last executing test programs: 10.378778591s ago: executing program 0 (id=5168): socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, 0x0, 0x11) syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80) r3 = fsopen(&(0x7f0000000100)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000240)='&:}\x00\x00\xff\x84m\xcc\xbe\x19\xa6\x00\x175z6\xcf=\xbb\x7f\x16cFk\xe2\x13\xc2#\xbd/\x01c\x8aWK3\xe6\xa0\xa8\x9cT\xbb\x94\x97`\xc0\xcf\a\b\xa7\xcd\xe9_', &(0x7f00000002c0)="1355", 0xfffffffffffffde6) r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x100, 0x7, 0x1}, &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000000)) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[], 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000900)={0x0, @reserved}) io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e22, 0x1, @loopback, 0x5}, 0x1c) syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2) r6 = dup2(r2, r2) r7 = socket(0x23, 0x80000, 0x1) r8 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x8000000, 0x1, 0xff, 0x1, 0x0, 0x400}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0xc, 0x4}, 0x20) sendmmsg$unix(r6, &(0x7f0000008380), 0x400000000000174, 0x4008890) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r10, &(0x7f00000000c0)={0x4, 0x1, 0x3, 0xfd}, 0x8) close_range(r9, 0xffffffffffffffff, 0x0) 8.397335712s ago: executing program 0 (id=5180): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x10, 0x0, 0x40003}]}) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x58, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x58}}, 0x8000) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$video4linux(&(0x7f0000000300), 0xd4, 0x101a82) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="140000000000000000400000000000000000"], 0x14}, 0xc044) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000700)={0x0, "b719d3bea98bac89ddaa0fa8e7aa5c8a"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000040)={0xc268, 0x5, 0xff, 0x2, 0x200, 0x1c, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) writev(r6, &(0x7f0000000180)=[{0x0}], 0x1) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'lo\x00', 0x18}) 6.292395187s ago: executing program 0 (id=5189): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x20000810) 5.572609753s ago: executing program 0 (id=5193): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r3, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500090000001400040073"], 0x58}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1438a}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000880}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f00000000c0)=@ethtool_modinfo={0x42, 0xffff, 0x1}}) 4.668372451s ago: executing program 0 (id=5196): r0 = syz_open_dev$sndpcmp(&(0x7f0000000240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4110, &(0x7f0000000980)={0x0, [[0x1, 0x0, 0x7ffe], [0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x100000], [0x2, 0xfffffff9, 0x0, 0x4, 0x9b]], '\x00', [{}, {0x0, 0xb}, {0x10000, 0x80000008}, {}, {0x0, 0x1}, {0x2ea}, {}, {}, {}, {0x8}], '\x00', 0x4, 0x0, 0x0, 0x2}) syz_emit_ethernet(0x2a, &(0x7f0000019140)={@multicast, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'tunl0\x00'}) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, @vsock={0x28, 0x0, 0x2710, @host}, @nfc, @l2tp={0x2, 0x0, @empty}, 0xa00, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x10000}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r3, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902"], 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r6, &(0x7f0000000a00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x11c) readv(r6, &(0x7f0000000140), 0x0) write$UHID_DESTROY(r6, &(0x7f0000000200), 0x4) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) syz_open_dev$tty1(0xc, 0x4, 0x3) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x4800) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r7, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 3.53615933s ago: executing program 2 (id=5202): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_usb_connect(0x3, 0x2d, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101042, 0x0) r0 = socket(0x2b, 0x1, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000140)=0xfb78, 0x4) read$char_usb(0xffffffffffffffff, &(0x7f0000000480)=""/74, 0x4a) r1 = landlock_create_ruleset(&(0x7f0000000080)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0xe) 3.143615971s ago: executing program 1 (id=5207): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58) unshare(0x42000000) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56e, 0x10d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe0}}]}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}]}], {0x14}}, 0x90}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="034886dd0100000000001400000060"], 0xfdef) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[], 0x128}, 0x1, 0x0, 0x0, 0x20000040}, 0x8011) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000005880), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000005cc0)={&(0x7f00000058c0)=ANY=[@ANYBLOB="0ceccd8a", @ANYRES16=r6, @ANYBLOB="01002cbd7000fbdbdf25090000001c000480040007801300010062726f6164636173742d6c696e6b0000"], 0x30}}, 0x8040) sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f0000000500)={&(0x7f00000002c0)={0x22c, r6, 0x10, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1000}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x337f}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xad6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x42c}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x54eef77e}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x401}]}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc4ef}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1c0}]}, @TIPC_NLA_NODE={0xd0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "737ddeb575168590e9b50ede27629bf6f041ec1cb1392379482edae88639a90715"}}, @TIPC_NLA_NODE_ID={0x6d, 0x3, "4f8017c63f131a712ea7a765238dbaf1d05b492d13b90a1a594aa350a84cf548dc2db1736d3ed4bbc78cd0fd0b9fa43e4576f070dea091327a9f489178aeed4404c3f88227be512b15295580634d42f72523d5667e940bbc267e923660afbd60d8ea0ee9ac4b51862e"}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x24040858}, 0x4048000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f00000001c0)}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000008c0)={'batadv0\x00', 0x0}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r9, &(0x7f0000000440)=[{0x0}], 0x1) r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000980)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x9, 0x4, 0x2}, 0x50) r11 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r11, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @mcast2, 0x9}, 0x1c) r12 = dup2(r11, r11) write$tun(r12, &(0x7f0000000040)=ANY=[], 0x3c) r13 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x6, 0x15, &(0x7f0000000700)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1}, {}, {}, [@call={0x85, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x8f, &(0x7f0000000800)=""/143, 0x40f00, 0x1, '\x00', r8, 0x25, r9, 0x8, &(0x7f0000000900)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000940)={0x3, 0xd, 0x0, 0xff}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000a80)=[r10, r12, r13], &(0x7f0000000ac0)=[{0x2, 0x3, 0x2, 0x1}, {0x2, 0x4, 0x4, 0x9}, {0x0, 0x1, 0x4, 0x6}], 0x10, 0x2}, 0x94) sendmsg$tipc(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x20004080) 2.872388022s ago: executing program 2 (id=5209): syz_emit_ethernet(0x7a, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa3486dd6076db4000442f00fe80e800000000000000000000000021ff0200000001000000000000000000010320655800df6249ab"], 0x0) 2.800670212s ago: executing program 2 (id=5210): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x183042, 0x15) ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0xfff}}, './file0\x00'}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000240)={0x1fff, 0x3, 0x2}, 0x18, 0x0) r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) socket$unix(0x1, 0x2, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000540)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0x0, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_BURST={0x8, 0x6, 0xff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84a, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x104, 0xb}, 0x5, 0x35, 0x91f}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r11, {0x4, 0x8}, {0xffff, 0x3}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8, 0x3, 0x6, 0x1, 0x1, 0xae8e, 0x8, 0xfffffffe, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x240000b0}, 0x4890) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000001c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56561, 0x70bd2c, 0x1, {0x0, 0x0, 0x0, r13, {0x0, 0xd}, {0xb, 0x8}, {0xc, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0185647, &(0x7f0000000100)={0xf00000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0xf0f027, 0x0, '\x00', @p_u16=0x0}}) socket$unix(0x1, 0x1, 0x0) 2.541285428s ago: executing program 4 (id=5213): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25ffdbfd, {0x0, 0x0, 0x0, r2, {0xfff2, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x1}, {0x0, 0x6, 0x0, 0x4, 0x6, 0x0, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24041090}, 0x20000000) r3 = socket$unix(0x1, 0x2, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000001c40)) move_pages(0x0, 0x3, &(0x7f0000000140)=[&(0x7f0000001000/0x4000)=nil, &(0x7f0000001000/0x2000)=nil, &(0x7f0000001000/0x3000)=nil], &(0x7f00000001c0)=[0x1], &(0x7f0000000000), 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r6, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000180)='Y', 0x1}], 0x1}, 0x8014) 2.447688552s ago: executing program 4 (id=5214): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc801}, 0x20000810) 2.352639396s ago: executing program 4 (id=5215): r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in=@loopback}, @in6=@remote, {@in=@remote, @in=@broadcast, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56befe125658cb64}, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x20, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0xfffffff9}, [@tmpl={0x84, 0x5, [{{@in=@broadcast, 0x4d3, 0x3c}, 0xa, @in6=@loopback, 0x3505, 0x2, 0x0, 0xac, 0x3, 0x1, 0x9}, {{@in6=@loopback, 0x4d5, 0x6c}, 0xa, @in=@remote, 0x3505, 0x3, 0x1, 0xf9, 0x6, 0x3, 0x200}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4048011}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c4000000190001000000000000004000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) (fail_nth: 9) 1.70648976s ago: executing program 2 (id=5216): set_mempolicy(0x1, &(0x7f0000000e80)=0x1ff, 0x7582) (async) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000080)=0x80000007, 0x4) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x2c, 0x40, 0x107, 0xfffffefe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @generic="8231b6fa"]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) syz_clone(0xc1003000, 0x0, 0x0, &(0x7f00000014c0), 0x0, 0x0) 1.697991755s ago: executing program 4 (id=5217): r0 = syz_io_uring_setup(0xaf7, &(0x7f0000000080)={0x0, 0x9900, 0x200, 0x2, 0x6d}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) r1 = eventfd2(0x4, 0x1) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f00000001c0)=r1, 0x1) syz_emit_ethernet(0x7a, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa3486dd6076db4000442f00fe80e800000000000000000000000021ff0200000000000000000000000000010320655800df6249ab"], 0x0) 1.664175855s ago: executing program 3 (id=5218): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x3c, @local, 0x0, 0x0, 'rr\x00', 0x0, 0xfffffffc, 0x75}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x5, 0x80000001, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x9, 0x1, 0x40}, {0x200000, 0x10000, 0x9, 0xff, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x4000, 0x1000, 0xc, 0x0, 0xb, 0xc4, 0x0, 0xf, 0x7, 0x0, 0x0, 0xfc}, {0x1, 0x0, 0x9, 0x0, 0x1, 0x0, 0x9, 0xff, 0x8, 0x0, 0x4}, {0x3001, 0xffff1000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x4b, 0x2, 0x0, 0x0, 0xff, 0x5}, {0xeeef0000, 0xeeee8000, 0x3, 0x4, 0x4, 0x0, 0xa1, 0x20}, {0x0, 0x6000, 0x0, 0x0, 0x0, 0x7, 0x28, 0x40, 0xe0, 0x0, 0x0, 0x2}, {0x80a0000, 0x3}, {0xdddd1000}, 0xfdfcfffb, 0x0, 0x0, 0x100, 0x3, 0xf801, 0x0, [0x80000001, 0x0, 0x1]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x1c, 0x16, 0x107, 0x70bd2c, 0x25dfdbfe, {0x1d, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x136}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44815}, 0x8010) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000240)=@arm64={0x6, 0xd, 0x7, '\x00', 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x4) fcntl$setlease(r4, 0x400, 0x0) open(&(0x7f0000000000)='./file0\x00', 0xc0200, 0x109) 1.588960184s ago: executing program 4 (id=5219): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) r1 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1e) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) sendmsg$can_raw(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c015}, 0x4000811) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="50000000090601020000000000000000030000000900020073797a31000000000500010007000000280007800c00018008000140000000000c00148008000140ac1414190c0002800800014064010101a372ca8ecea28a3cc8377383f98e794e537c34aab2936423426f22cb08fb9867"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5758661d46}, 0x4) recvmmsg(r2, &(0x7f0000001cc0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40012102, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r5 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_buf(r5, 0x1, 0x10, &(0x7f0000000440)=""/103, &(0x7f00000004c0)=0x67) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) 1.586753605s ago: executing program 1 (id=5220): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_usb_connect(0x3, 0x2d, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x101042, 0x0) r0 = socket(0x2b, 0x1, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000140)=0xfb78, 0x4) read$char_usb(0xffffffffffffffff, &(0x7f0000000480)=""/74, 0x4a) r1 = landlock_create_ruleset(&(0x7f0000000080)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0xe) 1.291817663s ago: executing program 3 (id=5221): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x20000080) sendto(r3, 0x0, 0x0, 0x0, 0x0, 0x0) munlock(&(0x7f0000675000/0x4000)=nil, 0x4000) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x1d1}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2b, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff4}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x40, '\x00', 0x7, 0x4, 0xc9c, 0x80000000}}}}]}, 0x48}}, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000000)=@ethtool_wolinfo={0x11, 0x80000001, 0x2}}) r4 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4) sendto$unix(r4, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) r5 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r5, 0x8) 1.291531393s ago: executing program 2 (id=5222): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r3, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500090000001400040073"], 0x58}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1438a}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000880}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f00000000c0)=@ethtool_modinfo={0x42, 0xffff, 0x1}}) 1.225623559s ago: executing program 0 (id=5223): add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x69, @string={0x69, 0x3, "f7d589081fb71a3c151a32c1b4a870ab1284429683a07f86bd6143f4b0481d425bbcc7edc9a6452f479d3b75814ef5908f996b31b93c9785d1bade896056fa8b8c21d39b5de28fe482c818968a996217601660030981edd1ac806ee8c2c7881b2c573c4fc63780"}}, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) (async) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) (async) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x69, @string={0x69, 0x3, "f7d589081fb71a3c151a32c1b4a870ab1284429683a07f86bd6143f4b0481d425bbcc7edc9a6452f479d3b75814ef5908f996b31b93c9785d1bade896056fa8b8c21d39b5de28fe482c818968a996217601660030981edd1ac806ee8c2c7881b2c573c4fc63780"}}, 0x0, 0x0}, 0x0) (async) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") (async) 1.14869656s ago: executing program 3 (id=5224): unshare(0x2a020400) bpf$MAP_CREATE(0x0, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000080) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0f0700000000fcffffff0c00000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, 0x0, 0x0) r4 = socket$kcm(0x2, 0xa, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000) 1.014814616s ago: executing program 3 (id=5225): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc801}, 0x20000810) 977.417481ms ago: executing program 2 (id=5226): openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) write(r0, &(0x7f0000000040)="57abfb935bdcf8bb783a2e2419d1c97bb6c1f2", 0x13) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffe0000000002, 0xfa0f, 0xffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000200)={'vxcan1\x00', &(0x7f00000001c0)=@ethtool_wolinfo={0x6, 0xc91, 0x3, "3e1a0448e5be"}}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, 0x0, 0x80}}], 0x1, 0x4000004) r2 = socket(0x11, 0x800000002, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000540)={'wlan0\x00', {0x2, 0x0, @private=0xf30a4000}}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0) 927.849862ms ago: executing program 3 (id=5227): timer_create(0x7, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r2 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) r3 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in=@loopback}, @in6=@remote, {@in=@remote, @in=@broadcast, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56befe125658cb64}, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x20, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0xfffffff9}, [@tmpl={0x84, 0x5, [{{@in=@broadcast, 0x4d3, 0x3c}, 0xa, @in6=@loopback, 0x3505, 0x2, 0x0, 0xac, 0x3, 0x1, 0x9}, {{@in6=@loopback, 0x4d5, 0x6c}, 0xa, @in=@remote, 0x3505, 0x3, 0x1, 0xf9, 0x6, 0x3, 0x200}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4048011}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c4000000190001000000000000004000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) timer_create(0x1, &(0x7f0000000200)={0x0, 0x5, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000280)) 872.719598ms ago: executing program 1 (id=5228): r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$vim2m(&(0x7f0000000180), 0x80000000, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) poll(&(0x7f0000000280)=[{r1, 0x8702}], 0x1, 0x2) r2 = socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000000)='.\x00', 0x400017e) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x42000, 0x85) getdents(r7, &(0x7f0000000680)=""/160, 0xa0) r8 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r8, &(0x7f0000001b80)=[{&(0x7f0000000500)=""/101, 0x65}], 0x1, 0x0, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="001800003b88ecc76d29100b0759448d5aa57c6c27aba6a9230edfd3c598302af528c6beb10604dee3c514bd4b5ded693aa26685b5430021ee2a106ae1b5f66ca51f1b05609e00bdb75adf780edc58045249cb85b49604ff3c6b5bfc9638ca99d50b655ab828f82ea284a206508207cc6a6b82ec9d00c0f3de01c02a0f9e0b5b621b64a43303e5dd06115e39b4b7357fcfba9c0e8f9e4aaee7e6e0eb45693392baeab09204006f7e484fa9c1a82f6f69a7dfa46d449d8eab353ef50d", @ANYRES16=r9, @ANYBLOB="010029bd7000feffffff0200000008000300", @ANYRES32=r4, @ANYBLOB="0800a00076090000080026006c09000008009f0005000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000040) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000002240)={'syztnl1\x00', 0x0, 0x29, 0xfb, 0x53, 0x1000081, 0x7f, @mcast2, @mcast2={0xff, 0x5}, 0x8000, 0x8000, 0x3, 0xd04}}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYBLOB="2c00000019001d002cbd7000000000000a001000fe0300020030000008001e00000400000800170045d10000"], 0x2c}, 0x1, 0x0, 0x0, 0x880}, 0x4000050) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r11 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_SET_REGS(r13, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0xe34, 0x173e, 0xfffffffffffffffc, 0x400010003, 0x1, 0x1000, 0x1000000000008, 0x7d, 0x0, 0x0, 0xc, 0x2, 0x1, 0x2000000000001, 0x4], 0xeeee0000, 0x1004c5}) ioctl$KVM_RUN(r13, 0xae80, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x12, r0, 0x0) 872.194994ms ago: executing program 4 (id=5229): syz_usb_connect$uac1(0x4, 0x72, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000200000010410e42424000010203010902e41360000301e4c0080904000000010100000a2401c5a20a0002012a6a040100000102000009040101010102000009050109100005080707250104077c0d09040200000102000009040201010102000009f3a2e380020800140725010cb60800"], 0x0) personality(0x8040000) io_setup(0xffff, &(0x7f0000001e00)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x6657, &(0x7f0000000d40)={0x0, 0x3cfe}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) syz_clone(0x600, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') fchdir(r2) exit(0xffff) pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='.\x00') sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000006000000000a00000008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000400000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000001d001b0000000000000000000000000000000000000000000000000000000000dd0200000000000000000000000000000001000284010500b814143b000000000000000000000000000004d32b00000000000000ac14140c000000000000000000000000000000000000ff00000000000000000000000000fc020000000000000000000000000000000000003200000000000000ac1414aa000000000000000000000000000000000100000000000000ffffffff0000000000000000000000000000000000000001000000003c00000002000000fc0000000000000000000000000000010000000001030000000000000600000000000000ff020000000000000000000000000001000000003c00000002000000fe8000000000000000000000000000aa00000000020000000000000003000000286a8b270000000000000000000000000000009e250000003c00000002"], 0x23c}}, 0x0) 696.36733ms ago: executing program 1 (id=5230): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="1400000010"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x48, r1, 0x2, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x135}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x4e}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xa}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x101}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x40) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x34, r6, 0x1, 0x10, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x33}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x7}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004001}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$mice(0xffffffffffffff9c, 0x0, 0x101042) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x20}}, 0x14}, 0x1, 0x0, 0x0, 0x20040011}, 0x24040808) recvmsg(r9, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x40000000) setsockopt$packet_int(r8, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4) setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0x8000}, 0x1c) write(r7, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0xfdef) r10 = socket$can_j1939(0x1d, 0x2, 0x7) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r11) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r6, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x41) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x4c, r1, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x69}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7f}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x14) 687.935686ms ago: executing program 3 (id=5231): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x5b) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=ANY=[], 0x33fe0}}, 0x40010) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x139502, 0x0) pipe(&(0x7f0000000140)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000002a000701fcffffff00000000057c000008000100", @ANYRES32, @ANYBLOB="a2ab8800b5d75d9b56197a78099d965e070d5d683a2afabbfe743f1e0a2f0f235df122a42f805bcf69db0f147570a977bd5c205fc0f656d4af1bc5672e432c9f88f4c1d61b7ea590ad67428a66b2ed9a01d398976f42ee9f9836c0ae0e58ce81f9b8243debea4962560d6c13da4df4869220a08ae724820f4e4c2e469834c18c44e46253b84f17b74d81ae9092ad6cc69531c2"], 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0xc000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c00168008000100bc"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r7, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000180)=0x62b8, 0x4) sendmsg$rds(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000880)=""/4092, 0xffc}], 0x1, 0x0, 0x0, 0x20000800}, 0x0) bind$inet6(r4, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x4800, &(0x7f0000b63fe4)={0xa, 0x4e23, 0x200, @loopback}, 0x1c) r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05640, &(0x7f00000000c0)={0xa, @pix={0x0, 0x0, 0x34565348, 0x0, 0x0, 0x0, 0x25}}) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) syz_open_dev$video(&(0x7f0000000280), 0x103, 0x20000) 172.54201ms ago: executing program 1 (id=5232): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="99fa3a1c872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) pidfd_getfd(0xffffffffffffffff, r3, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, r2, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x17}}}}, [@NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x58, 0xa6, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x64, 0xa6, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @device_b}, {0xa}, {0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x40, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}, {0xa}, {0xa}, {0xa, 0x6, @broadcast}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x1000}, 0x800) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="99fa3a1c872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async) pidfd_getfd(0xffffffffffffffff, r3, 0x0) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) (async) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x154, r2, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x17}}}}, [@NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x58, 0xa6, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x64, 0xa6, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @device_b}, {0xa}, {0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x40, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}, {0xa}, {0xa}, {0xa, 0x6, @broadcast}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x1000}, 0x800) (async) 0s ago: executing program 1 (id=5233): r0 = syz_open_dev$sndpcmp(&(0x7f0000000240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4110, &(0x7f0000000980)={0x0, [[0x1, 0x0, 0x7ffe], [0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x100000], [0x2, 0xfffffff9, 0x0, 0x4, 0x9b]], '\x00', [{}, {0x0, 0xb}, {0x10000, 0x80000008}, {}, {0x0, 0x1}, {0x2ea}, {}, {}, {}, {0x8}], '\x00', 0x4, 0x0, 0x0, 0x2}) syz_emit_ethernet(0x2a, &(0x7f0000019140)={@multicast, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'tunl0\x00'}) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, @vsock={0x28, 0x0, 0x2710, @host}, @nfc, @l2tp={0x2, 0x0, @empty}, 0xa00, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x10000}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r3, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902"], 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r7, &(0x7f0000000a00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x11c) readv(r7, &(0x7f0000000140), 0x0) write$UHID_DESTROY(r7, &(0x7f0000000200), 0x4) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) syz_open_dev$tty1(0xc, 0x4, 0x3) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x4800) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r8, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) kernel console output (not intermixed with test programs): T13588] usb 2-1: Manufacturer: syz [ 699.618783][T13588] usb 2-1: SerialNumber: syz [ 699.636826][T13588] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 699.652480][T13588] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 699.660526][T13588] usb 2-1: 2:1 : sample bitwidth 16 in over sample bytes 1 [ 699.672300][T13588] usb 2-1: 2:1 : invalid channels 0 [ 699.718190][ T5700] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 699.729682][ T5700] usb 3-1: config 1 interface 0 has no altsetting 0 [ 699.739557][ T5700] usb 3-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.40 [ 699.751828][ T5700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.760325][ T5700] usb 3-1: Product: Є [ 699.764654][ T5700] usb 3-1: Manufacturer: 禌戙ﶿ瀤腀㩩♡ [ 699.770844][ T5700] usb 3-1: SerialNumber: syz [ 699.854823][T13575] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 699.889552][T13575] usb 1-1: USB disconnect, device number 96 [ 700.001951][ T5700] usbhid 3-1:1.0: can't add hid device: -71 [ 700.008178][ T5700] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 700.027239][ T5700] usb 3-1: USB disconnect, device number 62 [ 700.063771][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 700.113667][ T810] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 700.265657][ T810] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 700.276305][ T810] usb 4-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 700.286492][ T810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.297122][ T810] usb 4-1: config 0 descriptor?? [ 700.309359][ T810] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 700.428635][T19612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 700.444080][T19612] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 700.456323][T19612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 700.465572][T19612] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 700.646709][T13571] usb 4-1: USB disconnect, device number 97 [ 700.663696][T13575] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 700.676749][T19613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 700.696248][T19613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 701.013652][T13575] usb 1-1: device not accepting address 97, error -71 [ 701.103735][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.194650][ T5700] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 701.353846][ T5700] usb 3-1: Using ep0 maxpacket: 32 [ 701.362253][ T5700] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.374872][ T5700] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.385153][ T5700] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 701.396941][ T5700] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.409737][ T5700] usb 3-1: config 0 descriptor?? [ 701.419386][ T5700] hub 3-1:0.0: USB hub found [ 701.755022][T19641] FAULT_INJECTION: forcing a failure. [ 701.755022][T19641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 701.771515][T19641] CPU: 1 UID: 0 PID: 19641 Comm: syz.4.4710 Tainted: G L syzkaller #0 PREEMPT(full) [ 701.771543][T19641] Tainted: [L]=SOFTLOCKUP [ 701.771550][T19641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 701.771561][T19641] Call Trace: [ 701.771569][T19641] [ 701.771577][T19641] dump_stack_lvl+0xe8/0x150 [ 701.771604][T19641] should_fail_ex+0x412/0x560 [ 701.771628][T19641] _copy_from_user+0x2d/0xb0 [ 701.771652][T19641] get_compat_msghdr+0xb3/0x4c0 [ 701.771675][T19641] ? __pfx_get_compat_msghdr+0x10/0x10 [ 701.771698][T19641] ? kfree+0x4d/0x640 [ 701.771724][T19641] ___sys_recvmsg+0x1dd/0x590 [ 701.771741][T19641] ? __lock_acquire+0x6b5/0x2cf0 [ 701.771764][T19641] ? __pfx____sys_recvmsg+0x10/0x10 [ 701.771784][T19641] ? __fget_files+0x2a/0x420 [ 701.771828][T19641] do_recvmmsg+0x3a5/0x800 [ 701.771855][T19641] ? __pfx_do_recvmmsg+0x10/0x10 [ 701.771885][T19641] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 701.771912][T19641] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 701.771938][T19641] __sys_recvmmsg+0x1a5/0x290 [ 701.771959][T19641] ? __pfx___sys_recvmmsg+0x10/0x10 [ 701.771978][T19641] ? ksys_write+0x242/0x270 [ 701.772008][T19641] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 701.772031][T19641] __do_fast_syscall_32+0x23e/0x6f0 [ 701.772051][T19641] ? do_fast_syscall_32+0x33/0x70 [ 701.772069][T19641] ? lockdep_hardirqs_on+0x7a/0x110 [ 701.772087][T19641] ? asm_int80_emulation+0x1a/0x20 [ 701.772104][T19641] ? do_int80_emulation+0x29f/0x550 [ 701.772123][T19641] ? trace_irq_disable+0x3b/0x140 [ 701.772149][T19641] do_fast_syscall_32+0x33/0x70 [ 701.772168][T19641] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 701.772189][T19641] RIP: 0023:0xf704f01c [ 701.772206][T19641] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 701.772223][T19641] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 701.772242][T19641] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000ac0 [ 701.772255][T19641] RDX: 0000000000000040 RSI: 0000000000000002 RDI: 0000000000000000 [ 701.772267][T19641] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 701.772278][T19641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 701.772288][T19641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 701.772323][T19641] [ 702.074847][ T5700] hub 3-1:0.0: 9 ports detected [ 702.276159][T19627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 702.340140][T19627] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 702.387831][ T5700] hub 3-1:0.0: insufficient power available to use all downstream ports [ 702.488957][ T5700] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 702.508549][T13588] usb 2-1: USB disconnect, device number 80 [ 702.530116][ T5700] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 702.588280][ T5700] usbhid 3-1:0.0: can't add hid device: -71 [ 702.612485][ T5700] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 702.745409][ T5700] usb 3-1: USB disconnect, device number 63 [ 702.977494][T19661] FAULT_INJECTION: forcing a failure. [ 702.977494][T19661] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 703.021981][T19661] CPU: 1 UID: 0 PID: 19661 Comm: syz.4.4715 Tainted: G L syzkaller #0 PREEMPT(full) [ 703.022011][T19661] Tainted: [L]=SOFTLOCKUP [ 703.022018][T19661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 703.022029][T19661] Call Trace: [ 703.022037][T19661] [ 703.022045][T19661] dump_stack_lvl+0xe8/0x150 [ 703.022070][T19661] should_fail_ex+0x412/0x560 [ 703.022098][T19661] _copy_from_iter+0x1d3/0x1670 [ 703.022128][T19661] ? __pfx__copy_from_iter+0x10/0x10 [ 703.022146][T19661] ? sock_alloc_send_pskb+0x896/0x990 [ 703.022172][T19661] ? __pfx__copy_from_iter+0x10/0x10 [ 703.022206][T19661] copy_page_from_iter+0x220/0x2d0 [ 703.022232][T19661] skb_copy_datagram_from_iter+0x306/0x710 [ 703.022262][T19661] packet_sendmsg+0x35b1/0x4fb0 [ 703.022296][T19661] ? __lock_acquire+0x6b5/0x2cf0 [ 703.022318][T19661] ? __lock_acquire+0x6b5/0x2cf0 [ 703.022347][T19661] ? __lock_acquire+0x6b5/0x2cf0 [ 703.022380][T19661] ? __pfx_packet_sendmsg+0x10/0x10 [ 703.022401][T19661] ? aa_sk_perm+0x6d5/0x900 [ 703.022433][T19661] ? __pfx_aa_sk_perm+0x10/0x10 [ 703.022454][T19661] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 703.022483][T19661] ? __import_iovec+0x5d4/0x7e0 [ 703.022506][T19661] ? aa_sock_msg_perm+0xf1/0x1b0 [ 703.022531][T19661] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 703.022558][T19661] ____sys_sendmsg+0x972/0x9f0 [ 703.022584][T19661] ? __pfx_____sys_sendmsg+0x10/0x10 [ 703.022606][T19661] ? kstrtoull+0x12f/0x1d0 [ 703.022639][T19661] ___sys_sendmsg+0x2a5/0x360 [ 703.022656][T19661] ? __lock_acquire+0x6b5/0x2cf0 [ 703.022678][T19661] ? __pfx____sys_sendmsg+0x10/0x10 [ 703.022698][T19661] ? get_pid_task+0x20/0x1f0 [ 703.022716][T19661] ? get_pid_task+0x20/0x1f0 [ 703.022735][T19661] ? get_pid_task+0x20/0x1f0 [ 703.022780][T19661] ? __fget_files+0x2a/0x420 [ 703.022801][T19661] ? __fget_files+0x3a0/0x420 [ 703.022831][T19661] __sys_sendmsg+0x183/0x260 [ 703.022851][T19661] ? __pfx___sys_sendmsg+0x10/0x10 [ 703.022888][T19661] __do_fast_syscall_32+0x23e/0x6f0 [ 703.022910][T19661] ? do_fast_syscall_32+0x33/0x70 [ 703.022928][T19661] ? lockdep_hardirqs_on+0x7a/0x110 [ 703.022945][T19661] ? asm_int80_emulation+0x1a/0x20 [ 703.022963][T19661] ? do_int80_emulation+0x29f/0x550 [ 703.022981][T19661] ? trace_irq_disable+0x3b/0x140 [ 703.023009][T19661] do_fast_syscall_32+0x33/0x70 [ 703.023029][T19661] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 703.023050][T19661] RIP: 0023:0xf704f01c [ 703.023066][T19661] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 703.023081][T19661] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 703.023100][T19661] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002ac0 [ 703.023114][T19661] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 703.023124][T19661] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 703.023135][T19661] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 703.023146][T19661] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 703.023173][T19661] [ 704.095718][T19675] ip6gretap0: refused to change device tx_queue_len [ 704.621354][T19694] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4728'. [ 704.784765][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 705.074625][ T5700] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 705.144000][ T810] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 705.234280][ T5700] usb 4-1: Using ep0 maxpacket: 32 [ 705.252352][ T5700] usb 4-1: config 0 has no interfaces? [ 705.282888][ T5700] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 705.299448][ T810] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 705.313792][ T5700] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.324699][ T810] usb 1-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 705.341703][ T5700] usb 4-1: Product: syz [ 705.355651][ T810] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.368908][ T5700] usb 4-1: Manufacturer: syz [ 705.417678][ T5700] usb 4-1: SerialNumber: syz [ 705.431472][ T810] usb 1-1: config 0 descriptor?? [ 705.439272][ T5700] usb 4-1: config 0 descriptor?? [ 705.482222][ T810] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 705.823791][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.006617][ T810] usb 1-1: USB disconnect, device number 99 [ 706.425261][T19715] fuse: Unknown parameter '0xffffffffffffffff' [ 706.435602][ T810] hid-generic 0003:0004:0000.0014: unknown main item tag 0x0 [ 706.445689][ T810] hid-generic 0003:0004:0000.0014: unknown main item tag 0x0 [ 706.464070][ T810] hid-generic 0003:0004:0000.0014: unknown main item tag 0x0 [ 706.490519][ T810] hid-generic 0003:0004:0000.0014: hidraw0: USB HID v0.00 Device [syz1] on syz0 [ 706.750261][T19717] fido_id[19717]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 706.871090][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 706.990428][T19736] FAULT_INJECTION: forcing a failure. [ 706.990428][T19736] name failslab, interval 1, probability 0, space 0, times 0 [ 707.034852][T19736] CPU: 0 UID: 0 PID: 19736 Comm: syz.1.4739 Tainted: G L syzkaller #0 PREEMPT(full) [ 707.034880][T19736] Tainted: [L]=SOFTLOCKUP [ 707.034890][T19736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 707.034902][T19736] Call Trace: [ 707.034911][T19736] [ 707.034919][T19736] dump_stack_lvl+0xe8/0x150 [ 707.034947][T19736] should_fail_ex+0x412/0x560 [ 707.034973][T19736] should_failslab+0xa8/0x100 [ 707.034993][T19736] __kmalloc_cache_noprof+0x88/0x660 [ 707.035019][T19736] ? tcf_block_get_ext+0x8d3/0x17d0 [ 707.035043][T19736] ? __kmalloc_cache_noprof+0x15b/0x660 [ 707.035070][T19736] tcf_block_get_ext+0x8d3/0x17d0 [ 707.035110][T19736] clsact_init+0x223/0x530 [ 707.035137][T19736] ? __pfx_clsact_init+0x10/0x10 [ 707.035164][T19736] qdisc_create+0x7c4/0xf20 [ 707.035194][T19736] tc_modify_qdisc+0x1818/0x2290 [ 707.035216][T19736] ? rcu_is_watching+0x15/0xb0 [ 707.035248][T19736] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 707.035271][T19736] ? __dev_queue_xmit+0x2b6/0x3950 [ 707.035320][T19736] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 707.035342][T19736] rtnetlink_rcv_msg+0x77e/0xbe0 [ 707.035363][T19736] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 707.035376][T19736] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 707.035389][T19736] ? ref_tracker_free+0x693/0x840 [ 707.035402][T19736] ? __pfx_ref_tracker_free+0x10/0x10 [ 707.035419][T19736] netlink_rcv_skb+0x232/0x4b0 [ 707.035436][T19736] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 707.035456][T19736] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 707.035478][T19736] ? lockdep_hardirqs_on+0x7a/0x110 [ 707.035518][T19736] netlink_unicast+0x75c/0x8e0 [ 707.035551][T19736] netlink_sendmsg+0x813/0xb40 [ 707.035584][T19736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 707.035612][T19736] ? aa_sock_msg_perm+0xf1/0x1b0 [ 707.035639][T19736] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 707.035666][T19736] ____sys_sendmsg+0x972/0x9f0 [ 707.035693][T19736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 707.035716][T19736] ? kstrtoull+0x12f/0x1d0 [ 707.035749][T19736] ___sys_sendmsg+0x2a5/0x360 [ 707.035766][T19736] ? __lock_acquire+0x6b5/0x2cf0 [ 707.035791][T19736] ? __pfx____sys_sendmsg+0x10/0x10 [ 707.035810][T19736] ? get_pid_task+0x20/0x1f0 [ 707.035832][T19736] ? get_pid_task+0x20/0x1f0 [ 707.035852][T19736] ? get_pid_task+0x20/0x1f0 [ 707.035899][T19736] ? __fget_files+0x2a/0x420 [ 707.035920][T19736] ? __fget_files+0x3a0/0x420 [ 707.035952][T19736] __sys_sendmsg+0x183/0x260 [ 707.035973][T19736] ? __pfx___sys_sendmsg+0x10/0x10 [ 707.036013][T19736] __do_fast_syscall_32+0x23e/0x6f0 [ 707.036034][T19736] ? do_fast_syscall_32+0x33/0x70 [ 707.036052][T19736] ? lockdep_hardirqs_on+0x7a/0x110 [ 707.036069][T19736] ? asm_int80_emulation+0x1a/0x20 [ 707.036087][T19736] ? do_int80_emulation+0x29f/0x550 [ 707.036105][T19736] ? trace_irq_disable+0x3b/0x140 [ 707.036133][T19736] do_fast_syscall_32+0x33/0x70 [ 707.036153][T19736] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 707.036174][T19736] RIP: 0023:0xf6fff01c [ 707.036191][T19736] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 707.036207][T19736] RSP: 002b:00000000f53ed50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 707.036227][T19736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 707.036240][T19736] RDX: 0000000004004814 RSI: 0000000000000000 RDI: 0000000000000000 [ 707.036251][T19736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 707.036262][T19736] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 707.036273][T19736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 707.036309][T19736] [ 708.805173][ T5700] usb 4-1: USB disconnect, device number 98 [ 709.194407][T19756] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 709.293685][ T5700] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 709.434274][ T810] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 709.457472][ T5700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 709.487067][ T5700] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 709.514412][ T5700] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.535122][ T5700] usb 1-1: config 0 descriptor?? [ 709.625995][ T810] usb 4-1: Using ep0 maxpacket: 8 [ 709.641829][ T810] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 709.691471][ T810] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 709.729291][ T810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 709.760708][ T5700] usbhid 1-1:0.0: can't add hid device: -71 [ 709.766892][ T810] usb 4-1: SerialNumber: syz [ 709.774392][ T5700] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 709.785854][ T810] usb 4-1: config 0 descriptor?? [ 709.798321][ T810] uvcvideo 4-1:0.0: Found UVC 0.00 device (05ac:8501) [ 709.810862][ T810] uvcvideo 4-1:0.0: No valid video chain found. [ 709.818766][ T5700] usb 1-1: USB disconnect, device number 100 [ 709.825454][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 710.011990][T19770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 710.028148][T19770] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 710.044670][ T810] usb 4-1: USB disconnect, device number 99 [ 710.333688][ T5700] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 710.494596][ T5700] usb 1-1: Using ep0 maxpacket: 16 [ 710.515270][ T5700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 710.554747][ T5700] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 710.617615][ T5700] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.668200][ T5700] usb 1-1: config 0 descriptor?? [ 710.708350][ T5700] uvcvideo 1-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 710.738085][ T5700] uvcvideo 1-1:0.0: No valid video chain found. [ 710.863822][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 710.907338][ T5700] usb 1-1: USB disconnect, device number 101 [ 710.923663][ T810] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 711.096404][ T810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 711.118388][ T810] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 711.139993][ T810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.172552][ T810] usb 4-1: config 0 descriptor?? [ 711.390220][T19803] bond4: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 711.404416][ T810] usbhid 4-1:0.0: can't add hid device: -71 [ 711.412230][ T810] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 711.436941][ T810] usb 4-1: USB disconnect, device number 100 [ 711.453260][T19803] bond4 (unregistering): Released all slaves [ 711.874235][ T810] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 711.913781][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 712.044719][ T810] usb 4-1: Using ep0 maxpacket: 16 [ 712.060094][ T810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 712.089853][ T810] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 712.110020][ T810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.141688][ T810] usb 4-1: config 0 descriptor?? [ 712.167842][ T810] uvcvideo 4-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 712.202683][ T810] uvcvideo 4-1:0.0: No valid video chain found. [ 712.420463][T13571] usb 4-1: USB disconnect, device number 101 [ 712.508366][T19825] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4765'. [ 712.554770][T19825] netem: unknown loss type 0 [ 712.845690][T19833] FAULT_INJECTION: forcing a failure. [ 712.845690][T19833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 712.886816][T19833] CPU: 0 UID: 0 PID: 19833 Comm: syz.4.4769 Tainted: G L syzkaller #0 PREEMPT(full) [ 712.886847][T19833] Tainted: [L]=SOFTLOCKUP [ 712.886855][T19833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 712.886866][T19833] Call Trace: [ 712.886875][T19833] [ 712.886883][T19833] dump_stack_lvl+0xe8/0x150 [ 712.886910][T19833] should_fail_ex+0x412/0x560 [ 712.886936][T19833] _copy_to_user+0x31/0xb0 [ 712.886961][T19833] simple_read_from_buffer+0xe1/0x170 [ 712.886988][T19833] proc_fail_nth_read+0x1bb/0x230 [ 712.887015][T19833] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 712.887040][T19833] ? rw_verify_area+0x2a6/0x4d0 [ 712.887065][T19833] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 712.887089][T19833] vfs_read+0x20c/0xa70 [ 712.887121][T19833] ? __pfx___mutex_lock+0x10/0x10 [ 712.887143][T19833] ? __pfx_vfs_read+0x10/0x10 [ 712.887169][T19833] ? __fget_files+0x2a/0x420 [ 712.887195][T19833] ? __fget_files+0x3a0/0x420 [ 712.887215][T19833] ? __fget_files+0x2a/0x420 [ 712.887244][T19833] ksys_read+0x150/0x270 [ 712.887270][T19833] ? __pfx_ksys_read+0x10/0x10 [ 712.887299][T19833] ? asm_int80_emulation+0x1a/0x20 [ 712.887323][T19833] do_int80_emulation+0x19a/0x550 [ 712.887343][T19833] ? trace_irq_disable+0x3b/0x140 [ 712.887367][T19833] ? asm_int80_emulation+0x1a/0x20 [ 712.887384][T19833] ? clear_bhb_loop+0x40/0x90 [ 712.887401][T19833] ? clear_bhb_loop+0x40/0x90 [ 712.887423][T19833] asm_int80_emulation+0x1a/0x20 [ 712.887441][T19833] RIP: 0023:0xf71861ab [ 712.887458][T19833] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 712.887474][T19833] RSP: 002b:00000000f543d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 712.887494][T19833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f543d5d0 [ 712.887507][T19833] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 712.887518][T19833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 712.887529][T19833] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 712.887539][T19833] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 712.887566][T19833] [ 713.993778][T13571] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 714.154053][T13571] usb 1-1: Using ep0 maxpacket: 32 [ 714.165465][T13571] usb 1-1: config 9 has an invalid interface number: 37 but max is 3 [ 714.174668][T13571] usb 1-1: config 9 has an invalid interface number: 16 but max is 3 [ 714.198232][T13571] usb 1-1: config 9 has an invalid interface number: 202 but max is 3 [ 714.214307][ T810] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 714.225472][T13571] usb 1-1: config 9 contains an unexpected descriptor of type 0x2, skipping [ 714.257070][T13571] usb 1-1: config 9 has an invalid interface number: 142 but max is 3 [ 714.289413][T13571] usb 1-1: config 9 has no interface number 0 [ 714.310808][T13571] usb 1-1: config 9 has no interface number 1 [ 714.330155][T13571] usb 1-1: config 9 has no interface number 2 [ 714.349148][T13571] usb 1-1: config 9 has no interface number 3 [ 714.364253][T13571] usb 1-1: config 9 interface 37 altsetting 255 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 714.380605][ T810] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 714.391269][T13571] usb 1-1: config 9 interface 16 altsetting 2 has an endpoint descriptor with address 0x12, changing to 0x2 [ 714.404039][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 714.424219][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 714.436225][ T810] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 714.436581][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 714.465643][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 714.477588][T13571] usb 1-1: config 9 interface 202 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 714.495061][T13571] usb 1-1: config 9 interface 202 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 714.495319][ T810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.507103][T13571] usb 1-1: config 9 interface 202 altsetting 7 has a duplicate endpoint with address 0xA, skipping [ 714.571454][ T810] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 714.595851][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0x3 has invalid maxpacket 1656, setting to 64 [ 714.634256][T13571] usb 1-1: config 9 interface 202 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 714.674403][T13571] usb 1-1: config 9 interface 202 altsetting 7 endpoint 0xC has invalid maxpacket 20288, setting to 64 [ 714.721016][T13571] usb 1-1: config 9 interface 202 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 714.756682][T13571] usb 1-1: config 9 interface 202 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 714.769885][T13571] usb 1-1: config 9 interface 142 altsetting 4 has a duplicate endpoint with address 0x1, skipping [ 714.782087][T13571] usb 1-1: config 9 interface 142 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 714.816869][T13571] usb 1-1: config 9 interface 37 has no altsetting 0 [ 714.827970][T13571] usb 1-1: config 9 interface 16 has no altsetting 0 [ 714.844840][T13571] usb 1-1: config 9 interface 202 has no altsetting 0 [ 714.859583][T13571] usb 1-1: config 9 interface 142 has no altsetting 0 [ 714.893336][T13571] usb 1-1: New USB device found, idVendor=19d2, idProduct=1076, bcdDevice=90.bb [ 714.903107][T13571] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.911368][T13571] usb 1-1: Product: syz [ 714.917260][T13571] usb 1-1: Manufacturer: syz [ 714.921924][T13571] usb 1-1: SerialNumber: syz [ 715.119230][T19871] FAULT_INJECTION: forcing a failure. [ 715.119230][T19871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 715.170691][T19871] CPU: 0 UID: 0 PID: 19871 Comm: syz.4.4782 Tainted: G L syzkaller #0 PREEMPT(full) [ 715.170720][T19871] Tainted: [L]=SOFTLOCKUP [ 715.170727][T19871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 715.170738][T19871] Call Trace: [ 715.170747][T19871] [ 715.170754][T19871] dump_stack_lvl+0xe8/0x150 [ 715.170777][T19871] should_fail_ex+0x412/0x560 [ 715.170803][T19871] _copy_to_iter+0x1e4/0x17d0 [ 715.170835][T19871] ? lockdep_hardirqs_on+0x7a/0x110 [ 715.170855][T19871] ? __pfx__copy_to_iter+0x10/0x10 [ 715.170870][T19871] ? __lock_acquire+0x6b5/0x2cf0 [ 715.170888][T19871] __skb_datagram_iter+0x41a/0x980 [ 715.170901][T19871] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 715.170916][T19871] skb_copy_datagram_iter+0xb5/0x240 [ 715.170939][T19871] tcp_peek_sndq+0xb7/0x230 [ 715.170963][T19871] tcp_recvmsg_locked+0x33cc/0x3720 [ 715.170989][T19871] ? ima_match_policy+0x2146/0x21e0 [ 715.171018][T19871] ? process_measurement+0x451/0x1c80 [ 715.171033][T19871] ? process_measurement+0x451/0x1c80 [ 715.171052][T19871] ? __lock_acquire+0x6b5/0x2cf0 [ 715.171064][T19871] ? __pfx_tcp_recvmsg_locked+0x10/0x10 [ 715.171083][T19871] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 715.171110][T19871] ? process_measurement+0x195e/0x1c80 [ 715.171131][T19871] ? process_measurement+0x361/0x1c80 [ 715.171163][T19871] ? do_raw_spin_lock+0x12b/0x2f0 [ 715.171177][T19871] ? lock_sock_nested+0x6a/0x100 [ 715.171191][T19871] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 715.171208][T19871] ? tcp_recvmsg+0x1e4/0x7e0 [ 715.171222][T19871] ? __local_bh_enable_ip+0xd0/0x130 [ 715.171245][T19871] tcp_recvmsg+0x205/0x7e0 [ 715.171272][T19871] ? __pfx_aa_sk_perm+0x10/0x10 [ 715.171295][T19871] ? __pfx_tcp_recvmsg+0x10/0x10 [ 715.171318][T19871] ? sock_rps_record_flow+0x19/0x350 [ 715.171331][T19871] ? inet_recvmsg+0xb3/0x120 [ 715.171342][T19871] ? __pfx_inet_recvmsg+0x10/0x10 [ 715.171353][T19871] sock_recvmsg+0x155/0x1b0 [ 715.171368][T19871] ____sys_recvmsg+0x1e6/0x4a0 [ 715.171391][T19871] ? __pfx_____sys_recvmsg+0x10/0x10 [ 715.171408][T19871] ? get_compat_msghdr+0x34b/0x4c0 [ 715.171438][T19871] ? __lock_acquire+0x6b5/0x2cf0 [ 715.171465][T19871] ___sys_recvmsg+0x215/0x590 [ 715.171477][T19871] ? __lock_acquire+0x6b5/0x2cf0 [ 715.171489][T19871] ? __pfx____sys_recvmsg+0x10/0x10 [ 715.171502][T19871] ? __fget_files+0x2a/0x420 [ 715.171536][T19871] ? __fget_files+0x3a0/0x420 [ 715.171567][T19871] do_recvmmsg+0x3a5/0x800 [ 715.171595][T19871] ? __pfx_do_recvmmsg+0x10/0x10 [ 715.171629][T19871] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 715.171647][T19871] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 715.171662][T19871] __sys_recvmmsg+0x1a5/0x290 [ 715.171674][T19871] ? __pfx___sys_recvmmsg+0x10/0x10 [ 715.171685][T19871] ? ksys_write+0x242/0x270 [ 715.171710][T19871] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 715.171735][T19871] __do_fast_syscall_32+0x23e/0x6f0 [ 715.171756][T19871] ? do_fast_syscall_32+0x33/0x70 [ 715.171774][T19871] ? lockdep_hardirqs_on+0x7a/0x110 [ 715.171790][T19871] ? asm_int80_emulation+0x1a/0x20 [ 715.171800][T19871] ? do_int80_emulation+0x29f/0x550 [ 715.171810][T19871] ? trace_irq_disable+0x3b/0x140 [ 715.171826][T19871] do_fast_syscall_32+0x33/0x70 [ 715.171838][T19871] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 715.171853][T19871] RIP: 0023:0xf704f01c [ 715.171871][T19871] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 715.171888][T19871] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 715.171908][T19871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000d00 [ 715.171921][T19871] RDX: 0000000000000256 RSI: 0000000000010022 RDI: 0000000000000000 [ 715.171932][T19871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 715.171941][T19871] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 715.171947][T19871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 715.171962][T19871] [ 715.665268][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 716.463877][ T810] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110 [ 716.482525][ T810] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 716.515278][ T810] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 716.553356][ T810] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 716.703734][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 716.748854][T13571] option 1-1:9.37: GSM modem (1-port) converter detected [ 716.929144][T19890] futex_wake_op: syz.2.4787 tries to shift op by 36; fix this program [ 716.956729][T13571] usb 1-1: USB disconnect, device number 102 [ 716.984674][T13571] option 1-1:9.37: device disconnected [ 717.113456][T13588] usb 4-1: USB disconnect, device number 102 [ 717.244153][ T810] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 717.418016][ T810] usb 3-1: unable to get BOS descriptor or descriptor too short [ 717.436233][ T810] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 717.459409][ T810] usb 3-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40 [ 717.479237][ T810] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.502281][ T810] usb 3-1: Product: syz [ 717.512450][ T810] usb 3-1: Manufacturer: syz [ 717.520876][ T810] usb 3-1: SerialNumber: syz [ 717.548515][T19905] futex_wake_op: syz.1.4791 tries to shift op by 36; fix this program [ 717.696738][T13588] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 717.743772][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 717.791348][ T810] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 717.822949][ T810] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 717.861866][ T810] usb 3-1: 2:1 : unknown format tag 0x4 is detected. processed as MPEG. [ 717.864993][T13588] usb 4-1: Using ep0 maxpacket: 8 [ 717.890676][ T810] usb 3-1: found format II with max.bitrate = 4, frame size=7372 [ 717.911752][T13588] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 717.938151][T13588] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 717.955656][ T810] usb 3-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22) [ 717.981478][T13588] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 717.994924][ T810] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 718.036081][ T810] usb 3-1: 2:1 : unknown format tag 0x4 is detected. processed as MPEG. [ 718.037589][T13588] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 718.084337][ T810] usb 3-1: found format II with max.bitrate = 4, frame size=7372 [ 718.096802][T13588] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.119494][ T810] usb 3-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22) [ 718.146016][T13588] usb 4-1: config 0 descriptor?? [ 718.450205][ T810] usb 3-1: USB disconnect, device number 64 [ 718.637353][T13588] dragonrise 0003:0079:0006.0015: unbalanced collection at end of report description [ 718.674694][T13588] dragonrise 0003:0079:0006.0015: parse failed [ 718.696906][T13588] dragonrise 0003:0079:0006.0015: probe with driver dragonrise failed with error -22 [ 718.811799][T19902] syzkaller0: entered promiscuous mode [ 718.836958][T19902] syzkaller0: entered allmulticast mode [ 718.882055][ T5700] usb 4-1: USB disconnect, device number 103 [ 719.464283][T13588] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 719.537600][T19928] @: renamed from bond_slave_0 [ 719.624224][T13588] usb 3-1: Using ep0 maxpacket: 32 [ 719.651468][T13588] usb 3-1: config 0 has no interfaces? [ 719.667912][T13588] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 719.678352][T13588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.705018][T13588] usb 3-1: Product: syz [ 719.709318][T13588] usb 3-1: Manufacturer: syz [ 719.716232][T13588] usb 3-1: SerialNumber: syz [ 719.734252][T13588] usb 3-1: config 0 descriptor?? [ 720.449612][T13588] hid-generic 0003:0004:0000.0016: unknown main item tag 0x0 [ 720.487570][T13588] hid-generic 0003:0004:0000.0016: unknown main item tag 0x0 [ 720.511984][T13588] hid-generic 0003:0004:0000.0016: unknown main item tag 0x0 [ 720.559610][T13588] hid-generic 0003:0004:0000.0016: hidraw0: USB HID v0.00 Device [syz1] on syz0 [ 720.786570][ T6779] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 720.801697][T19971] netlink: 'syz.0.4820': attribute type 12 has an invalid length. [ 720.811930][T19971] netlink: 'syz.0.4820': attribute type 29 has an invalid length. [ 720.820098][T19971] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4820'. [ 720.830413][T19971] netlink: 'syz.0.4820': attribute type 1 has an invalid length. [ 720.849931][T19971] netlink: 'syz.0.4820': attribute type 1 has an invalid length. [ 720.866353][T19971] netlink: 'syz.0.4820': attribute type 2 has an invalid length. [ 720.925766][ T6777] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.948961][ T6777] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.980126][ T6777] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.010303][ T6777] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.476880][T19984] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4823'. [ 721.833876][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 721.940788][T19988] FAULT_INJECTION: forcing a failure. [ 721.940788][T19988] name failslab, interval 1, probability 0, space 0, times 0 [ 721.973407][T19988] CPU: 1 UID: 0 PID: 19988 Comm: syz.0.4825 Tainted: G L syzkaller #0 PREEMPT(full) [ 721.973426][T19988] Tainted: [L]=SOFTLOCKUP [ 721.973430][T19988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.973436][T19988] Call Trace: [ 721.973441][T19988] [ 721.973446][T19988] dump_stack_lvl+0xe8/0x150 [ 721.973462][T19988] should_fail_ex+0x412/0x560 [ 721.973477][T19988] should_failslab+0xa8/0x100 [ 721.973489][T19988] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 721.973504][T19988] ? perf_event_alloc+0x1cb/0x2d50 [ 721.973519][T19988] ? __lock_acquire+0x6b5/0x2cf0 [ 721.973532][T19988] perf_event_alloc+0x1cb/0x2d50 [ 721.973553][T19988] ? __lock_acquire+0x6b5/0x2cf0 [ 721.973573][T19988] ? __pfx_ptrace_triggered+0x10/0x10 [ 721.973598][T19988] ? unwind_next_frame+0xa6/0x2550 [ 721.973621][T19988] ? perf_event_create_kernel_counter+0xe0/0x630 [ 721.973635][T19988] ? __pfx_perf_event_alloc+0x10/0x10 [ 721.973648][T19988] ? perf_event_create_kernel_counter+0xe0/0x630 [ 721.973666][T19988] ? perf_event_create_kernel_counter+0xe0/0x630 [ 721.973680][T19988] ? __pfx_ptrace_triggered+0x10/0x10 [ 721.973690][T19988] perf_event_create_kernel_counter+0x11f/0x630 [ 721.973709][T19988] ptrace_set_debugreg+0xad4/0xd70 [ 721.973724][T19988] ? __pfx_ptrace_set_debugreg+0x10/0x10 [ 721.973734][T19988] ? __lock_acquire+0x6b5/0x2cf0 [ 721.973746][T19988] ? __lock_acquire+0x6b5/0x2cf0 [ 721.973759][T19988] ? _parse_integer_limit+0x1ae/0x1f0 [ 721.973794][T19988] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 721.973810][T19988] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.973820][T19988] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 721.973834][T19988] ? wait_task_inactive+0x430/0x7e0 [ 721.973856][T19988] ? __pfx_wait_task_inactive+0x10/0x10 [ 721.973872][T19988] ? putreg32+0x49e/0xb70 [ 721.973890][T19988] compat_arch_ptrace+0xdf/0x350 [ 721.973903][T19988] __ia32_compat_sys_ptrace+0x1b8/0x410 [ 721.973917][T19988] ? ksys_write+0x242/0x270 [ 721.973931][T19988] ? __pfx___ia32_compat_sys_ptrace+0x10/0x10 [ 721.973948][T19988] __do_fast_syscall_32+0x23e/0x6f0 [ 721.973960][T19988] ? do_fast_syscall_32+0x33/0x70 [ 721.973970][T19988] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.973980][T19988] ? asm_int80_emulation+0x1a/0x20 [ 721.973990][T19988] ? do_int80_emulation+0x29f/0x550 [ 721.974000][T19988] ? trace_irq_disable+0x3b/0x140 [ 721.974016][T19988] do_fast_syscall_32+0x33/0x70 [ 721.974028][T19988] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 721.974040][T19988] RIP: 0023:0xf7fc501c [ 721.974050][T19988] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 721.974059][T19988] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 000000000000001a [ 721.974071][T19988] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000000004ce [ 721.974078][T19988] RDX: 0000000000000118 RSI: 0000000000000007 RDI: 0000000000000000 [ 721.974085][T19988] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 721.974090][T19988] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 721.974097][T19988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 721.974111][T19988] [ 722.440053][T13588] usb 3-1: USB disconnect, device number 65 [ 722.692617][T20002] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4829'. [ 722.735872][T20005] : renamed from veth0_vlan (while UP) [ 722.774011][ T810] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 722.801528][T20008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4831'. [ 722.854194][T13588] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 722.863788][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 722.947248][ T810] usb 4-1: Using ep0 maxpacket: 16 [ 722.956866][ T810] usb 4-1: config 0 has an invalid interface number: 68 but max is 0 [ 722.966267][ T810] usb 4-1: config 0 has no interface number 0 [ 722.972521][ T810] usb 4-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid maxpacket 254, setting to 64 [ 722.987663][ T810] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 722.997675][ T810] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.007852][ T810] usb 4-1: Product: syz [ 723.008639][T13588] usb 3-1: config 0 has an invalid interface number: 69 but max is 0 [ 723.013855][ T810] usb 4-1: Manufacturer: syz [ 723.025827][ T810] usb 4-1: SerialNumber: syz [ 723.030554][T13588] usb 3-1: config 0 has no interface number 0 [ 723.033348][ T810] usb 4-1: config 0 descriptor?? [ 723.041868][T13588] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 723.065216][T13588] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 723.088200][T13588] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 723.099386][T13588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.101650][ T810] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 723.113797][T13588] usb 3-1: Product: syz [ 723.127010][T13588] usb 3-1: Manufacturer: syz [ 723.142859][T13588] usb 3-1: SerialNumber: syz [ 723.150657][T13588] usb 3-1: config 0 descriptor?? [ 723.162553][T19996] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 723.172215][T13588] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 723.190358][T13588] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 723.268835][ T143] usb 4-1: Failed to submit usb control message: -71 [ 723.276858][ T810] usb 4-1: USB disconnect, device number 104 [ 723.283046][ T143] usb 4-1: unable to send the bmi data to the device: -71 [ 723.292593][ T143] usb 4-1: unable to get target info from device [ 723.299704][ T143] usb 4-1: could not get target info (-71) [ 723.306554][ T143] usb 4-1: could not probe fw (-71) [ 723.530893][T20022] usb usb8: usbfs: process 20022 (syz.0.4835) did not claim interface 0 before use [ 723.599689][T13588] usb 3-1: USB disconnect, device number 66 [ 723.638688][T13588] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 723.651532][T13588] cyberjack 3-1:0.69: device disconnected [ 724.046407][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 724.046421][ T30] audit: type=1326 audit(1780644617.459:2697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.084634][ T30] audit: type=1326 audit(1780644617.509:2698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.131193][ T30] audit: type=1326 audit(1780644617.509:2699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=75 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.234096][T20044] Invalid logical block size (32) [ 724.251833][ T30] audit: type=1326 audit(1780644617.509:2700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.327118][ T30] audit: type=1326 audit(1780644617.509:2701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.358958][ T30] audit: type=1326 audit(1780644617.509:2702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.452661][ T30] audit: type=1326 audit(1780644617.509:2703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.599201][ T30] audit: type=1326 audit(1780644617.509:2704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.653430][ T30] audit: type=1326 audit(1780644617.509:2705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.679526][T13588] usb 3-1: new low-speed USB device number 67 using dummy_hcd [ 724.757544][ T30] audit: type=1326 audit(1780644617.509:2706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20038 comm="syz.4.4841" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704f01c code=0x7ffc0000 [ 724.855752][T13588] usb 3-1: unable to get BOS descriptor or descriptor too short [ 724.866628][T13588] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 724.900422][T13588] usb 3-1: string descriptor 0 read error: -22 [ 724.911815][T13588] usb 3-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=b2.43 [ 724.943781][T13588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.996109][T13588] ttusb_dec_send_command: command bulk message failed: error -22 [ 725.036263][T13588] ttusb-dec 3-1:8.0: probe with driver ttusb-dec failed with error -22 [ 725.166542][T20065] FAULT_INJECTION: forcing a failure. [ 725.166542][T20065] name failslab, interval 1, probability 0, space 0, times 0 [ 725.185588][T20065] CPU: 1 UID: 0 PID: 20065 Comm: syz.0.4848 Tainted: G L syzkaller #0 PREEMPT(full) [ 725.185615][T20065] Tainted: [L]=SOFTLOCKUP [ 725.185622][T20065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 725.185634][T20065] Call Trace: [ 725.185643][T20065] [ 725.185651][T20065] dump_stack_lvl+0xe8/0x150 [ 725.185676][T20065] should_fail_ex+0x412/0x560 [ 725.185700][T20065] should_failslab+0xa8/0x100 [ 725.185721][T20065] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 725.185745][T20065] ? __alloc_skb+0x186/0x7d0 [ 725.185768][T20065] ? __alloc_skb+0x1d0/0x7d0 [ 725.185789][T20065] ? __local_bh_enable_ip+0xd0/0x130 [ 725.185813][T20065] __alloc_skb+0x1d0/0x7d0 [ 725.185840][T20065] netlink_sendmsg+0x5d4/0xb40 [ 725.185876][T20065] ? __pfx_netlink_sendmsg+0x10/0x10 [ 725.185904][T20065] ? aa_sock_msg_perm+0xf1/0x1b0 [ 725.185931][T20065] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 725.185957][T20065] ____sys_sendmsg+0x972/0x9f0 [ 725.185982][T20065] ? __pfx_____sys_sendmsg+0x10/0x10 [ 725.186003][T20065] ? kstrtoull+0x12f/0x1d0 [ 725.186036][T20065] ___sys_sendmsg+0x2a5/0x360 [ 725.186052][T20065] ? __lock_acquire+0x6b5/0x2cf0 [ 725.186075][T20065] ? __pfx____sys_sendmsg+0x10/0x10 [ 725.186102][T20065] ? get_pid_task+0x20/0x1f0 [ 725.186124][T20065] ? get_pid_task+0x20/0x1f0 [ 725.186143][T20065] ? get_pid_task+0x20/0x1f0 [ 725.186187][T20065] ? __fget_files+0x2a/0x420 [ 725.186208][T20065] ? __fget_files+0x3a0/0x420 [ 725.186238][T20065] __sys_sendmsg+0x183/0x260 [ 725.186258][T20065] ? __pfx___sys_sendmsg+0x10/0x10 [ 725.186294][T20065] __do_fast_syscall_32+0x23e/0x6f0 [ 725.186314][T20065] ? do_fast_syscall_32+0x33/0x70 [ 725.186331][T20065] ? lockdep_hardirqs_on+0x7a/0x110 [ 725.186348][T20065] ? asm_int80_emulation+0x1a/0x20 [ 725.186365][T20065] ? do_int80_emulation+0x29f/0x550 [ 725.186383][T20065] ? trace_irq_disable+0x3b/0x140 [ 725.186411][T20065] do_fast_syscall_32+0x33/0x70 [ 725.186431][T20065] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 725.186452][T20065] RIP: 0023:0xf7fc501c [ 725.186469][T20065] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 725.186484][T20065] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 725.186504][T20065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 725.186518][T20065] RDX: 0000000024008004 RSI: 0000000000000000 RDI: 0000000000000000 [ 725.186529][T20065] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 725.186540][T20065] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 725.186551][T20065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 725.186577][T20065] [ 725.740266][ T810] usb 3-1: USB disconnect, device number 67 [ 726.078650][T20074] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 726.153980][ T5700] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 726.304543][ T5700] usb 4-1: Using ep0 maxpacket: 8 [ 726.311840][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 726.337861][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 726.393600][ T5700] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 726.427922][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 726.458809][ T5700] usb 4-1: config 0 descriptor?? [ 726.470110][T20069] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 726.554756][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 726.704554][ T5700] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 726.740917][ T5700] usb 4-1: USB disconnect, device number 105 [ 726.957316][T20081] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 727.045582][T20083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4854'. [ 727.059636][T20083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4854'. [ 727.081774][ T1019] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.099201][ T1019] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.108959][ T1019] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.121901][ T1019] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 727.197927][T20088] netlink: 'syz.2.4856': attribute type 10 has an invalid length. [ 727.583726][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 728.623854][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 728.784439][T20122] loop3: detected capacity change from 0 to 7 [ 728.807129][T20122] Dev loop3: unable to read RDB block 7 [ 728.821767][T20122] loop3: unable to read partition table [ 728.834092][T20122] loop3: partition table beyond EOD, truncated [ 728.851132][T20122] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 728.984463][T20126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4868'. [ 729.244285][ T5700] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 729.284460][T20133] binder: 20132:20133 ioctl c018620c 80000240 returned -1 [ 729.404219][ T5700] usb 4-1: Using ep0 maxpacket: 8 [ 729.426600][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 729.478044][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 729.532451][ T5700] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 729.551709][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.581269][ T5700] usb 4-1: config 0 descriptor?? [ 729.601688][T20127] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 729.746483][T16796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 729.827755][ T5700] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 729.919826][ T5700] usb 4-1: USB disconnect, device number 106 [ 730.784303][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.700179][T20169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4880'. [ 731.784383][T13588] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 731.800158][T20169] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.4880' sets config #0 [ 731.823830][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 731.838429][T20169] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2072421113 (4144842226 ns) > initial count (1961237654 ns). Using initial count to start timer. [ 731.946375][T13588] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 731.972439][T13588] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.082258][T13588] usb 4-1: config 0 descriptor?? [ 732.096928][T13588] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 732.509519][T13588] gp8psk: usb in 138 operation failed. [ 732.518884][T13588] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 732.538974][T13588] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 732.567245][T13588] usb 4-1: USB disconnect, device number 107 [ 732.724260][T13571] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 732.884424][T13571] usb 3-1: Using ep0 maxpacket: 8 [ 732.902028][T13571] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 732.935145][T13571] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 732.973953][T13571] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 732.996508][T13571] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 733.026450][T13571] usb 3-1: config 0 descriptor?? [ 733.049126][T20187] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 733.331985][T13571] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 733.364692][T13571] usb 3-1: USB disconnect, device number 68 [ 733.534282][ T5700] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 733.584692][T16795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 733.703669][ T5700] usb 4-1: device descriptor read/64, error -71 [ 733.739114][T20204] netlink: 'syz.4.4891': attribute type 5 has an invalid length. [ 733.954050][ T5700] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 734.055559][T20214] netlink: 'syz.2.4894': attribute type 3 has an invalid length. [ 734.091820][T20214] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 734.114681][ T5700] usb 4-1: device descriptor read/64, error -71 [ 734.244492][ T5700] usb usb4-port1: attempt power cycle [ 734.614409][ T5700] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 734.623809][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 734.654282][ T5700] usb 4-1: device descriptor read/8, error -71 [ 734.925589][ T5700] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 734.974377][ T5700] usb 4-1: device descriptor read/8, error -71 [ 735.070094][T20238] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 735.105393][ T5700] usb usb4-port1: unable to enumerate USB device [ 735.663746][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 736.072045][T20260] openvswitch: netlink: IP tunnel dst address not specified [ 736.112820][T20260] tcf_pedit_act: 22 callbacks suppressed [ 736.112833][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.126277][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.132690][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.139119][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.145538][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.151928][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.158360][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.164777][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.171165][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.177571][T20260] tc action pedit 'at' offset -4096 out of bounds [ 736.184000][T20260] TC_ACT_REPEAT abuse ? [ 736.535871][T20266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4910'. [ 736.704731][T16795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 736.918792][T20267] vivid-000: kernel_thread() failed [ 737.743737][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 738.329494][T20300] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 738.783765][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 739.613648][T13588] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 739.795220][T13588] usb 1-1: Using ep0 maxpacket: 32 [ 739.823241][T13588] usb 1-1: config 0 has no interfaces? [ 739.850959][T13588] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 739.882936][T13588] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.911319][T13588] usb 1-1: Product: syz [ 739.928557][T13588] usb 1-1: Manufacturer: syz [ 739.956100][T13588] usb 1-1: SerialNumber: syz [ 739.992860][T13588] usb 1-1: config 0 descriptor?? [ 740.258296][T20343] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 740.846466][T13588] hid-generic 0003:0004:0000.0017: unknown main item tag 0x0 [ 740.878877][T13588] hid-generic 0003:0004:0000.0017: unknown main item tag 0x0 [ 740.946387][T13588] hid-generic 0003:0004:0000.0017: unknown main item tag 0x0 [ 741.029118][T13588] hid-generic 0003:0004:0000.0017: hidraw0: USB HID v0.00 Device [syz1] on syz0 [ 741.236971][T20360] fido_id[20360]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 741.275276][ T6779] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 741.453653][ T5700] usb 3-1: new low-speed USB device number 69 using dummy_hcd [ 741.627533][ T5700] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 741.653409][ T5700] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 741.669362][ T5700] usb 3-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 741.678857][ T5700] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.690979][ T5700] usb 3-1: config 0 descriptor?? [ 742.118446][T20366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 742.161770][T20366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 742.199293][T20366] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4940'. [ 742.284162][ T6779] bond3 (unregistering): (slave geneve2): Releasing active interface [ 742.303815][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 742.429429][ T6779] team0: Port device bridge1 removed [ 742.580257][ T6779] team0: Port device bond0 removed [ 742.593458][ T6779] bond0 (unregistering): Released all slaves [ 742.658744][ T6779] bond1 (unregistering): (slave veth5): Releasing active interface [ 742.687430][ T6779] bond1 (unregistering): Released all slaves [ 742.727294][ T6779] bond2 (unregistering): Released all slaves [ 742.779603][ T6779] bond3 (unregistering): Released all slaves [ 742.806401][T13584] usb 1-1: USB disconnect, device number 103 [ 742.812101][ T6779] bond4 (unregistering): Released all slaves [ 742.887806][ T5700] usbhid 3-1:0.0: can't add hid device: -71 [ 742.922721][ T5700] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 742.990692][ T5700] usb 3-1: USB disconnect, device number 69 [ 743.070034][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 743.070053][ T30] audit: type=1800 audit(1780644636.479:2754): pid=20391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4946" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 743.150666][T13588] IPVS: starting estimator thread 0... [ 743.294173][T20396] IPVS: using max 53 ests per chain, 127200 per kthread [ 743.310048][T20400] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 743.343757][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 743.600665][T20404] xt_CT: You must specify a L4 protocol and not use inversions on it [ 743.613363][T20407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4951'. [ 743.795147][ T6779] hsr_slave_0: left promiscuous mode [ 743.815777][ T6779] hsr_slave_1: left promiscuous mode [ 743.833877][T13571] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 743.991188][T13571] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 743.991235][T13571] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.991261][T13571] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 743.991293][T13571] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 743.998203][T13571] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 743.998233][T13571] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 743.998255][T13571] usb 3-1: Manufacturer: syz [ 744.025809][T20421] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.4956'. [ 744.037675][T13571] usb 3-1: config 0 descriptor?? [ 744.481365][T13571] appleir 0003:05AC:8243.0018: unknown main item tag 0x0 [ 744.550373][T13571] appleir 0003:05AC:8243.0018: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 744.649879][T20425] netlink: 'syz.3.4957': attribute type 8 has an invalid length. [ 744.649898][T20425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4957'. [ 744.991465][T20425] veth1_to_team: entered promiscuous mode [ 745.030140][T20425] gretap0: entered promiscuous mode [ 745.045471][T20425] veth1_to_team: left promiscuous mode [ 745.065081][T20425] gretap0: left promiscuous mode [ 745.102433][T20435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4960'. [ 745.105986][T16796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 745.591618][ T6779] IPVS: stop unused estimator thread 0... [ 745.836883][T20451] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 745.843408][T20451] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 745.876083][T20451] vhci_hcd vhci_hcd.0: Device attached [ 746.113734][T13575] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 746.135631][ T5691] usb 4-1: new low-speed USB device number 112 using dummy_hcd [ 746.143706][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 746.283677][ T5691] usb 4-1: device descriptor read/64, error -71 [ 746.524301][ T5691] usb 4-1: new low-speed USB device number 113 using dummy_hcd [ 746.538076][T20472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4971'. [ 746.567361][T13588] usb 3-1: USB disconnect, device number 70 [ 746.584756][T20472] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 746.617063][T20472] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 746.629843][T20472] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 746.650024][T20472] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4971'. [ 746.683643][ T5691] usb 4-1: device descriptor read/64, error -71 [ 746.795531][ T5691] usb usb4-port1: attempt power cycle [ 747.038730][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.046178][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.061587][T16796] team0: left allmulticast mode [ 747.072149][T16796] team_slave_0: left allmulticast mode [ 747.079246][T16796] team_slave_1: left allmulticast mode [ 747.091704][T16796] team0: left promiscuous mode [ 747.100013][T16796] team_slave_0: left promiscuous mode [ 747.112011][T16796] team_slave_1: left promiscuous mode [ 747.127536][T16796] bridge0: port 3(team0) entered disabled state [ 747.144692][ T5691] usb 4-1: new low-speed USB device number 114 using dummy_hcd [ 747.158383][T16796] bridge_slave_1: left promiscuous mode [ 747.178531][T16796] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.185848][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 747.209765][ T5691] usb 4-1: device descriptor read/8, error -71 [ 747.258467][T16796] bridge_slave_0: left allmulticast mode [ 747.275026][T16796] bridge_slave_0: left promiscuous mode [ 747.286587][T16796] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.453967][ T5691] usb 4-1: new low-speed USB device number 115 using dummy_hcd [ 747.494575][ T5691] usb 4-1: device descriptor read/8, error -71 [ 747.618253][ T5691] usb usb4-port1: unable to enumerate USB device [ 748.166171][T16796] team0: Port device bridge1 removed [ 748.384151][T16796] bond0 (unregistering): Released all slaves [ 748.418368][T16796] bond1 (unregistering): Released all slaves [ 748.450241][T20493] tipc: Cannot configure node identity twice [ 748.626638][T16796] m1Ie5n: left promiscuous mode [ 748.659877][T20518] loop4: detected capacity change from 0 to 1 [ 748.682632][T20518] Dev loop4: unable to read RDB block 1 [ 748.709350][T20518] loop4: unable to read partition table [ 748.725263][T20518] loop4: partition table beyond EOD, truncated [ 748.745747][T20518] loop_reread_partitions: partition scan of loop4 (被x^> ) failed (rc=-5) [ 748.849414][T20453] vhci_hcd: connection reset by peer [ 748.865851][ T6779] vhci_hcd vhci_hcd.3: stop threads [ 748.879283][ T6779] vhci_hcd vhci_hcd.3: release socket [ 748.892314][ T6779] vhci_hcd vhci_hcd.3: disconnect device [ 748.944884][T16796] tipc: Disabling bearer [ 748.959799][T16796] tipc: Left network mode [ 749.693933][T13577] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 749.865129][T13577] usb 4-1: Using ep0 maxpacket: 32 [ 749.903505][T13577] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 749.920057][T13577] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 749.962482][T13577] usb 4-1: config 0 interface 0 has no altsetting 0 [ 749.979500][T16796] hsr_slave_1: left promiscuous mode [ 749.987092][T13577] usb 4-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 750.027467][T13577] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.047228][T16796] veth1_macvtap: left promiscuous mode [ 750.062787][T13577] usb 4-1: config 0 descriptor?? [ 750.071292][T16796] veth0_macvtap: left promiscuous mode [ 750.102573][T16796] veth1_vlan: left promiscuous mode [ 750.120352][T16796] veth0_vlan: left promiscuous mode [ 750.545371][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.576063][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.603298][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.617536][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.628138][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.652376][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.669661][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.686337][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.709103][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.741827][T13577] elecom 0003:056E:00FB.0019: unknown main item tag 0x0 [ 750.760530][T13577] elecom 0003:056E:00FB.0019: hidraw0: USB HID v1.01 Device [HID 056e:00fb] on usb-dummy_hcd.3-1/input0 [ 750.799011][T13577] usb 4-1: USB disconnect, device number 116 [ 750.990752][T20548] fido_id[20548]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 751.187694][T16796] team0 (unregistering): Port device team_slave_1 removed [ 751.230438][T16796] team0 (unregistering): Port device team_slave_0 removed [ 751.255489][T13575] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 751.495927][T20553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4988'. [ 751.965379][T20555] pim6reg: entered allmulticast mode [ 751.989171][T20556] team0: entered allmulticast mode [ 752.355484][T20563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4991'. [ 752.380608][T16796] IPVS: stop unused estimator thread 0... [ 752.416801][ T30] audit: type=1400 audit(1780644645.839:2755): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=20559 comm="syz.4.4991" [ 752.514482][T13575] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 752.673986][T13575] usb 4-1: Using ep0 maxpacket: 8 [ 752.691139][T13575] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 752.731019][T13575] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 752.760990][T13575] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.836884][T13575] usb 4-1: config 0 descriptor?? [ 752.874615][T13575] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 752.900630][ T30] audit: type=1800 audit(1780644646.319:2756): pid=20575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4996" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 753.067799][T20562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.107818][T20562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.485332][ T5700] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 753.665533][ T5700] usb 1-1: Using ep0 maxpacket: 16 [ 753.680409][ T5700] usb 1-1: unable to get BOS descriptor or descriptor too short [ 753.700079][ T5700] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 753.723164][ T5700] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 753.747388][ T5700] usb 1-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 753.765063][ T5700] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.783511][ T5700] usb 1-1: Product: syz [ 753.789476][ T5700] usb 1-1: Manufacturer: syz [ 753.798385][ T5700] usb 1-1: SerialNumber: syz [ 753.844052][T13575] gspca_vc032x: reg_r err -110 [ 753.848935][T13575] vc032x 4-1:0.0: probe with driver vc032x failed with error -110 [ 754.016252][T20582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4998'. [ 754.038342][T20582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4998'. [ 754.210046][T20584] macvlan0: entered promiscuous mode [ 754.374971][ T5700] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 754.404128][ T5700] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 754.424223][ T5700] usb 1-1: 1:2 : does not exist [ 754.449739][T20599] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5002'. [ 754.489170][ T5700] usb 1-1: USB disconnect, device number 104 [ 754.529452][T12869] udevd[12869]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 754.743837][T13575] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 754.898643][T20605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5004'. [ 754.916420][T20605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5004'. [ 754.940750][T13575] usb 3-1: config 0 has no interfaces? [ 754.957195][T13575] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 754.970113][T13575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.988105][T13575] usb 3-1: config 0 descriptor?? [ 755.009429][T20607] : renamed from vlan0 [ 755.017986][T20605] netlink: 'syz.4.5004': attribute type 4 has an invalid length. [ 755.086073][T20609] batadv0: entered promiscuous mode [ 755.259340][T13584] usb 3-1: USB disconnect, device number 71 [ 755.320537][T13575] usb 4-1: USB disconnect, device number 117 [ 755.433718][ T5700] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 755.595412][ T5700] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 755.620131][ T5700] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 755.671478][ T5700] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 755.702810][ T5700] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.723389][ T5700] usb 1-1: Product: syz [ 755.733736][T13588] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 755.735771][ T5700] usb 1-1: Manufacturer: syz [ 755.763142][ T5700] usb 1-1: SerialNumber: syz [ 755.820977][T20623] FAULT_INJECTION: forcing a failure. [ 755.820977][T20623] name failslab, interval 1, probability 0, space 0, times 0 [ 755.845507][ T5700] cdc_mbim 1-1:1.0: skipping garbage [ 755.875365][T20623] CPU: 0 UID: 0 PID: 20623 Comm: syz.3.5011 Tainted: G L syzkaller #0 PREEMPT(full) [ 755.875383][T20623] Tainted: [L]=SOFTLOCKUP [ 755.875387][T20623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 755.875394][T20623] Call Trace: [ 755.875399][T20623] [ 755.875404][T20623] dump_stack_lvl+0xe8/0x150 [ 755.875420][T20623] should_fail_ex+0x412/0x560 [ 755.875435][T20623] should_failslab+0xa8/0x100 [ 755.875450][T20623] __kmalloc_noprof+0xe8/0x760 [ 755.875465][T20623] ? sock_kmalloc+0xd6/0x160 [ 755.875475][T20623] ? hash_recvmsg+0x130/0x840 [ 755.875489][T20623] sock_kmalloc+0xd6/0x160 [ 755.875501][T20623] hash_recvmsg+0x1d4/0x840 [ 755.875515][T20623] ? __pfx_hash_recvmsg+0x10/0x10 [ 755.875526][T20623] sock_recvmsg_nosec+0x10c/0x140 [ 755.875541][T20623] ____sys_recvmsg+0x3e3/0x4a0 [ 755.875556][T20623] ? __pfx_____sys_recvmsg+0x10/0x10 [ 755.875565][T20623] ? get_compat_msghdr+0x34b/0x4c0 [ 755.875582][T20623] ? kfree+0x4d/0x640 [ 755.875597][T20623] ___sys_recvmsg+0x215/0x590 [ 755.875607][T20623] ? __lock_acquire+0x6b5/0x2cf0 [ 755.875620][T20623] ? __pfx____sys_recvmsg+0x10/0x10 [ 755.875633][T20623] ? __fget_files+0x2a/0x420 [ 755.875667][T20623] do_recvmmsg+0x3a5/0x800 [ 755.875682][T20623] ? __pfx_do_recvmmsg+0x10/0x10 [ 755.875698][T20623] ? __mutex_unlock_slowpath+0x1be/0x6f0 [ 755.875713][T20623] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 755.875728][T20623] __sys_recvmmsg+0x1a5/0x290 [ 755.875740][T20623] ? __pfx___sys_recvmmsg+0x10/0x10 [ 755.875751][T20623] ? ksys_write+0x242/0x270 [ 755.875769][T20623] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 755.875782][T20623] __do_fast_syscall_32+0x23e/0x6f0 [ 755.875794][T20623] ? do_fast_syscall_32+0x33/0x70 [ 755.875804][T20623] ? lockdep_hardirqs_on+0x7a/0x110 [ 755.875814][T20623] ? asm_int80_emulation+0x1a/0x20 [ 755.875824][T20623] ? do_int80_emulation+0x29f/0x550 [ 755.875834][T20623] ? trace_irq_disable+0x3b/0x140 [ 755.875851][T20623] do_fast_syscall_32+0x33/0x70 [ 755.875862][T20623] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 755.875875][T20623] RIP: 0023:0xf7f7601c [ 755.875885][T20623] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 755.875894][T20623] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 755.875905][T20623] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080003700 [ 755.875913][T20623] RDX: 0000000000000600 RSI: 0000000000000000 RDI: 0000000000000000 [ 755.875919][T20623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 755.875925][T20623] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 755.875930][T20623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 755.875945][T20623] [ 756.494127][T13588] usb 3-1: unable to get BOS descriptor or descriptor too short [ 756.505030][T13588] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 756.515610][T13588] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 756.525298][T20613] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 756.557134][T13588] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 756.588900][T13588] usb 3-1: string descriptor 0 read error: -22 [ 756.599791][T13588] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 756.615994][T13588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.841692][T20628] kernel profiling enabled (shift: 5) [ 757.113724][T13575] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 757.150147][T20613] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 757.158670][ T5700] cdc_mbim 1-1:1.0: setting tx_max = 16384 [ 757.173855][ T5700] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 757.190876][ T5700] wwan wwan0: port wwan0mbim0 attached [ 757.208813][ T5700] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, fe:0f:dc:7c:d1:1c [ 757.241444][T13588] usb 3-1: 2:0: failed to get current value for ch 0 (-71) [ 757.266388][T13575] usb 4-1: Using ep0 maxpacket: 16 [ 757.286767][T13588] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 757.298057][T13575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 757.316032][T13588] usb 3-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 757.333819][T13575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 757.348036][T13588] usb 3-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1 [ 757.360648][T13575] usb 4-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 757.395990][T13575] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.452487][T13575] usb 4-1: config 0 descriptor?? [ 757.627135][T13588] usb 3-1: USB disconnect, device number 72 [ 757.887635][ T30] audit: type=1326 audit(1780644651.309:2757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20629 comm="syz.3.5013" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f7601c code=0x0 [ 757.896292][T20640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 757.980450][T20640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 758.868063][ T5293] 8021q: adding VLAN 0 to HW filter on device wwan0 [ 759.442428][ C1] wdm_int_callback: 1450 callbacks suppressed [ 759.442453][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.455198][ C1] wdm_int_callback: 1450 callbacks suppressed [ 759.455211][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.468850][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.475526][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.484159][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.490835][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.499467][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.506131][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.512439][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.519097][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.529584][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.536603][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.542904][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.549565][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.555996][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.562666][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.569008][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.575684][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.581995][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 759.588670][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 759.628588][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 759.640515][ T5700] usb 1-1: USB disconnect, device number 105 [ 759.676621][ T5700] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 759.964151][T13575] usbhid 4-1:0.0: can't add hid device: -71 [ 759.990781][T13575] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 760.031449][ T5700] wwan wwan0: port wwan0mbim0 disconnected [ 760.055083][T13575] usb 4-1: USB disconnect, device number 118 [ 760.159624][T20688] syzkaller0: entered promiscuous mode [ 760.183484][T20688] syzkaller0: entered allmulticast mode [ 760.508744][T20703] netlink: 'syz.1.5027': attribute type 12 has an invalid length. [ 760.528693][T20702] ip6t_REJECT: ECHOREPLY is not supported [ 760.542729][T20703] netlink: 'syz.1.5027': attribute type 29 has an invalid length. [ 760.559818][T20703] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5027'. [ 760.579831][T20703] netlink: 59 bytes leftover after parsing attributes in process `syz.1.5027'. [ 760.962320][T20713] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5028'. [ 761.623761][T13575] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 761.783951][ T5691] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 761.813929][T13575] usb 1-1: Using ep0 maxpacket: 32 [ 761.829740][T13575] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 761.860102][T13575] usb 1-1: config 0 has no interfaces? [ 761.927286][T13575] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 761.952420][T13575] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 761.971390][ T5691] usb 4-1: Using ep0 maxpacket: 32 [ 761.995438][ T5691] usb 4-1: config 0 has no interfaces? [ 762.002642][T13575] usb 1-1: Product: syz [ 762.022379][T13575] usb 1-1: Manufacturer: syz [ 762.034211][ T5691] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 762.045749][T13575] usb 1-1: SerialNumber: syz [ 762.079308][ T5691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.088087][T13575] usb 1-1: config 0 descriptor?? [ 762.111561][ T5691] usb 4-1: Product: syz [ 762.127111][ T5691] usb 4-1: Manufacturer: syz [ 762.142195][ T5691] usb 4-1: SerialNumber: syz [ 762.176767][ T5691] usb 4-1: config 0 descriptor?? [ 762.306919][ T5691] usb 1-1: USB disconnect, device number 106 [ 763.203827][ T5700] usb 1-1: new low-speed USB device number 107 using dummy_hcd [ 763.406008][ T5700] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 763.432704][ T5700] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 763.483406][ T5700] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 763.483457][ T5700] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 763.483495][ T5700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 763.483517][ T5700] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 763.486931][ T5700] usb 1-1: string descriptor 0 read error: -22 [ 763.487009][ T5700] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 763.487023][ T5700] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.488606][ T5700] usb 1-1: config 0 descriptor?? [ 763.489354][T20777] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 763.490315][ T5700] hub 1-1:0.0: bad descriptor, ignoring hub [ 763.490337][ T5700] hub 1-1:0.0: probe with driver hub failed with error -5 [ 763.504820][ T5700] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input37 [ 763.693131][T20777] FAULT_INJECTION: forcing a failure. [ 763.693131][T20777] name failslab, interval 1, probability 0, space 0, times 0 [ 763.693160][T20777] CPU: 0 UID: 0 PID: 20777 Comm: syz.0.5040 Tainted: G L syzkaller #0 PREEMPT(full) [ 763.693174][T20777] Tainted: [L]=SOFTLOCKUP [ 763.693178][T20777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 763.693185][T20777] Call Trace: [ 763.693189][T20777] [ 763.693194][T20777] dump_stack_lvl+0xe8/0x150 [ 763.693211][T20777] should_fail_ex+0x412/0x560 [ 763.693225][T20777] should_failslab+0xa8/0x100 [ 763.693236][T20777] __kmalloc_cache_noprof+0x88/0x660 [ 763.693251][T20777] ? mousedev_open+0xd4/0x4a0 [ 763.693269][T20777] mousedev_open+0xd4/0x4a0 [ 763.693284][T20777] ? do_raw_spin_unlock+0xf5/0x210 [ 763.693300][T20777] chrdev_open+0x4cd/0x5e0 [ 763.693314][T20777] ? __pfx_chrdev_open+0x10/0x10 [ 763.693331][T20777] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 763.693361][T20777] ? __pfx_chrdev_open+0x10/0x10 [ 763.693379][T20777] do_dentry_open+0x822/0x13a0 [ 763.693413][T20777] vfs_open+0x3b/0x340 [ 763.693424][T20777] ? path_openat+0x2df0/0x3860 [ 763.693440][T20777] path_openat+0x2e08/0x3860 [ 763.693461][T20777] ? __pfx_stack_trace_save+0x10/0x10 [ 763.693479][T20777] ? stack_depot_save_flags+0x33/0x810 [ 763.693495][T20777] ? __pfx_path_openat+0x10/0x10 [ 763.693507][T20777] ? __ia32_compat_sys_openat+0x131/0x160 [ 763.693522][T20777] ? __lock_acquire+0x6b5/0x2cf0 [ 763.693542][T20777] do_file_open+0x23e/0x4a0 [ 763.693570][T20777] ? __pfx_do_file_open+0x10/0x10 [ 763.693613][T20777] ? _raw_spin_unlock+0x28/0x50 [ 763.693637][T20777] ? alloc_fd+0x64b/0x6c0 [ 763.693654][T20777] do_sys_openat2+0x113/0x200 [ 763.693666][T20777] ? __fget_files+0x3a0/0x420 [ 763.693678][T20777] ? __pfx_do_sys_openat2+0x10/0x10 [ 763.693691][T20777] ? fput+0xa0/0xd0 [ 763.693704][T20777] ? ksys_write+0x242/0x270 [ 763.693719][T20777] __ia32_compat_sys_openat+0x131/0x160 [ 763.693734][T20777] __do_fast_syscall_32+0x23e/0x6f0 [ 763.693746][T20777] ? do_fast_syscall_32+0x33/0x70 [ 763.693756][T20777] ? lockdep_hardirqs_on+0x7a/0x110 [ 763.693766][T20777] ? asm_int80_emulation+0x1a/0x20 [ 763.693776][T20777] ? do_int80_emulation+0x29f/0x550 [ 763.693787][T20777] ? trace_irq_disable+0x3b/0x140 [ 763.693803][T20777] do_fast_syscall_32+0x33/0x70 [ 763.693814][T20777] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 763.693826][T20777] RIP: 0023:0xf7fc501c [ 763.693836][T20777] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 763.693845][T20777] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 763.693856][T20777] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140 [ 763.693864][T20777] RDX: 00000000001ad100 RSI: 0000000000000000 RDI: 0000000000000000 [ 763.693870][T20777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 763.693876][T20777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 763.693881][T20777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 763.693895][T20777] [ 763.712549][T20796] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5045'. [ 763.743051][ T5700] usb 1-1: USB disconnect, device number 107 [ 763.743086][ C0] usb_acecad 1-1:0.0: can't resubmit intr, dummy_hcd.0-1/input0, status -19 [ 763.881249][T20805] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5046'. [ 764.523654][ T5691] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 764.683648][ T5691] usb 3-1: Using ep0 maxpacket: 16 [ 764.690907][ T5691] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.701447][ T5691] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 764.713058][ T5691] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 764.746873][ T5691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.763379][ T5691] usb 3-1: Product: syz [ 764.767923][ T5691] usb 3-1: Manufacturer: syz [ 764.772552][ T5691] usb 3-1: SerialNumber: syz [ 764.798815][ T5691] usb 3-1: 0:2 : does not exist [ 765.002098][T20803] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5046'. [ 765.276676][ T5691] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 765.335131][T13575] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 765.422355][ T5691] usb 3-1: USB disconnect, device number 73 [ 765.514191][T13575] usb 1-1: Using ep0 maxpacket: 16 [ 765.540612][T13575] usb 1-1: config 251 has an invalid interface number: 16 but max is 0 [ 765.559666][T12869] udevd[12869]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 765.593805][T13575] usb 1-1: config 251 has an invalid descriptor of length 0, skipping remainder of the config [ 765.622000][T13575] usb 1-1: config 251 has no interface number 0 [ 765.643867][T13575] usb 1-1: config 251 interface 16 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 765.662243][T13575] usb 1-1: config 251 interface 16 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 765.679741][T13575] usb 1-1: config 251 interface 16 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 765.711020][T13575] usb 1-1: config 251 interface 16 has no altsetting 0 [ 765.730393][T13575] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=9a.63 [ 765.769900][T13575] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.795678][T13575] usb 1-1: Product: syz [ 765.807190][ T5691] usb 4-1: USB disconnect, device number 119 [ 765.830879][T13575] usb 1-1: Manufacturer: syz [ 765.847124][T13575] usb 1-1: SerialNumber: syz [ 766.020140][T20851] tipc: Enabled bearer , priority 0 [ 766.029688][T20851] syzkaller0: entered promiscuous mode [ 766.035383][T20851] syzkaller0: entered allmulticast mode [ 766.046657][T20851] tipc: Resetting bearer [ 766.056771][T20850] tipc: Resetting bearer [ 766.092194][T20850] tipc: Disabling bearer [ 766.225686][T20865] fuse: Unknown parameter 'fx' [ 766.638657][T20873] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 766.645207][T20873] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 766.658363][T20873] vhci_hcd vhci_hcd.0: Device attached [ 766.671810][T20873] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5071'. [ 766.686398][T20873] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5071'. [ 766.752689][T20873] syz_tun (unregistering): left allmulticast mode [ 766.782425][T20873] bond1: (slave syz_tun): Removing an active aggregator [ 766.815153][T20873] bond1: (slave syz_tun): Releasing backup interface [ 766.893933][ T5691] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 766.939716][T20875] vhci_hcd: connection reset by peer [ 766.947603][ T1019] vhci_hcd vhci_hcd.4: stop threads [ 766.953018][ T1019] vhci_hcd vhci_hcd.4: release socket [ 766.968993][T13577] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 767.010732][ T1019] vhci_hcd vhci_hcd.4: disconnect device [ 767.153981][T13588] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 767.163299][T13577] usb 4-1: Using ep0 maxpacket: 32 [ 767.182195][T13577] usb 4-1: config 0 has no interfaces? [ 767.196719][T13577] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 767.213002][T13577] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.235121][T13577] usb 4-1: Product: syz [ 767.244183][T13577] usb 4-1: Manufacturer: syz [ 767.264431][T13577] usb 4-1: SerialNumber: syz [ 767.286560][T13577] usb 4-1: config 0 descriptor?? [ 767.333760][T13588] usb 3-1: Using ep0 maxpacket: 32 [ 767.346484][T13588] usb 3-1: config 0 has no interfaces? [ 767.369196][T13588] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 767.379292][T13588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.416783][T13588] usb 3-1: Product: syz [ 767.429978][T13588] usb 3-1: Manufacturer: syz [ 767.439715][T13588] usb 3-1: SerialNumber: syz [ 767.482497][T13588] usb 3-1: config 0 descriptor?? [ 767.660708][T20894] bond0: entered promiscuous mode [ 767.681756][T20894] bond_slave_0: entered promiscuous mode [ 767.944537][T20900] fuse: Bad value for 'fd' [ 768.159935][T13575] usb 1-1: USB disconnect, device number 108 [ 768.351829][T20912] FAULT_INJECTION: forcing a failure. [ 768.351829][T20912] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 768.396176][T20912] CPU: 1 UID: 0 PID: 20912 Comm: syz.0.5081 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.396195][T20912] Tainted: [L]=SOFTLOCKUP [ 768.396199][T20912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 768.396206][T20912] Call Trace: [ 768.396211][T20912] [ 768.396216][T20912] dump_stack_lvl+0xe8/0x150 [ 768.396232][T20912] should_fail_ex+0x412/0x560 [ 768.396247][T20912] prepare_alloc_pages+0x22a/0x650 [ 768.396267][T20912] __alloc_frozen_pages_noprof+0x12f/0x380 [ 768.396285][T20912] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 768.396302][T20912] ? __pfx_policy_nodemask+0x10/0x10 [ 768.396318][T20912] alloc_pages_mpol+0x235/0x490 [ 768.396330][T20912] folio_alloc_mpol_noprof+0x39/0x160 [ 768.396341][T20912] shmem_alloc_and_add_folio+0x442/0xf80 [ 768.396355][T20912] ? filemap_get_entry+0xcd/0x3f0 [ 768.396374][T20912] ? __pfx_filemap_get_entry+0x10/0x10 [ 768.396387][T20912] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 768.396401][T20912] ? shmem_allowable_huge_orders+0x5ec/0x690 [ 768.396418][T20912] shmem_get_folio_gfp+0x5a9/0x1670 [ 768.396439][T20912] shmem_fault+0x179/0x390 [ 768.396459][T20912] __do_fault+0x138/0x2a0 [ 768.396474][T20912] ? do_pte_missing+0x125b/0x33f0 [ 768.396488][T20912] do_pte_missing+0x2093/0x33f0 [ 768.396508][T20912] ? handle_mm_fault+0xf1/0x3170 [ 768.396522][T20912] handle_mm_fault+0x1bf2/0x3170 [ 768.396548][T20912] ? handle_mm_fault+0xf1/0x3170 [ 768.396564][T20912] ? __pfx_handle_mm_fault+0x10/0x10 [ 768.396579][T20912] ? follow_page_pte+0x6cf/0xe60 [ 768.396607][T20912] ? __pfx_follow_page_pte+0x10/0x10 [ 768.396627][T20912] __get_user_pages+0x167f/0x2730 [ 768.396654][T20912] populate_vma_page_range+0x2be/0x3c0 [ 768.396668][T20912] ? __pfx_populate_vma_page_range+0x10/0x10 [ 768.396681][T20912] ? down_read+0x270/0x2e0 [ 768.396692][T20912] ? __mm_populate+0x173/0x390 [ 768.396705][T20912] __mm_populate+0x25f/0x390 [ 768.396717][T20912] ? __pfx___mm_populate+0x10/0x10 [ 768.396733][T20912] vm_mmap_pgoff+0x3aa/0x4f0 [ 768.396747][T20912] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 768.396758][T20912] ? ksys_write+0x242/0x270 [ 768.396775][T20912] ? ksys_mmap_pgoff+0xf3/0x760 [ 768.396788][T20912] ? __ia32_sys_mmap_pgoff+0x21/0xf0 [ 768.396802][T20912] __do_fast_syscall_32+0x23e/0x6f0 [ 768.396814][T20912] ? do_fast_syscall_32+0x33/0x70 [ 768.396824][T20912] ? lockdep_hardirqs_on+0x7a/0x110 [ 768.396834][T20912] ? asm_int80_emulation+0x1a/0x20 [ 768.396843][T20912] ? do_int80_emulation+0x29f/0x550 [ 768.396853][T20912] ? trace_irq_disable+0x3b/0x140 [ 768.396871][T20912] do_fast_syscall_32+0x33/0x70 [ 768.396882][T20912] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 768.396894][T20912] RIP: 0023:0xf7fc501c [ 768.396904][T20912] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 768.396913][T20912] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0 [ 768.396925][T20912] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000 [ 768.396932][T20912] RDX: 0000000006ebbeeb RSI: 0000000000008031 RDI: 00000000ffffffff [ 768.396939][T20912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 768.396945][T20912] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 768.396957][T20912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 768.396972][T20912] [ 769.846459][T20931] fuse: Bad value for 'fd' [ 770.244999][T13575] usb 4-1: USB disconnect, device number 120 [ 770.724497][ T5700] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 770.780059][T13575] usb 3-1: USB disconnect, device number 74 [ 770.893795][ T5700] usb 4-1: Using ep0 maxpacket: 8 [ 770.909634][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 770.953423][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 770.993983][ T5700] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 771.035607][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.063973][ T5700] usb 4-1: config 0 descriptor?? [ 771.082373][T20944] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 771.329934][ T5700] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 771.367426][ T5700] usb 4-1: USB disconnect, device number 121 [ 772.018438][T20966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5098'. [ 772.043946][T20966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5098'. [ 772.059055][ T5691] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 772.102678][T20966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5098'. [ 772.120551][ T30] audit: type=1326 audit(1780644665.539:2758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20955 comm="syz.1.5094" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fff01c code=0x7ffc0000 [ 772.165374][ T30] audit: type=1326 audit(1780644665.579:2759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20955 comm="syz.1.5094" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fff01c code=0x7ffc0000 [ 772.294904][ T30] audit: type=1326 audit(1780644665.719:2760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20955 comm="syz.1.5094" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf6fff01c code=0x7ffc0000 [ 772.328626][T13575] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 772.497503][T13575] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 772.514659][T13575] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.532686][T13575] usb 3-1: Product: syz [ 772.557547][T13575] usb 3-1: Manufacturer: syz [ 772.571632][T13575] usb 3-1: SerialNumber: syz [ 772.594870][T13575] usb 3-1: config 0 descriptor?? [ 772.612152][T13575] hub 3-1:0.0: bad descriptor, ignoring hub [ 772.622847][T13575] hub 3-1:0.0: probe with driver hub failed with error -5 [ 772.803772][ T30] audit: type=1326 audit(1780644666.219:2761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20955 comm="syz.1.5094" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fff01c code=0x7ffc0000 [ 772.865693][ T30] audit: type=1326 audit(1780644666.219:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20955 comm="syz.1.5094" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fff01c code=0x7ffc0000 [ 772.899682][T13575] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 772.941756][T13575] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 772.971062][T13575] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 772.988561][T13575] usb 3-1: media controller created [ 773.008577][T13575] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 773.063972][ T5700] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 773.128335][T13575] DVB: Unable to find symbol dib7000p_attach() [ 773.141748][T13575] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 773.245898][ T5700] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 773.270561][ T5700] usb 1-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 773.284136][T13575] rc_core: IR keymap rc-dib0700-rc5 not found [ 773.291439][T13575] Registered IR keymap rc-empty [ 773.329446][ T5700] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.367984][ T5700] usb 1-1: config 0 descriptor?? [ 773.383992][ T5700] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 773.737720][T13577] usb 1-1: USB disconnect, device number 109 [ 775.205629][T21011] sit0: entered promiscuous mode [ 775.232526][T21011] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 775.753913][ T5700] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 775.913917][ T5700] usb 4-1: Using ep0 maxpacket: 8 [ 775.925801][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 775.947110][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 775.963966][ T5700] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 775.974412][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.019375][ T5700] usb 4-1: config 0 descriptor?? [ 776.039077][T21013] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 776.259834][ T5700] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 776.296661][ T5700] usb 4-1: USB disconnect, device number 122 [ 776.970492][T21022] netlink: 80 bytes leftover after parsing attributes in process `syz.0.5113'. [ 777.153743][ T5691] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 777.336505][ T5691] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 777.365642][ T5691] usb 4-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 777.392216][ T5691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.436629][ T5691] usb 4-1: config 0 descriptor?? [ 777.464615][ T5691] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 777.805868][ T5691] usb 4-1: USB disconnect, device number 123 [ 778.149548][T13575] dvb-usb: could not initialize remote control. [ 778.167328][T13575] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 778.234325][T13575] usb 3-1: USB disconnect, device number 75 [ 778.430623][T13575] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 778.603779][ T5691] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 778.754273][ T5700] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 778.765728][ T5691] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 778.793528][ T5691] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 778.820613][ T5691] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 778.864349][ T5691] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 778.873859][ T5691] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.881906][ T5691] usb 1-1: Product: syz [ 778.903629][ T5691] usb 1-1: Manufacturer: syz [ 778.911055][ T5691] usb 1-1: SerialNumber: syz [ 778.932845][ T5691] usb 1-1: config 0 descriptor?? [ 778.942379][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 778.943990][T13575] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 778.990235][ T5700] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 779.015786][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.051209][ T5700] usb 4-1: config 0 descriptor?? [ 779.123923][T13575] usb 3-1: Using ep0 maxpacket: 8 [ 779.135929][T13575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 779.157996][ T5691] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 779.167252][T13575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 779.195265][T13575] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 779.212425][T13575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.231160][T13575] usb 3-1: config 0 descriptor?? [ 779.244919][T21060] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 779.273812][ T5700] usbhid 4-1:0.0: can't add hid device: -71 [ 779.290982][ T5700] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 779.315957][ T5700] usb 4-1: USB disconnect, device number 124 [ 779.437916][T13584] usb 1-1: USB disconnect, device number 110 [ 779.488979][T13575] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 779.537731][T13575] usb 3-1: USB disconnect, device number 76 [ 779.803714][ T5700] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 779.975936][ T5700] usb 4-1: Using ep0 maxpacket: 16 [ 779.995019][ T5700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 780.041620][ T5700] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 780.081110][ T5700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.117188][ T5700] usb 4-1: config 0 descriptor?? [ 780.145425][ T5700] uvcvideo 4-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 780.168535][ T5700] uvcvideo 4-1:0.0: No valid video chain found. [ 780.246930][T21078] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5132'. [ 780.348428][ T5700] usb 4-1: USB disconnect, device number 125 [ 782.044116][T21107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5140'. [ 782.672590][T21114] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5143'. [ 782.973655][T13575] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 782.993816][ T5700] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 783.135406][T13575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.163880][T13575] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 783.175103][ T5700] usb 4-1: Using ep0 maxpacket: 16 [ 783.192364][T13575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.204909][ T5700] usb 4-1: config 0 has an invalid interface number: 204 but max is 0 [ 783.226458][ T5700] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 783.247700][T13575] usb 3-1: config 0 descriptor?? [ 783.263929][ T5700] usb 4-1: config 0 has no interface number 0 [ 783.275007][ T5700] usb 4-1: config 0 interface 204 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 783.288006][ T5700] usb 4-1: config 0 interface 204 altsetting 0 endpoint 0xC has an invalid bInterval 58, changing to 9 [ 783.323815][ T5700] usb 4-1: config 0 interface 204 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 783.343718][ T5700] usb 4-1: config 0 interface 204 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 13 [ 783.360215][ T5700] usb 4-1: New USB device found, idVendor=06f8, idProduct=a302, bcdDevice=1a.0e [ 783.379804][ T5700] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.390602][ T5700] usb 4-1: Product: syz [ 783.395183][ T5700] usb 4-1: Manufacturer: syz [ 783.400015][ T5700] usb 4-1: SerialNumber: syz [ 783.417216][ T5700] usb 4-1: config 0 descriptor?? [ 783.474724][T13575] usbhid 3-1:0.0: can't add hid device: -71 [ 783.491516][T13575] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 783.531860][T13575] usb 3-1: USB disconnect, device number 77 [ 783.674056][ T5691] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 783.843623][ T5691] usb 1-1: Using ep0 maxpacket: 32 [ 783.858808][ T5691] usb 1-1: config 0 has no interfaces? [ 783.869907][ T5691] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 783.879953][ T5691] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.897674][ T5691] usb 1-1: Product: syz [ 783.904071][ T5691] usb 1-1: Manufacturer: syz [ 783.911462][ T5691] usb 1-1: SerialNumber: syz [ 783.923358][ T5691] usb 1-1: config 0 descriptor?? [ 784.003925][T13575] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 784.163746][T13575] usb 3-1: Using ep0 maxpacket: 16 [ 784.173257][T13575] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 784.188478][T13575] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 784.201805][T13575] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.217627][T13575] usb 3-1: config 0 descriptor?? [ 784.233189][T13575] uvcvideo 3-1:0.0: Found UVC 0.00 device (10c4:ea90) [ 784.241032][T13575] uvcvideo 3-1:0.0: No valid video chain found. [ 784.329078][ T5700] hid_parser_main: 28 callbacks suppressed [ 784.329092][ T5700] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0 [ 784.343524][ T5700] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0 [ 784.351976][ T5700] hid-generic 0003:0004:0000.001A: unknown main item tag 0x0 [ 784.364739][ T5700] hid-generic 0003:0004:0000.001A: hidraw0: USB HID v0.00 Device [syz1] on syz0 [ 784.474967][T21141] fido_id[21141]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 785.670539][ T5700] usb 3-1: USB disconnect, device number 78 [ 785.801992][T13575] usb 4-1: USB disconnect, device number 126 [ 785.999477][T13588] usb 1-1: USB disconnect, device number 111 [ 786.133909][ T5691] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 786.224356][T13575] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 786.250717][T21167] fuse: Bad value for 'fd' [ 786.276847][T21167] bond0: (slave macsec2): Error -34 calling dev_set_mtu [ 786.295983][ T5691] usb 3-1: unable to get BOS descriptor or descriptor too short [ 786.305738][ T5691] usb 3-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 786.318094][ T5691] usb 3-1: config 63 has 0 interfaces, different from the descriptor's value: 1 [ 786.330453][ T5691] usb 3-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 786.347787][ T5691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.359097][ T5691] usb 3-1: Product: syz [ 786.367292][ T5691] usb 3-1: Manufacturer: syz [ 786.375286][ T5691] usb 3-1: SerialNumber: syz [ 786.383838][T13575] usb 4-1: Using ep0 maxpacket: 8 [ 786.397766][T13575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 155, changing to 11 [ 786.409548][T13575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 58953, setting to 1024 [ 786.421826][T21167] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5160'. [ 786.422525][T13575] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 786.441372][T13575] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.453930][T13575] usb 4-1: config 0 descriptor?? [ 786.460042][T21158] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 786.464142][T21174] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5160'. [ 786.676393][T13575] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 786.697150][T13575] usb 4-1: USB disconnect, device number 127 [ 787.484664][T21198] netlink: 'syz.4.5171': attribute type 1 has an invalid length. [ 787.532791][T21198] 8021q: adding VLAN 0 to HW filter on device bond4 [ 787.605914][T21202] veth5: entered allmulticast mode [ 787.647793][T21202] bond4: (slave veth5): Enslaving as an active interface with a down link [ 787.697855][T21198] bond4: entered promiscuous mode [ 787.704609][T21198] bond4: entered allmulticast mode [ 787.831790][T21203] macvlan3: entered promiscuous mode [ 787.858011][T21203] macvlan3: entered allmulticast mode [ 787.880096][T21203] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 788.159092][T21207] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5172'. [ 788.223747][T13575] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 788.405139][T13575] usb 4-1: Using ep0 maxpacket: 32 [ 788.427904][T13575] usb 4-1: config 0 has no interfaces? [ 788.445729][T13575] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 788.463246][T13575] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.494436][T13575] usb 4-1: Product: syz [ 788.506752][T13575] usb 4-1: Manufacturer: syz [ 788.517156][T13575] usb 4-1: SerialNumber: syz [ 788.532083][T13575] usb 4-1: config 0 descriptor?? [ 788.848106][ T5691] usb 3-1: USB disconnect, device number 79 [ 789.407720][ T30] audit: type=1326 audit(1780644682.829:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21230 comm="syz.0.5180" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc501c code=0x40000 [ 789.927337][T21239] syzkaller0: entered promiscuous mode [ 789.933188][T21239] syzkaller0: entered allmulticast mode [ 790.002819][T21239] tipc: Enabled bearer , priority 0 [ 790.053233][T21238] tipc: Resetting bearer [ 790.098268][T21238] tipc: Disabling bearer [ 790.669744][T21247] fuse: Unknown parameter '0xffffffffffffffff' [ 790.698399][ T5700] usb 4-1: USB disconnect, device number 2 [ 790.860442][T21251] syzkaller0: entered promiscuous mode [ 790.869987][T21251] syzkaller0: entered allmulticast mode [ 791.801604][T21262] netlink: 'syz.1.5190': attribute type 1 has an invalid length. [ 791.863930][T21262] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5190'. [ 791.947548][T21267] netlink: 'syz.2.5191': attribute type 10 has an invalid length. [ 792.243977][T21274] netlink: 'syz.0.5193': attribute type 11 has an invalid length. [ 792.452947][T21274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.463974][T21274] 8021q: adding VLAN 0 to HW filter on device team0 [ 792.486570][T21274] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 792.536168][T16795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.546463][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.564143][ T6779] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.572338][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.608421][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.617529][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.626255][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.636178][T13577] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.652158][ T5700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.662114][T13584] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 792.699200][T21274] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 792.721499][T21274] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 792.749873][T21274] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 792.785164][T21275] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode [ 792.804279][T21275] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode [ 792.861075][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.868221][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 792.878145][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 792.885271][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 793.071427][T21279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5194'. [ 793.481671][T21288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5197'. [ 793.678610][T21294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5200'. [ 793.706567][T21294] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5200'. [ 793.773644][ T5700] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 793.913309][T21298] netlink: 1 bytes leftover after parsing attributes in process `syz.2.5201'. [ 793.954071][ T5700] usb 1-1: Using ep0 maxpacket: 32 [ 793.979865][ T5700] usb 1-1: config 0 has no interfaces? [ 794.008160][ T5700] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 794.026572][ T5700] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.039008][ T5700] usb 1-1: Product: syz [ 794.043260][ T5700] usb 1-1: Manufacturer: syz [ 794.050011][ T5700] usb 1-1: SerialNumber: syz [ 794.080758][ T5700] usb 1-1: config 0 descriptor?? [ 794.110709][T21295] syz.4.5199 (21295): drop_caches: 2 [ 794.602668][T13575] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0 [ 794.619033][T13575] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0 [ 794.626978][T13575] hid-generic 0003:0004:0000.001B: unknown main item tag 0x0 [ 794.668708][T13575] hid-generic 0003:0004:0000.001B: hidraw0: USB HID v0.00 Device [syz1] on syz0 [ 794.750549][T21314] fido_id[21314]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 795.051433][T21321] tipc: Enabling of bearer rejected, failed to enable media [ 795.074618][T21326] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5211'. [ 795.339858][T21334] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5215'. [ 795.365008][T21334] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5215'. [ 795.380548][T21334] FAULT_INJECTION: forcing a failure. [ 795.380548][T21334] name failslab, interval 1, probability 0, space 0, times 0 [ 795.394448][T21334] CPU: 0 UID: 0 PID: 21334 Comm: syz.4.5215 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.394479][T21334] Tainted: [L]=SOFTLOCKUP [ 795.394486][T21334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 795.394497][T21334] Call Trace: [ 795.394505][T21334] [ 795.394513][T21334] dump_stack_lvl+0xe8/0x150 [ 795.394538][T21334] should_fail_ex+0x412/0x560 [ 795.394564][T21334] should_failslab+0xa8/0x100 [ 795.394585][T21334] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 795.394612][T21334] ? __alloc_skb+0x1d0/0x7d0 [ 795.394635][T21334] ? __local_bh_enable_ip+0xd0/0x130 [ 795.394660][T21334] __alloc_skb+0x1d0/0x7d0 [ 795.394689][T21334] xfrm_alloc_compat+0x1a6/0x16f0 [ 795.394719][T21334] ? xfrm_get_translator+0x1b/0x240 [ 795.394743][T21334] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 795.394769][T21334] xfrm_nlmsg_multicast+0xda/0x1f0 [ 795.394793][T21334] xfrm_send_policy_notify+0xb54/0x1c10 [ 795.394823][T21334] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 795.394844][T21334] ? km_policy_notify+0x28/0x200 [ 795.394866][T21334] ? km_policy_notify+0x28/0x200 [ 795.394889][T21334] ? __local_bh_enable_ip+0xd0/0x130 [ 795.394907][T21334] ? lockdep_hardirqs_on+0x7a/0x110 [ 795.394927][T21334] ? __local_bh_enable_ip+0xd0/0x130 [ 795.394945][T21334] ? km_policy_notify+0x28/0x200 [ 795.394967][T21334] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 795.394988][T21334] km_policy_notify+0x121/0x200 [ 795.395008][T21334] ? km_policy_notify+0x28/0x200 [ 795.395031][T21334] xfrm_add_policy+0x4ef/0x820 [ 795.395059][T21334] ? __pfx_xfrm_add_policy+0x10/0x10 [ 795.395086][T21334] ? __nla_parse+0x40/0x60 [ 795.395112][T21334] xfrm_user_rcv_msg+0x7ae/0xc40 [ 795.395140][T21334] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 795.395196][T21334] ? __pfx___mutex_trylock_common+0x10/0x10 [ 795.395222][T21334] ? rcu_is_watching+0x15/0xb0 [ 795.395245][T21334] ? trace_contention_end+0x3d/0x140 [ 795.395270][T21334] ? __mutex_lock+0x319/0x1550 [ 795.395297][T21334] netlink_rcv_skb+0x232/0x4b0 [ 795.395324][T21334] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 795.395348][T21334] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 795.395394][T21334] ? netlink_deliver_tap+0x2e/0x1b0 [ 795.395420][T21334] ? netlink_deliver_tap+0x2e/0x1b0 [ 795.395449][T21334] xfrm_netlink_rcv+0x79/0x90 [ 795.395471][T21334] netlink_unicast+0x75c/0x8e0 [ 795.395506][T21334] netlink_sendmsg+0x813/0xb40 [ 795.395541][T21334] ? __pfx_netlink_sendmsg+0x10/0x10 [ 795.395571][T21334] ? aa_sock_msg_perm+0xf1/0x1b0 [ 795.395599][T21334] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 795.395625][T21334] ____sys_sendmsg+0x972/0x9f0 [ 795.395652][T21334] ? __pfx_____sys_sendmsg+0x10/0x10 [ 795.395675][T21334] ? kstrtoull+0x12f/0x1d0 [ 795.395709][T21334] ___sys_sendmsg+0x2a5/0x360 [ 795.395726][T21334] ? __lock_acquire+0x6b5/0x2cf0 [ 795.395750][T21334] ? __pfx____sys_sendmsg+0x10/0x10 [ 795.395771][T21334] ? get_pid_task+0x20/0x1f0 [ 795.395794][T21334] ? get_pid_task+0x20/0x1f0 [ 795.395814][T21334] ? get_pid_task+0x20/0x1f0 [ 795.395862][T21334] ? __fget_files+0x2a/0x420 [ 795.395883][T21334] ? __fget_files+0x3a0/0x420 [ 795.395914][T21334] __sys_sendmsg+0x183/0x260 [ 795.395935][T21334] ? __pfx___sys_sendmsg+0x10/0x10 [ 795.395975][T21334] __do_fast_syscall_32+0x23e/0x6f0 [ 795.395996][T21334] ? do_fast_syscall_32+0x33/0x70 [ 795.396015][T21334] ? lockdep_hardirqs_on+0x7a/0x110 [ 795.396033][T21334] ? asm_int80_emulation+0x1a/0x20 [ 795.396051][T21334] ? do_int80_emulation+0x29f/0x550 [ 795.396069][T21334] ? trace_irq_disable+0x3b/0x140 [ 795.396098][T21334] do_fast_syscall_32+0x33/0x70 [ 795.396118][T21334] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 795.396140][T21334] RIP: 0023:0xf704f01c [ 795.396158][T21334] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 795.396173][T21334] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 795.396192][T21334] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180 [ 795.396205][T21334] RDX: 000000002c000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 795.396217][T21334] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 795.396228][T21334] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 795.396240][T21334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 795.396269][T21334] [ 796.185521][T21341] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 796.418513][T13575] usb 1-1: USB disconnect, device number 112 [ 796.447701][T21352] netlink: 'syz.2.5222': attribute type 11 has an invalid length. [ 796.575990][T21352] 8021q: adding VLAN 0 to HW filter on device team0 [ 796.873671][T13575] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 796.909051][T21365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5227'. [ 796.942024][T21365] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5227'. [ 797.044916][T13575] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 797.071510][T13575] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 797.099700][T13575] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.136420][T13575] usb 1-1: config 0 descriptor?? [ 797.249601][T21378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5230'. [ 797.327070][T21373] af_packet: tpacket_rcv: packet too big, clamped from 65007 to 3952. macoff=96 [ 797.474190][T21371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5229'. [ 797.559016][T13575] keytouch 0003:0926:3333.001C: fixing up Keytouch IEC report descriptor [ 797.609693][T13575] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.001C/input/input39 [ 797.758511][T13575] keytouch 0003:0926:3333.001C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 798.110628][ C1] [ 798.112997][ C1] ======================================================== [ 798.120194][ C1] WARNING: possible irq lock inversion dependency detected [ 798.127405][ C1] syzkaller #0 Tainted: G L [ 798.133395][ C1] -------------------------------------------------------- [ 798.140597][ C1] syz.3.5231/21377 just changed the state of lock: [ 798.147110][ C1] ffff888036934230 (&dev->event_lock#2){..-.}-{3:3}, at: input_event+0x71/0xc0 [ 798.156122][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 798.164076][ C1] (tasklist_lock){.+.+}-{3:3} [ 798.164096][ C1] [ 798.164096][ C1] [ 798.164096][ C1] and interrupts could create inverse lock ordering between them. [ 798.164096][ C1] [ 798.183109][ C1] [ 798.183109][ C1] other info that might help us debug this: [ 798.191149][ C1] Chain exists of: [ 798.191149][ C1] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 798.191149][ C1] [ 798.204082][ C1] Possible interrupt unsafe locking scenario: [ 798.204082][ C1] [ 798.212383][ C1] CPU0 CPU1 [ 798.217727][ C1] ---- ---- [ 798.223069][ C1] lock(tasklist_lock); [ 798.224964][T16789] net_ratelimit: 7 callbacks suppressed [ 798.224978][T16789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 798.227295][ C1] local_irq_disable(); [ 798.227305][ C1] lock(&dev->event_lock [ 798.232992][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 798.240882][ C1] #2); [ 798.240896][ C1] lock(&new->fa_lock); [ 798.240912][ C1] [ 798.240917][ C1] lock(&dev->event_lock#2); [ 798.240938][ C1] [ 798.240938][ C1] *** DEADLOCK *** [ 798.240938][ C1] [ 798.240947][ C1] no locks held by syz.3.5231/21377. [ 798.293501][ C1] [ 798.293501][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 798.302866][ C1] -> (tasklist_lock){.+.+}-{3:3} { [ 798.308236][ C1] HARDIRQ-ON-R at: [ 798.312458][ C1] lock_acquire+0x106/0x350 [ 798.319118][ C1] _raw_read_lock+0x36/0x50 [ 798.325780][ C1] __do_wait+0xde/0x740 [ 798.332089][ C1] do_wait+0x1e7/0x510 [ 798.338313][ C1] kernel_wait+0xd6/0x1c0 [ 798.344798][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 798.352846][ C1] process_scheduled_works+0xb5d/0x1860 [ 798.360739][ C1] worker_thread+0xa53/0xfc0 [ 798.367496][ C1] kthread+0x389/0x470 [ 798.373718][ C1] ret_from_fork+0x514/0xb70 [ 798.380461][ C1] ret_from_fork_asm+0x1a/0x30 [ 798.387377][ C1] SOFTIRQ-ON-R at: [ 798.391601][ C1] lock_acquire+0x106/0x350 [ 798.398254][ C1] _raw_read_lock+0x36/0x50 [ 798.404914][ C1] __do_wait+0xde/0x740 [ 798.411221][ C1] do_wait+0x1e7/0x510 [ 798.417439][ C1] kernel_wait+0xd6/0x1c0 [ 798.423918][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 798.431962][ C1] process_scheduled_works+0xb5d/0x1860 [ 798.439652][ C1] worker_thread+0xa53/0xfc0 [ 798.446391][ C1] kthread+0x389/0x470 [ 798.452617][ C1] ret_from_fork+0x514/0xb70 [ 798.459356][ C1] ret_from_fork_asm+0x1a/0x30 [ 798.466273][ C1] INITIAL USE at: [ 798.470403][ C1] lock_acquire+0x106/0x350 [ 798.476969][ C1] _raw_write_lock_irq+0x3d/0x50 [ 798.483972][ C1] copy_process+0x2b4c/0x4440 [ 798.490711][ C1] kernel_clone+0x2d7/0x940 [ 798.497276][ C1] user_mode_thread+0x110/0x180 [ 798.504191][ C1] rest_init+0x23/0x300 [ 798.510422][ C1] start_kernel+0x38a/0x3e0 [ 798.516986][ C1] x86_64_start_reservations+0x24/0x30 [ 798.524514][ C1] x86_64_start_kernel+0x143/0x1c0 [ 798.531688][ C1] common_startup_64+0x13e/0x147 [ 798.538689][ C1] INITIAL READ USE at: [ 798.543253][ C1] lock_acquire+0x106/0x350 [ 798.550251][ C1] _raw_read_lock+0x36/0x50 [ 798.557256][ C1] __do_wait+0xde/0x740 [ 798.563909][ C1] do_wait+0x1e7/0x510 [ 798.570475][ C1] kernel_wait+0xd6/0x1c0 [ 798.577300][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 798.585694][ C1] process_scheduled_works+0xb5d/0x1860 [ 798.593732][ C1] worker_thread+0xa53/0xfc0 [ 798.600816][ C1] kthread+0x389/0x470 [ 798.607380][ C1] ret_from_fork+0x514/0xb70 [ 798.614464][ C1] ret_from_fork_asm+0x1a/0x30 [ 798.621722][ C1] } [ 798.624460][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 798.632415][ C1] ... acquired at: [ 798.636452][ C1] _raw_read_lock+0x36/0x50 [ 798.641111][ C1] send_sigio+0x101/0x370 [ 798.645597][ C1] dnotify_handle_event+0x169/0x440 [ 798.650947][ C1] fsnotify+0x1831/0x1ae0 [ 798.655429][ C1] path_openat+0x15c2/0x3860 [ 798.660172][ C1] do_file_open+0x23e/0x4a0 [ 798.664828][ C1] do_sys_openat2+0x113/0x200 [ 798.669654][ C1] __ia32_compat_sys_openat+0x131/0x160 [ 798.675350][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 798.680700][ C1] do_fast_syscall_32+0x33/0x70 [ 798.685700][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 798.692181][ C1] [ 798.694482][ C1] -> (&f_owner->lock){...-}-{3:3} { [ 798.699843][ C1] IN-SOFTIRQ-R at: [ 798.703979][ C1] lock_acquire+0x106/0x350 [ 798.710477][ C1] _raw_read_lock_irqsave+0x48/0x60 [ 798.717664][ C1] send_sigurg+0x55/0x420 [ 798.723972][ C1] sk_send_sigurg+0x6c/0x2e0 [ 798.730538][ C1] tcp_check_urg+0x200/0x760 [ 798.737110][ C1] tcp_urg+0x15d/0x410 [ 798.743156][ C1] tcp_rcv_established+0xf7b/0x2800 [ 798.750329][ C1] tcp_v4_do_rcv+0x903/0x13c0 [ 798.756982][ C1] tcp_v4_rcv+0x264d/0x2fa0 [ 798.763462][ C1] ip_protocol_deliver_rcu+0x221/0x440 [ 798.770894][ C1] ip_local_deliver_finish+0x3bb/0x6f0 [ 798.778331][ C1] NF_HOOK+0x336/0x3c0 [ 798.784379][ C1] NF_HOOK+0x336/0x3c0 [ 798.790429][ C1] process_backlog+0xaa3/0x1950 [ 798.797258][ C1] __napi_poll+0xae/0x340 [ 798.803577][ C1] net_rx_action+0x627/0xf70 [ 798.810154][ C1] handle_softirqs+0x22a/0x840 [ 798.816888][ C1] do_softirq+0x76/0xd0 [ 798.823014][ C1] __local_bh_enable_ip+0xf8/0x130 [ 798.830097][ C1] sk_wait_data+0x20e/0x4d0 [ 798.836572][ C1] tcp_recvmsg_locked+0xe0a/0x3720 [ 798.843666][ C1] tcp_recvmsg+0x205/0x7e0 [ 798.850091][ C1] sock_recvmsg+0x155/0x1b0 [ 798.856567][ C1] __sys_recvfrom+0x240/0x3c0 [ 798.863218][ C1] __ia32_compat_sys_recvfrom+0xe4/0x100 [ 798.870828][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 798.878004][ C1] do_fast_syscall_32+0x33/0x70 [ 798.884832][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 798.893136][ C1] INITIAL USE at: [ 798.897179][ C1] lock_acquire+0x106/0x350 [ 798.903578][ C1] _raw_write_lock_irq+0x3d/0x50 [ 798.910442][ C1] __f_setown+0x67/0x370 [ 798.916578][ C1] fcntl_dirnotify+0x3f9/0x6a0 [ 798.923229][ C1] do_fcntl+0x77e/0x1a20 [ 798.929367][ C1] do_compat_fcntl64+0x51e/0x7e0 [ 798.936194][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 798.943281][ C1] do_fast_syscall_32+0x33/0x70 [ 798.950019][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 798.958235][ C1] INITIAL READ USE at: [ 798.962715][ C1] lock_acquire+0x106/0x350 [ 798.969545][ C1] _raw_read_lock_irqsave+0x48/0x60 [ 798.977072][ C1] send_sigio+0x38/0x370 [ 798.983643][ C1] dnotify_handle_event+0x169/0x440 [ 798.991161][ C1] fsnotify+0x1831/0x1ae0 [ 798.997814][ C1] path_openat+0x15c2/0x3860 [ 799.004732][ C1] do_file_open+0x23e/0x4a0 [ 799.011558][ C1] do_sys_openat2+0x113/0x200 [ 799.018563][ C1] __ia32_compat_sys_openat+0x131/0x160 [ 799.026446][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.033976][ C1] do_fast_syscall_32+0x33/0x70 [ 799.041188][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.049846][ C1] } [ 799.052497][ C1] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 799.061514][ C1] ... acquired at: [ 799.065469][ C1] _raw_read_lock_irqsave+0x48/0x60 [ 799.070902][ C1] send_sigio+0x38/0x370 [ 799.075310][ C1] kill_fasync+0x24d/0x4d0 [ 799.079885][ C1] lease_break_callback+0x26/0x30 [ 799.085169][ C1] __break_lease+0x81f/0x1ea0 [ 799.090003][ C1] do_dentry_open+0xf23/0x13a0 [ 799.094917][ C1] vfs_open+0x3b/0x340 [ 799.099136][ C1] path_openat+0x2e08/0x3860 [ 799.103880][ C1] do_file_open+0x23e/0x4a0 [ 799.108543][ C1] do_sys_openat2+0x113/0x200 [ 799.113372][ C1] __ia32_compat_sys_openat+0x131/0x160 [ 799.119070][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.124423][ C1] do_fast_syscall_32+0x33/0x70 [ 799.129430][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.135908][ C1] [ 799.138209][ C1] -> (&new->fa_lock){....}-{3:3} { [ 799.143393][ C1] INITIAL USE at: [ 799.147351][ C1] lock_acquire+0x106/0x350 [ 799.153573][ C1] _raw_write_lock_irq+0x3d/0x50 [ 799.160255][ C1] fasync_remove_entry+0xf1/0x1c0 [ 799.167001][ C1] sock_fasync+0x85/0xf0 [ 799.172959][ C1] __fput+0x890/0xa60 [ 799.178658][ C1] task_work_run+0x1d9/0x270 [ 799.184968][ C1] get_signal+0x11eb/0x1330 [ 799.191183][ C1] arch_do_signal_or_restart+0xbc/0x840 [ 799.198449][ C1] exit_to_user_mode_loop+0xa9/0x680 [ 799.205449][ C1] __do_fast_syscall_32+0x45b/0x6f0 [ 799.212361][ C1] do_fast_syscall_32+0x33/0x70 [ 799.218929][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.226972][ C1] INITIAL READ USE at: [ 799.231363][ C1] lock_acquire+0x106/0x350 [ 799.238017][ C1] _raw_read_lock_irqsave+0x48/0x60 [ 799.245369][ C1] kill_fasync+0x199/0x4d0 [ 799.251935][ C1] lease_break_callback+0x26/0x30 [ 799.259116][ C1] __break_lease+0x81f/0x1ea0 [ 799.265944][ C1] do_dentry_open+0xf23/0x13a0 [ 799.272857][ C1] vfs_open+0x3b/0x340 [ 799.279072][ C1] path_openat+0x2e08/0x3860 [ 799.285814][ C1] do_file_open+0x23e/0x4a0 [ 799.292466][ C1] do_sys_openat2+0x113/0x200 [ 799.299292][ C1] __ia32_compat_sys_openat+0x131/0x160 [ 799.306988][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.314335][ C1] do_fast_syscall_32+0x33/0x70 [ 799.321334][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.329810][ C1] } [ 799.332371][ C1] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 799.341114][ C1] ... acquired at: [ 799.344978][ C1] _raw_read_lock_irqsave+0x48/0x60 [ 799.350335][ C1] kill_fasync+0x199/0x4d0 [ 799.354907][ C1] mousedev_notify_readers+0x6f1/0xc00 [ 799.360525][ C1] mousedev_event+0x602/0x1320 [ 799.365441][ C1] input_handle_events_default+0xd4/0x1a0 [ 799.371311][ C1] input_pass_values+0x288/0x890 [ 799.376395][ C1] input_event_dispose+0x330/0x6b0 [ 799.381657][ C1] input_inject_event+0x1dc/0x330 [ 799.386830][ C1] evdev_write+0x325/0x4c0 [ 799.391397][ C1] vfs_write+0x29a/0xb90 [ 799.395793][ C1] ksys_write+0x150/0x270 [ 799.400276][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.405625][ C1] do_fast_syscall_32+0x33/0x70 [ 799.410623][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.417103][ C1] [ 799.419405][ C1] -> (&dev->event_lock#2){..-.}-{3:3} { [ 799.424942][ C1] IN-SOFTIRQ-W at: [ 799.428902][ C1] lock_acquire+0x106/0x350 [ 799.435035][ C1] _raw_spin_lock_irqsave+0x40/0x60 [ 799.441879][ C1] input_event+0x71/0xc0 [ 799.447748][ C1] hidinput_hid_event+0x13df/0x1ec0 [ 799.454578][ C1] hid_process_event+0x4be/0x620 [ 799.461151][ C1] hid_report_raw_event+0xed6/0x1850 [ 799.468065][ C1] __hid_input_report+0x45c/0x590 [ 799.474722][ C1] hid_irq_in+0x495/0x710 [ 799.480681][ C1] __usb_hcd_giveback_urb+0x376/0x540 [ 799.487679][ C1] dummy_timer+0xbc0/0x4650 [ 799.493834][ C1] __hrtimer_run_queues+0x3c0/0xa20 [ 799.500667][ C1] hrtimer_run_softirq+0x17a/0x240 [ 799.507411][ C1] handle_softirqs+0x22a/0x840 [ 799.513801][ C1] __irq_exit_rcu+0xca/0x220 [ 799.520020][ C1] irq_exit_rcu+0x9/0x30 [ 799.525889][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 799.533151][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 799.540755][ C1] finish_task_switch+0x427/0xbe0 [ 799.547411][ C1] __schedule+0x1829/0x5740 [ 799.553544][ C1] schedule+0x164/0x360 [ 799.559354][ C1] schedule_timeout+0xc3/0x2c0 [ 799.565748][ C1] unix_wait_for_peer+0x1f5/0x2f0 [ 799.572405][ C1] unix_dgram_sendmsg+0xb73/0x18d0 [ 799.579148][ C1] ____sys_sendmsg+0x972/0x9f0 [ 799.585541][ C1] ___sys_sendmsg+0x2a5/0x360 [ 799.591847][ C1] __sys_sendmmsg+0x2e7/0x4e0 [ 799.598148][ C1] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 799.605322][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.612144][ C1] do_fast_syscall_32+0x33/0x70 [ 799.618619][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.626574][ C1] INITIAL USE at: [ 799.630452][ C1] lock_acquire+0x106/0x350 [ 799.636497][ C1] _raw_spin_lock_irqsave+0x40/0x60 [ 799.643238][ C1] input_inject_event+0xa4/0x330 [ 799.649716][ C1] kbd_led_trigger_activate+0xbc/0x100 [ 799.656713][ C1] led_trigger_set+0x535/0x960 [ 799.663020][ C1] led_trigger_set_default+0x260/0x2a0 [ 799.670019][ C1] led_classdev_register_ext+0x787/0x9c0 [ 799.677194][ C1] input_leds_connect+0x517/0x790 [ 799.683766][ C1] input_register_device+0xce0/0x1140 [ 799.690716][ C1] atkbd_connect+0x71e/0xa10 [ 799.696846][ C1] serio_driver_probe+0x82/0xb0 [ 799.703239][ C1] really_probe+0x267/0xaf0 [ 799.709282][ C1] __driver_probe_device+0x1ef/0x380 [ 799.716109][ C1] driver_probe_device+0x4f/0x240 [ 799.722672][ C1] __driver_attach+0x34c/0x640 [ 799.728975][ C1] bus_for_each_dev+0x23b/0x2c0 [ 799.735369][ C1] serio_handle_event+0x1af/0xf80 [ 799.741930][ C1] process_scheduled_works+0xb5d/0x1860 [ 799.749014][ C1] worker_thread+0xa53/0xfc0 [ 799.755145][ C1] kthread+0x389/0x470 [ 799.760759][ C1] ret_from_fork+0x514/0xb70 [ 799.766887][ C1] ret_from_fork_asm+0x1a/0x30 [ 799.773193][ C1] } [ 799.775669][ C1] ... key at: [] input_allocate_device.__key.7+0x0/0x20 [ 799.784672][ C1] ... acquired at: [ 799.788449][ C1] mark_lock+0x115/0x190 [ 799.792846][ C1] __lock_acquire+0x689/0x2cf0 [ 799.797759][ C1] lock_acquire+0x106/0x350 [ 799.802409][ C1] _raw_spin_lock_irqsave+0x40/0x60 [ 799.807759][ C1] input_event+0x71/0xc0 [ 799.812153][ C1] hidinput_hid_event+0x13df/0x1ec0 [ 799.817510][ C1] hid_process_event+0x4be/0x620 [ 799.822596][ C1] hid_report_raw_event+0xed6/0x1850 [ 799.828035][ C1] __hid_input_report+0x45c/0x590 [ 799.833214][ C1] hid_irq_in+0x495/0x710 [ 799.837699][ C1] __usb_hcd_giveback_urb+0x376/0x540 [ 799.843222][ C1] dummy_timer+0xbc0/0x4650 [ 799.847879][ C1] __hrtimer_run_queues+0x3c0/0xa20 [ 799.853231][ C1] hrtimer_run_softirq+0x17a/0x240 [ 799.858495][ C1] handle_softirqs+0x22a/0x840 [ 799.863408][ C1] __irq_exit_rcu+0xca/0x220 [ 799.868146][ C1] irq_exit_rcu+0x9/0x30 [ 799.872537][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 799.878327][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 799.884460][ C1] finish_task_switch+0x427/0xbe0 [ 799.889639][ C1] __schedule+0x1829/0x5740 [ 799.894298][ C1] schedule+0x164/0x360 [ 799.898608][ C1] schedule_timeout+0xc3/0x2c0 [ 799.903522][ C1] unix_wait_for_peer+0x1f5/0x2f0 [ 799.908704][ C1] unix_dgram_sendmsg+0xb73/0x18d0 [ 799.913970][ C1] ____sys_sendmsg+0x972/0x9f0 [ 799.918882][ C1] ___sys_sendmsg+0x2a5/0x360 [ 799.923712][ C1] __sys_sendmmsg+0x2e7/0x4e0 [ 799.928562][ C1] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 799.934261][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.939609][ C1] do_fast_syscall_32+0x33/0x70 [ 799.944610][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.951095][ C1] [ 799.953395][ C1] [ 799.953395][ C1] stack backtrace: [ 799.959263][ C1] CPU: 1 UID: 0 PID: 21377 Comm: syz.3.5231 Tainted: G L syzkaller #0 PREEMPT(full) [ 799.959281][ C1] Tainted: [L]=SOFTLOCKUP [ 799.959286][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 799.959294][ C1] Call Trace: [ 799.959300][ C1] [ 799.959306][ C1] dump_stack_lvl+0xe8/0x150 [ 799.959320][ C1] print_irq_inversion_bug+0x1d2/0x1e0 [ 799.959336][ C1] mark_lock_irq+0x3d2/0x420 [ 799.959350][ C1] mark_lock+0x115/0x190 [ 799.959363][ C1] __lock_acquire+0x689/0x2cf0 [ 799.959378][ C1] ? lockdep_unlock+0x5d/0xd0 [ 799.959387][ C1] ? mark_lock+0x129/0x190 [ 799.959400][ C1] ? input_event+0x71/0xc0 [ 799.959414][ C1] lock_acquire+0x106/0x350 [ 799.959426][ C1] ? input_event+0x71/0xc0 [ 799.959440][ C1] ? __bfs+0x153/0x290 [ 799.959456][ C1] ? __pfx_usage_match+0x10/0x10 [ 799.959470][ C1] _raw_spin_lock_irqsave+0x40/0x60 [ 799.959487][ C1] ? input_event+0x71/0xc0 [ 799.959501][ C1] input_event+0x71/0xc0 [ 799.959515][ C1] hidinput_hid_event+0x13df/0x1ec0 [ 799.959531][ C1] ? __pfx_hidinput_hid_event+0x10/0x10 [ 799.959544][ C1] ? __wake_up_common_lock+0x190/0x1f0 [ 799.959562][ C1] hid_process_event+0x4be/0x620 [ 799.959574][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 799.959586][ C1] hid_report_raw_event+0xed6/0x1850 [ 799.959608][ C1] __hid_input_report+0x45c/0x590 [ 799.959625][ C1] ? ktime_get_mono_fast_ns+0x2d2/0x2f0 [ 799.959643][ C1] hid_irq_in+0x495/0x710 [ 799.959659][ C1] __usb_hcd_giveback_urb+0x376/0x540 [ 799.959673][ C1] dummy_timer+0xbc0/0x4650 [ 799.959703][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 799.959718][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 799.959734][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 799.959750][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 799.959768][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 799.959784][ C1] __hrtimer_run_queues+0x3c0/0xa20 [ 799.959803][ C1] hrtimer_run_softirq+0x17a/0x240 [ 799.959819][ C1] handle_softirqs+0x22a/0x840 [ 799.959831][ C1] ? __irq_exit_rcu+0xca/0x220 [ 799.959844][ C1] __irq_exit_rcu+0xca/0x220 [ 799.959855][ C1] irq_exit_rcu+0x9/0x30 [ 799.959865][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 799.959883][ C1] [ 799.959887][ C1] [ 799.959892][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 799.959905][ C1] RIP: 0010:finish_task_switch+0x427/0xbe0 [ 799.959924][ C1] Code: 41 c7 84 24 e0 0d 00 00 00 00 00 00 e9 27 06 00 00 49 83 c4 48 4c 89 e7 e8 46 2a 15 0a e8 b1 fd 38 00 fb 49 8d bd c8 16 00 00 <48> 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 7b 03 00 00 41 80 [ 799.959935][ C1] RSP: 0000:ffffc9000d5171d0 EFLAGS: 00000206 [ 799.959947][ C1] RAX: 00000000000036f9 RBX: 1ffff110170e778c RCX: 0000000080000001 [ 799.959956][ C1] RDX: 0000000000000000 RSI: ffffffff8dfa43ca RDI: ffff888068e1b5c8 [ 799.959964][ C1] RBP: ffffc9000d517230 R08: ffffffff90302af7 R09: 1ffffffff206055e [ 799.959972][ C1] R10: dffffc0000000000 R11: fffffbfff206055f R12: ffff8880b863aec8 [ 799.959981][ C1] R13: ffff888068e19f00 R14: ffff8880338d3e00 R15: dffffc0000000000 [ 799.959995][ C1] __schedule+0x1829/0x5740 [ 799.960018][ C1] ? __pfx___schedule+0x10/0x10 [ 799.960037][ C1] ? schedule+0x90/0x360 [ 799.960053][ C1] schedule+0x164/0x360 [ 799.960070][ C1] schedule_timeout+0xc3/0x2c0 [ 799.960085][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 799.960103][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 799.960119][ C1] unix_wait_for_peer+0x1f5/0x2f0 [ 799.960135][ C1] ? __pfx_unix_wait_for_peer+0x10/0x10 [ 799.960149][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 799.960165][ C1] ? apparmor_unix_may_send+0x2f5/0x340 [ 799.960182][ C1] unix_dgram_sendmsg+0xb73/0x18d0 [ 799.960202][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 799.960218][ C1] ? __import_iovec+0x40e/0x7e0 [ 799.960232][ C1] ? aa_sock_msg_perm+0xda/0x1b0 [ 799.960248][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 799.960264][ C1] ____sys_sendmsg+0x972/0x9f0 [ 799.960277][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 799.960288][ C1] ? kfree+0x4d/0x640 [ 799.960304][ C1] ___sys_sendmsg+0x2a5/0x360 [ 799.960315][ C1] ? __pfx____sys_sendmsg+0x10/0x10 [ 799.960326][ C1] ? do_user_addr_fault+0xbad/0x1340 [ 799.960341][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 799.960356][ C1] __sys_sendmmsg+0x2e7/0x4e0 [ 799.960368][ C1] ? __pfx___sys_sendmmsg+0x10/0x10 [ 799.960381][ C1] ? __pfx_do_futex+0x10/0x10 [ 799.960398][ C1] ? rcu_is_watching+0x15/0xb0 [ 799.960412][ C1] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 799.960425][ C1] __do_fast_syscall_32+0x23e/0x6f0 [ 799.960438][ C1] ? do_fast_syscall_32+0x33/0x70 [ 799.960454][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 799.960465][ C1] ? irqentry_exit+0x10f/0x8b0 [ 799.960475][ C1] ? trace_irq_disable+0x3b/0x140 [ 799.960493][ C1] do_fast_syscall_32+0x33/0x70 [ 799.960505][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 799.960518][ C1] RIP: 0023:0xf7f7601c [ 799.960529][ C1] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 799.960539][ C1] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 799.960550][ C1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800bd000 [ 799.960558][ C1] RDX: 0000000000000318 RSI: 0000000000000000 RDI: 0000000000000000 [ 799.960564][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 799.960571][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 799.960577][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 799.960588][ C1] [ 800.530851][T16795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 800.539138][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 800.551671][T13575] usb 1-1: USB disconnect, device number 113 [ 800.559395][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 800.568250][T13584] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 800.580339][ T5700] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.663957][ T149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.672184][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.903917][ T149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.912060][ T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.920175][ T5691] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.928267][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.937159][T13584] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog