T5829] ? kcov_remote_start+0x49a/0x7a0 [ 1380.827171][ T5829] ? hci_send_to_monitor+0xe2/0x590 [ 1380.827204][ T5829] hci_rx_work+0x3ee/0x1030 [ 1380.827236][ T5829] ? process_scheduled_works+0xa8d/0x18c0 [ 1380.827266][ T5829] process_scheduled_works+0xb6e/0x18c0 [ 1380.827327][ T5829] ? __pfx_process_scheduled_works+0x10/0x10 [ 1380.827361][ T5829] ? assign_work+0x3d5/0x5e0 [ 1380.827394][ T5829] worker_thread+0xa53/0xfc0 [ 1380.827452][ T5829] kthread+0x388/0x470 [ 1380.827475][ T5829] ? __pfx_worker_thread+0x10/0x10 [ 1380.827502][ T5829] ? __pfx_kthread+0x10/0x10 [ 1380.827525][ T5829] ret_from_fork+0x51e/0xb90 [ 1380.827557][ T5829] ? __pfx_ret_from_fork+0x10/0x10 [ 1380.827582][ T5829] ? __switch_to+0xc7d/0x1450 [ 1380.827611][ T5829] ? __pfx_kthread+0x10/0x10 [ 1380.827635][ T5829] ret_from_fork_asm+0x1a/0x30 [ 1380.827684][ T5829] [ 1380.827713][ T5829] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1381.072012][ T5829] Bluetooth: hci1: failed to register connection device [ 1381.116796][T18486] usb 1-1: USB disconnect, device number 94 [ 1381.208844][T14388] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1381.385026][T14388] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1381.417690][T14388] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1381.447755][T14388] usb 3-1: New USB device found, idVendor=046d, idProduct=c134, bcdDevice= 0.00 [ 1381.467063][T14388] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1381.582370][T14388] usb 3-1: config 0 descriptor?? [ 1381.768128][T18157] usb 4-1: USB disconnect, device number 90 [ 1381.776259][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 1381.806818][T21663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1381.828433][T21663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1381.853558][T14388] usb 3-1: USB disconnect, device number 79 [ 1382.503339][T21688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5008'. [ 1382.647846][T14388] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1382.836386][T14388] usb 4-1: Using ep0 maxpacket: 32 [ 1382.858347][T14388] usb 4-1: config 0 has an invalid interface number: 146 but max is 0 [ 1382.878892][T14388] usb 4-1: config 0 has no interface number 0 [ 1382.928173][T14388] usb 4-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1382.986161][T14388] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 1383.214796][T14388] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 1383.239055][T14388] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1383.410032][T14388] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 1383.410931][T21700] netlink: 'syz.1.5011': attribute type 1 has an invalid length. [ 1383.442793][T21700] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1383.572616][T14388] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1383.608606][T14388] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1383.645196][T14388] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1383.684726][T14388] usb 4-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1383.726742][T14388] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 1383.737084][T14388] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1383.756738][T14388] usb 4-1: Product: syz [ 1383.760940][T14388] usb 4-1: Manufacturer: syz [ 1383.778167][T14388] usb 4-1: SerialNumber: syz [ 1383.792123][T14388] usb 4-1: config 0 descriptor?? [ 1383.802670][T21683] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1383.818740][T14388] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk. [ 1383.842421][T14388] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out. [ 1383.856354][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 1383.936168][T14383] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1384.110481][T14383] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1384.119771][T14383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1384.128336][T14383] usb 2-1: Product: syz [ 1384.132764][T14383] usb 2-1: Manufacturer: syz [ 1384.141629][T14383] usb 2-1: SerialNumber: syz [ 1384.148977][T14383] usb 2-1: config 0 descriptor?? [ 1384.316307][ T24] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 1384.476151][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 1384.483727][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1384.494020][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1384.503426][ T24] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1384.512584][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1384.523465][ T24] usb 1-1: config 0 descriptor?? [ 1385.076310][ T24] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1385.130225][T14383] usb 4-1: USB disconnect, device number 91 [ 1385.228139][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 1385.237942][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1385.248339][ T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1385.257551][ T24] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1385.266965][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1385.277702][ T24] usb 3-1: config 0 descriptor?? [ 1385.936157][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 1386.108640][T21726] [ 1386.111013][T21726] ===================================================== [ 1386.118008][T21726] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1386.125548][T21726] syzkaller #0 Tainted: G L [ 1386.131532][T21726] ----------------------------------------------------- [ 1386.138465][T21726] syz.3.5019/21726 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1386.146209][T21726] ffff88807cb24408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1386.154918][T21726] [ 1386.154918][T21726] and this task is already holding: [ 1386.162284][T21726] ffff88807f361028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1386.172137][T21726] which would create a new lock dependency: [ 1386.178038][T21726] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1386.186223][T21726] [ 1386.186223][T21726] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1386.195675][T21726] (&dev->event_lock#2){..-.}-{3:3} [ 1386.195704][T21726] [ 1386.195704][T21726] ... which became SOFTIRQ-irq-safe at: [ 1386.208597][T21726] lock_acquire+0xf0/0x2e0 [ 1386.213122][T21726] _raw_spin_lock_irqsave+0x40/0x60 [ 1386.218419][T21726] input_event+0x76/0xe0 [ 1386.222800][T21726] xpad360_process_packet+0x1fe/0xdd0 [ 1386.228303][T21726] xpad_irq_in+0x1583/0x25e0 [ 1386.232992][T21726] __usb_hcd_giveback_urb+0x376/0x540 [ 1386.238577][T21726] dummy_timer+0xbbd/0x45d0 [ 1386.243204][T21726] __hrtimer_run_queues+0x53a/0xcc0 [ 1386.248498][T21726] hrtimer_run_softirq+0x182/0x5a0 [ 1386.253700][T21726] handle_softirqs+0x22a/0x870 [ 1386.258581][T21726] __irq_exit_rcu+0x5f/0x150 [ 1386.263272][T21726] irq_exit_rcu+0x9/0x30 [ 1386.267618][T21726] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1386.273344][T21726] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1386.279450][T21726] sched_core_balance+0x5bd/0xdf0 [ 1386.284587][T21726] finish_task_switch+0x402/0x920 [ 1386.289711][T21726] __schedule+0x15e5/0x52d0 [ 1386.294323][T21726] schedule_idle+0x51/0x90 [ 1386.298847][T21726] do_idle+0x573/0x5d0 [ 1386.303029][T21726] cpu_startup_entry+0x43/0x60 [ 1386.307934][T21726] rest_init+0x2de/0x300 [ 1386.312275][T21726] start_kernel+0x385/0x3d0 [ 1386.316980][T21726] x86_64_start_reservations+0x24/0x30 [ 1386.322583][T21726] x86_64_start_kernel+0x143/0x1c0 [ 1386.327816][T21726] common_startup_64+0x13e/0x147 [ 1386.332899][T21726] [ 1386.332899][T21726] to a SOFTIRQ-irq-unsafe lock: [ 1386.339914][T21726] (tasklist_lock){.+.+}-{3:3} [ 1386.339939][T21726] [ 1386.339939][T21726] ... which became SOFTIRQ-irq-unsafe at: [ 1386.352563][T21726] ... [ 1386.352572][T21726] lock_acquire+0xf0/0x2e0 [ 1386.359684][T21726] _raw_read_lock+0x36/0x50 [ 1386.364278][T21726] __do_wait+0xde/0x740 [ 1386.368546][T21726] do_wait+0x1e7/0x540 [ 1386.372708][T21726] kernel_wait+0xd6/0x1c0 [ 1386.377142][T21726] call_usermodehelper_exec_work+0xbe/0x230 [ 1386.383133][T21726] process_scheduled_works+0xb6e/0x18c0 [ 1386.388796][T21726] worker_thread+0xa53/0xfc0 [ 1386.393500][T21726] kthread+0x388/0x470 [ 1386.397660][T21726] ret_from_fork+0x51e/0xb90 [ 1386.402345][T21726] ret_from_fork_asm+0x1a/0x30 [ 1386.407218][T21726] [ 1386.407218][T21726] other info that might help us debug this: [ 1386.407218][T21726] [ 1386.417464][T21726] Chain exists of: [ 1386.417464][T21726] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1386.417464][T21726] [ 1386.431059][T21726] Possible interrupt unsafe locking scenario: [ 1386.431059][T21726] [ 1386.439408][T21726] CPU0 CPU1 [ 1386.444790][T21726] ---- ---- [ 1386.450206][T21726] lock(tasklist_lock); [ 1386.454448][T21726] local_irq_disable(); [ 1386.461203][T21726] lock(&dev->event_lock#2); [ 1386.468470][T21726] lock(&client->buffer_lock); [ 1386.475848][T21726] [ 1386.479303][T21726] lock(&dev->event_lock#2); [ 1386.484216][T21726] [ 1386.484216][T21726] *** DEADLOCK *** [ 1386.484216][T21726] [ 1386.492381][T21726] 7 locks held by syz.3.5019/21726: [ 1386.497590][T21726] #0: ffff88802b5ab118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1ae/0x4c0 [ 1386.506777][T21726] #1: ffff88801d7f5230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1386.516899][T21726] #2: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 1386.526572][T21726] #3: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1386.536178][T21726] #4: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1386.545339][T21726] #5: ffff88807f361028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1386.555523][T21726] #6: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1386.564581][T21726] [ 1386.564581][T21726] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1386.574993][T21726] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1386.580666][T21726] IN-SOFTIRQ-W at: [ 1386.584849][T21726] lock_acquire+0xf0/0x2e0 [ 1386.591117][T21726] _raw_spin_lock_irqsave+0x40/0x60 [ 1386.598146][T21726] input_event+0x76/0xe0 [ 1386.604224][T21726] xpad360_process_packet+0x1fe/0xdd0 [ 1386.611469][T21726] xpad_irq_in+0x1583/0x25e0 [ 1386.617914][T21726] __usb_hcd_giveback_urb+0x376/0x540 [ 1386.625127][T21726] dummy_timer+0xbbd/0x45d0 [ 1386.631470][T21726] __hrtimer_run_queues+0x53a/0xcc0 [ 1386.638522][T21726] hrtimer_run_softirq+0x182/0x5a0 [ 1386.645480][T21726] handle_softirqs+0x22a/0x870 [ 1386.652110][T21726] __irq_exit_rcu+0x5f/0x150 [ 1386.658538][T21726] irq_exit_rcu+0x9/0x30 [ 1386.664626][T21726] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1386.672108][T21726] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1386.679932][T21726] sched_core_balance+0x5bd/0xdf0 [ 1386.686794][T21726] finish_task_switch+0x402/0x920 [ 1386.693658][T21726] __schedule+0x15e5/0x52d0 [ 1386.699998][T21726] schedule_idle+0x51/0x90 [ 1386.706279][T21726] do_idle+0x573/0x5d0 [ 1386.712202][T21726] cpu_startup_entry+0x43/0x60 [ 1386.718821][T21726] rest_init+0x2de/0x300 [ 1386.724912][T21726] start_kernel+0x385/0x3d0 [ 1386.731265][T21726] x86_64_start_reservations+0x24/0x30 [ 1386.738564][T21726] x86_64_start_kernel+0x143/0x1c0 [ 1386.745516][T21726] common_startup_64+0x13e/0x147 [ 1386.752288][T21726] INITIAL USE at: [ 1386.756281][T21726] lock_acquire+0xf0/0x2e0 [ 1386.762447][T21726] _raw_spin_lock_irqsave+0x40/0x60 [ 1386.769405][T21726] input_inject_event+0xa5/0x340 [ 1386.776095][T21726] kbd_led_trigger_activate+0xbc/0x100 [ 1386.783364][T21726] led_trigger_set+0x535/0x960 [ 1386.789923][T21726] led_trigger_set_default+0x260/0x2a0 [ 1386.797147][T21726] led_classdev_register_ext+0x787/0x9c0 [ 1386.804629][T21726] input_leds_connect+0x517/0x790 [ 1386.811431][T21726] input_register_device+0xd00/0x1160 [ 1386.818564][T21726] atkbd_connect+0x731/0xa50 [ 1386.824902][T21726] serio_driver_probe+0x82/0xd0 [ 1386.831557][T21726] really_probe+0x267/0xaf0 [ 1386.837852][T21726] __driver_probe_device+0x18c/0x320 [ 1386.844890][T21726] driver_probe_device+0x4f/0x240 [ 1386.851662][T21726] __driver_attach+0x349/0x640 [ 1386.858174][T21726] bus_for_each_dev+0x23b/0x2c0 [ 1386.864772][T21726] serio_handle_event+0x20a/0xdd0 [ 1386.871552][T21726] process_scheduled_works+0xb6e/0x18c0 [ 1386.878855][T21726] worker_thread+0xa53/0xfc0 [ 1386.885233][T21726] kthread+0x388/0x470 [ 1386.891060][T21726] ret_from_fork+0x51e/0xb90 [ 1386.897406][T21726] ret_from_fork_asm+0x1a/0x30 [ 1386.903926][T21726] } [ 1386.906521][T21726] ... key at: [] input_allocate_device.__key.7+0x0/0x20 [ 1386.915767][T21726] -> (&client->buffer_lock){....}-{3:3} { [ 1386.921513][T21726] INITIAL USE at: [ 1386.925415][T21726] lock_acquire+0xf0/0x2e0 [ 1386.931403][T21726] _raw_spin_lock_irqsave+0x40/0x60 [ 1386.938184][T21726] evdev_ioctl_handler+0x1a49/0x1fe0 [ 1386.945044][T21726] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1386.952077][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1386.958855][T21726] do_fast_syscall_32+0x33/0x70 [ 1386.965285][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1386.973187][T21726] } [ 1386.975691][T21726] ... key at: [] evdev_open.__key.27+0x0/0x20 [ 1386.983863][T21726] ... acquired at: [ 1386.987676][T21726] _raw_spin_lock+0x2e/0x40 [ 1386.992368][T21726] evdev_handle_get_val+0x70/0x9f0 [ 1386.997660][T21726] evdev_ioctl_handler+0x127b/0x1fe0 [ 1387.003136][T21726] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 1387.008780][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.014170][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.019209][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.025720][T21726] [ 1387.028050][T21726] [ 1387.028050][T21726] the dependencies between the lock to be acquired [ 1387.028060][T21726] and SOFTIRQ-irq-unsafe lock: [ 1387.041586][T21726] -> (tasklist_lock){.+.+}-{3:3} { [ 1387.046901][T21726] HARDIRQ-ON-R at: [ 1387.051065][T21726] lock_acquire+0xf0/0x2e0 [ 1387.057493][T21726] _raw_read_lock+0x36/0x50 [ 1387.064010][T21726] __do_wait+0xde/0x740 [ 1387.070173][T21726] do_wait+0x1e7/0x540 [ 1387.076261][T21726] kernel_wait+0xd6/0x1c0 [ 1387.082597][T21726] call_usermodehelper_exec_work+0xbe/0x230 [ 1387.090498][T21726] process_scheduled_works+0xb6e/0x18c0 [ 1387.098060][T21726] worker_thread+0xa53/0xfc0 [ 1387.104665][T21726] kthread+0x388/0x470 [ 1387.110744][T21726] ret_from_fork+0x51e/0xb90 [ 1387.117349][T21726] ret_from_fork_asm+0x1a/0x30 [ 1387.124127][T21726] SOFTIRQ-ON-R at: [ 1387.128295][T21726] lock_acquire+0xf0/0x2e0 [ 1387.134728][T21726] _raw_read_lock+0x36/0x50 [ 1387.141238][T21726] __do_wait+0xde/0x740 [ 1387.147418][T21726] do_wait+0x1e7/0x540 [ 1387.153498][T21726] kernel_wait+0xd6/0x1c0 [ 1387.159834][T21726] call_usermodehelper_exec_work+0xbe/0x230 [ 1387.167757][T21726] process_scheduled_works+0xb6e/0x18c0 [ 1387.175318][T21726] worker_thread+0xa53/0xfc0 [ 1387.181920][T21726] kthread+0x388/0x470 [ 1387.188005][T21726] ret_from_fork+0x51e/0xb90 [ 1387.194606][T21726] ret_from_fork_asm+0x1a/0x30 [ 1387.201388][T21726] INITIAL USE at: [ 1387.205466][T21726] lock_acquire+0xf0/0x2e0 [ 1387.211821][T21726] _raw_write_lock_irq+0x3d/0x50 [ 1387.218693][T21726] copy_process+0x247a/0x3cf0 [ 1387.225337][T21726] kernel_clone+0x248/0x8e0 [ 1387.231773][T21726] user_mode_thread+0x110/0x180 [ 1387.238547][T21726] rest_init+0x23/0x300 [ 1387.244629][T21726] start_kernel+0x385/0x3d0 [ 1387.251062][T21726] x86_64_start_reservations+0x24/0x30 [ 1387.258445][T21726] x86_64_start_kernel+0x143/0x1c0 [ 1387.265488][T21726] common_startup_64+0x13e/0x147 [ 1387.272354][T21726] INITIAL READ USE at: [ 1387.276876][T21726] lock_acquire+0xf0/0x2e0 [ 1387.283675][T21726] _raw_read_lock+0x36/0x50 [ 1387.290545][T21726] __do_wait+0xde/0x740 [ 1387.297075][T21726] do_wait+0x1e7/0x540 [ 1387.303589][T21726] kernel_wait+0xd6/0x1c0 [ 1387.310311][T21726] call_usermodehelper_exec_work+0xbe/0x230 [ 1387.318563][T21726] process_scheduled_works+0xb6e/0x18c0 [ 1387.326467][T21726] worker_thread+0xa53/0xfc0 [ 1387.333410][T21726] kthread+0x388/0x470 [ 1387.339827][T21726] ret_from_fork+0x51e/0xb90 [ 1387.346779][T21726] ret_from_fork_asm+0x1a/0x30 [ 1387.353915][T21726] } [ 1387.356593][T21726] ... key at: [] tasklist_lock+0x18/0x40 [ 1387.364623][T21726] ... acquired at: [ 1387.368618][T21726] _raw_read_lock+0x36/0x50 [ 1387.373312][T21726] send_sigio+0x101/0x370 [ 1387.377830][T21726] kill_fasync+0x24d/0x4d0 [ 1387.382430][T21726] sock_wake_async+0x137/0x160 [ 1387.387384][T21726] sk_wake_async+0x189/0x280 [ 1387.392162][T21726] tcp_rcv_state_process+0x1e6a/0x4810 [ 1387.397806][T21726] tcp_v4_do_rcv+0x6bb/0x1430 [ 1387.402726][T21726] __release_sock+0x265/0x3a0 [ 1387.407588][T21726] release_sock+0x5f/0x1f0 [ 1387.412193][T21726] __inet_stream_connect+0x85d/0xdd0 [ 1387.417705][T21726] inet_stream_connect+0x66/0xa0 [ 1387.422831][T21726] __sys_connect+0x312/0x450 [ 1387.427610][T21726] __ia32_sys_connect+0x7a/0x90 [ 1387.432641][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.438044][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.443082][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.449591][T21726] [ 1387.451923][T21726] -> (&f_owner->lock){....}-{3:3} { [ 1387.457233][T21726] INITIAL USE at: [ 1387.461220][T21726] lock_acquire+0xf0/0x2e0 [ 1387.467387][T21726] _raw_write_lock_irq+0x3d/0x50 [ 1387.474074][T21726] __f_setown+0x67/0x370 [ 1387.480064][T21726] tty_fasync+0x2db/0x350 [ 1387.486138][T21726] do_vfs_ioctl+0x1117/0x1530 [ 1387.492564][T21726] __ia32_compat_sys_ioctl+0x572/0x950 [ 1387.499822][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.506781][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.513388][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.521468][T21726] INITIAL READ USE at: [ 1387.525894][T21726] lock_acquire+0xf0/0x2e0 [ 1387.532503][T21726] _raw_read_lock_irqsave+0x48/0x60 [ 1387.539878][T21726] send_sigurg+0x55/0x420 [ 1387.546395][T21726] sk_send_sigurg+0x6c/0x2e0 [ 1387.553171][T21726] tcp_check_urg+0x200/0x760 [ 1387.559949][T21726] tcp_urg+0x15d/0x410 [ 1387.566202][T21726] tcp_rcv_established+0xf3a/0x2740 [ 1387.573582][T21726] tcp_v4_do_rcv+0xa90/0x1430 [ 1387.580447][T21726] __release_sock+0x265/0x3a0 [ 1387.587325][T21726] release_sock+0x5f/0x1f0 [ 1387.593928][T21726] tcp_sendmsg+0x39/0x50 [ 1387.600360][T21726] __sys_sendto+0x5de/0x710 [ 1387.607044][T21726] __ia32_sys_sendto+0xdd/0x100 [ 1387.614080][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.621461][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.628496][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.637020][T21726] } [ 1387.639626][T21726] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1387.648642][T21726] ... acquired at: [ 1387.652540][T21726] _raw_read_lock_irqsave+0x48/0x60 [ 1387.657919][T21726] send_sigio+0x38/0x370 [ 1387.662349][T21726] kill_fasync+0x24d/0x4d0 [ 1387.666948][T21726] sock_wake_async+0x137/0x160 [ 1387.671903][T21726] sk_wake_async+0x189/0x280 [ 1387.676677][T21726] tcp_rcv_state_process+0x1e6a/0x4810 [ 1387.682314][T21726] tcp_v4_do_rcv+0x6bb/0x1430 [ 1387.687196][T21726] __release_sock+0x265/0x3a0 [ 1387.692063][T21726] release_sock+0x5f/0x1f0 [ 1387.696670][T21726] __inet_stream_connect+0x85d/0xdd0 [ 1387.702144][T21726] inet_stream_connect+0x66/0xa0 [ 1387.707278][T21726] __sys_connect+0x312/0x450 [ 1387.712054][T21726] __ia32_sys_connect+0x7a/0x90 [ 1387.717092][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.722489][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.727525][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.734043][T21726] [ 1387.736393][T21726] -> (&new->fa_lock){....}-{3:3} { [ 1387.741530][T21726] INITIAL USE at: [ 1387.745425][T21726] lock_acquire+0xf0/0x2e0 [ 1387.751414][T21726] _raw_write_lock_irq+0x3d/0x50 [ 1387.757924][T21726] fasync_remove_entry+0xf1/0x1c0 [ 1387.764616][T21726] tty_fasync+0x13c/0x350 [ 1387.770522][T21726] __fput+0x8a5/0xa70 [ 1387.776095][T21726] task_work_run+0x1d9/0x270 [ 1387.782289][T21726] exit_to_user_mode_loop+0xed/0x480 [ 1387.789165][T21726] __do_fast_syscall_32+0x415/0x640 [ 1387.796019][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.802443][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.810348][T21726] INITIAL READ USE at: [ 1387.814697][T21726] lock_acquire+0xf0/0x2e0 [ 1387.821124][T21726] _raw_read_lock_irqsave+0x48/0x60 [ 1387.828344][T21726] kill_fasync+0x199/0x4d0 [ 1387.834778][T21726] sock_wake_async+0x137/0x160 [ 1387.841552][T21726] sk_wake_async+0x189/0x280 [ 1387.848153][T21726] tcp_rcv_state_process+0x1e6a/0x4810 [ 1387.855623][T21726] tcp_v4_do_rcv+0x6bb/0x1430 [ 1387.862321][T21726] __release_sock+0x265/0x3a0 [ 1387.869011][T21726] release_sock+0x5f/0x1f0 [ 1387.875445][T21726] __inet_stream_connect+0x85d/0xdd0 [ 1387.882781][T21726] inet_stream_connect+0x66/0xa0 [ 1387.889725][T21726] __sys_connect+0x312/0x450 [ 1387.896322][T21726] __ia32_sys_connect+0x7a/0x90 [ 1387.903178][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.910383][T21726] do_fast_syscall_32+0x33/0x70 [ 1387.917241][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1387.925677][T21726] } [ 1387.928185][T21726] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1387.936888][T21726] ... acquired at: [ 1387.940699][T21726] _raw_read_lock_irqsave+0x48/0x60 [ 1387.946089][T21726] kill_fasync+0x199/0x4d0 [ 1387.950688][T21726] evdev_pass_values+0x627/0xbd0 [ 1387.955819][T21726] evdev_events+0x1e6/0x340 [ 1387.960514][T21726] input_pass_values+0x288/0x890 [ 1387.965650][T21726] input_event_dispose+0x330/0x6b0 [ 1387.970952][T21726] input_inject_event+0x1dd/0x340 [ 1387.976172][T21726] evdev_write+0x325/0x4c0 [ 1387.980775][T21726] vfs_write+0x29a/0xb90 [ 1387.985201][T21726] ksys_write+0x150/0x270 [ 1387.989709][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1387.995086][T21726] do_fast_syscall_32+0x33/0x70 [ 1388.000135][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1388.006645][T21726] [ 1388.008981][T21726] [ 1388.008981][T21726] stack backtrace: [ 1388.014881][T21726] CPU: 1 UID: 0 PID: 21726 Comm: syz.3.5019 Tainted: G L syzkaller #0 PREEMPT(full) [ 1388.014905][T21726] Tainted: [L]=SOFTLOCKUP [ 1388.014911][T21726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1388.014922][T21726] Call Trace: [ 1388.014930][T21726] [ 1388.014938][T21726] dump_stack_lvl+0xe8/0x150 [ 1388.014962][T21726] __lock_acquire+0x2a94/0x2cf0 [ 1388.014999][T21726] lock_acquire+0xf0/0x2e0 [ 1388.015019][T21726] ? kill_fasync+0x199/0x4d0 [ 1388.015040][T21726] _raw_read_lock_irqsave+0x48/0x60 [ 1388.015057][T21726] ? kill_fasync+0x199/0x4d0 [ 1388.015073][T21726] kill_fasync+0x199/0x4d0 [ 1388.015090][T21726] ? kill_fasync+0x53/0x4d0 [ 1388.015108][T21726] evdev_pass_values+0x627/0xbd0 [ 1388.015135][T21726] ? evdev_pass_values+0x651/0xbd0 [ 1388.015161][T21726] evdev_events+0x1e6/0x340 [ 1388.015184][T21726] ? evdev_events+0x79/0x340 [ 1388.015207][T21726] ? input_pass_values+0x8d/0x890 [ 1388.015229][T21726] input_pass_values+0x288/0x890 [ 1388.015254][T21726] ? input_handle_event+0x70c/0xf30 [ 1388.015273][T21726] input_event_dispose+0x330/0x6b0 [ 1388.015294][T21726] input_inject_event+0x1dd/0x340 [ 1388.015318][T21726] ? input_inject_event+0xb6/0x340 [ 1388.015338][T21726] evdev_write+0x325/0x4c0 [ 1388.015363][T21726] ? __pfx_evdev_write+0x10/0x10 [ 1388.015406][T21726] ? bpf_lsm_file_permission+0x9/0x20 [ 1388.015429][T21726] ? security_file_permission+0x75/0x260 [ 1388.015450][T21726] ? rw_verify_area+0x255/0x4d0 [ 1388.015467][T21726] ? __pfx_evdev_write+0x10/0x10 [ 1388.015493][T21726] vfs_write+0x29a/0xb90 [ 1388.015513][T21726] ? __pfx_vfs_write+0x10/0x10 [ 1388.015531][T21726] ? __fget_files+0x2a/0x420 [ 1388.015557][T21726] ? __fget_files+0x2a/0x420 [ 1388.015580][T21726] ? __fget_files+0x3a0/0x420 [ 1388.015604][T21726] ? __fget_files+0x2a/0x420 [ 1388.015631][T21726] ksys_write+0x150/0x270 [ 1388.015649][T21726] ? __pfx_ksys_write+0x10/0x10 [ 1388.015670][T21726] __do_fast_syscall_32+0x20d/0x640 [ 1388.015691][T21726] ? do_fast_syscall_32+0x33/0x70 [ 1388.015710][T21726] ? asm_int80_emulation+0x1a/0x20 [ 1388.015726][T21726] ? do_int80_emulation+0x274/0x4d0 [ 1388.015744][T21726] ? trace_irq_disable+0x3b/0x150 [ 1388.015772][T21726] do_fast_syscall_32+0x33/0x70 [ 1388.015791][T21726] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1388.015812][T21726] RIP: 0023:0xf70bef6c [ 1388.015827][T21726] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1388.015842][T21726] RSP: 002b:00000000f54ad50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1388.015860][T21726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1388.015872][T21726] RDX: 0000000000000037 RSI: 0000000000000000 RDI: 0000000000000000 [ 1388.015883][T21726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1388.015893][T21726] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1388.015904][T21726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1388.015921][T21726] [ 1388.056917][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 1388.346365][T14388] usb 1-1: USB disconnect, device number 95 [ 1388.362511][T14383] usb 3-1: USB disconnect, device number 80 [ 1388.382999][T14395] usb 2-1: USB disconnect, device number 72 [ 1392.258932][T14379] dvb-usb: did not find the firmware file 'dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 1392.284237][T14379] usb 6-1: USB disconnect, device number 8