last executing test programs: 7.998557764s ago: executing program 2 (id=3298): socket$netlink(0x10, 0x3, 0x400000000000004) (async) r0 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r0, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001200190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) (async) writev(r0, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001200190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) preadv(r1, &(0x7f00000010c0)=[{&(0x7f0000000380)=""/245, 0xf5}], 0x1, 0x40000004, 0x6) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_CLOSE={0x13, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0) prctl$PR_GET_TAGGED_ADDR_CTRL(0x38) read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r7 = fsopen(&(0x7f0000000140)='mqueue\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0xa) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r9, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800) recvmmsg(r10, &(0x7f0000004e80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/211, 0xd3}], 0x1}, 0x1}], 0x1, 0x140, 0x0) (async) recvmmsg(r10, &(0x7f0000004e80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/211, 0xd3}], 0x1}, 0x1}], 0x1, 0x140, 0x0) fchdir(r8) (async) fchdir(r8) ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x82307202, &(0x7f0000000480)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) fspick(r8, &(0x7f0000000080)='./file0\x00', 0x1) (async) fspick(r8, &(0x7f0000000080)='./file0\x00', 0x1) r11 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000100)={0x551, 0x300, 0x550, 0x40, 0xffc, 0x0, 0xd968d5b908ac0cde, 0x2, {0x0, 0x8}, {0x350, 0x0, 0x1}, {0xf4ef}, {0x0, 0x4, 0xffe}, 0x1, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2, 0x1, 0xb}) 7.917109361s ago: executing program 2 (id=3299): r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000340)=0x1c) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000380)="364bbad79c604494829e8adf5db1a49e5bc94015eb1e", 0x16}, {0x0}, {&(0x7f0000001ac0)}, {&(0x7f00000003c0)="fdc4", 0x2}, {0x0}, {&(0x7f0000001cc0)}], 0x6}, 0x4004000) pipe(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000eff900000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x4ffe2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_GETPDP(r5, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044000}, 0x0) r6 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d8100"], 0x0) syz_usb_ep_write$ath9k_ep2(r6, 0x83, 0x3b, &(0x7f0000000000)=ANY=[]) openat$ptp0(0xffffffffffffff9c, 0x0, 0x80, 0x0) 6.430462255s ago: executing program 2 (id=3313): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8}, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x54, 0x2, [@TCA_FW_ACT={0x50, 0x4, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3513, 0x6, 0xffffffffffffffff, 0xb6b9, 0x3}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x8}}]}, 0x88}, 0x1, 0x0, 0xf2ff000000000000, 0x80}, 0x24000880) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x3450, &(0x7f0000000080)) ioctl$TUNSETLINK(r1, 0x400454cd, 0x337) socket$nl_route(0x10, 0x3, 0x0) 5.248601045s ago: executing program 4 (id=3316): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000180)={0x1, 'ip6gre0\x00', {}, 0x60}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xb0000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800b00010065787468647200002c000280050002008300000008000340ff0000000800044000000001080006400000000208000140000000130900010073797a30000000000900020073797a32"], 0x94}}, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@hyper}) r3 = syz_open_dev$audion(&(0x7f0000000040), 0x80000000, 0x80000) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000100)={0x103, r0}, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x4, 0x2, 0x5e, 0x200000000000, 0x100000000000006, 0x0, 0x7}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/cpuinfo\x00', 0x0, 0x0) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r4, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2}) close_range(r3, 0xffffffffffffffff, 0x0) 4.9990856s ago: executing program 4 (id=3317): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="02030009100000002bbd7000000000000200080000000000fdfbffffff00000005000600000000000a004e2100000002fe80000000000000000000000000001dd9ffffff00000000020001000000000080ff00000000002005000500000000000a"], 0x80}, 0x1, 0x7}, 0x0) 4.876677151s ago: executing program 4 (id=3318): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000440)={{0xffbe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x12) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x2) ioctl$UI_DEV_CREATE(r2, 0x5501) ppoll(&(0x7f0000000300)=[{r2, 0x200}], 0x1, 0x0, 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0x2, 0x1, 0x7f5b, 0x3, 0x6, 0x2, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x3f, 0x0, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000201, 0x0, 0xfffffffd, 0x4, 0x4, 0xa, 0xa, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x9550, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x800, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x3ff, 0x1, 0x4, 0x8, 0x1, 0x7, 0x9, 0x6, 0x4, 0x5, 0xffffffff, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x9, 0x7c83, 0xd, 0x1, 0x2, 0xf, 0x3, 0x47, 0x7, 0x0, 0x11, 0x3, 0xdfd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x71c, 0x2], [0x81, 0x3, 0x10, 0x4e26, 0x2, 0x40, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc29, 0x9, 0x5, 0x5, 0x8000000a, 0x79a, 0x40, 0x40009, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1003, 0x10, 0xd, 0x6, 0x8000, 0x3ff, 0xf, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x100007, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) 4.360791519s ago: executing program 0 (id=3323): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8}, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x54, 0x2, [@TCA_FW_ACT={0x50, 0x4, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3513, 0x6, 0xffffffffffffffff, 0xb6b9, 0x3}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x8}}]}, 0x88}, 0x1, 0x0, 0xe4ffffffffffffff, 0x80}, 0x24000880) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x3450, &(0x7f0000000080)) ioctl$TUNSETLINK(r1, 0x400454cd, 0x337) socket$nl_route(0x10, 0x3, 0x0) 3.720686549s ago: executing program 2 (id=3325): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f00000000c0)="91b8a91fd3108691bbc4173c3d6f357d027273117b3d0f171ba4ac4703cad036e68907e50e9997", 0x27}, {&(0x7f0000001c00)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097385fb05cf8db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61210c410d799168ffc4b64677af924affd442035db81e18c2d2462d0bb25fff9d3b1ce903597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b25686866f6b53fe7e75cf6854284d501f8535", 0xe2}, {&(0x7f00000003c0)="641a6a2b863c0dd898", 0x9}, {&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd", 0xaa}], 0x4}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001d7545517fd18b5d29978f32a5b5c81755cb89cc0490958", 0x75}, {&(0x7f0000000740)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8d", 0x9d}, {&(0x7f0000000840)="8d684aa45f4b69499d707f3c8d114132fee1eafdcbbc5a16cb7b2841192b5779f99579e5c788b15b023df831028b9e6b5e9edd619e22626535212de5a998c5b793abdd7336cd8eb19e2fbd9a6ac2ca9c0f138ee10572672999ca4f51c09f9810459bad7e7bc28fc8890224dc01efcc276e62afe52450049cb6a165ce771a64b46f9b283ba8083e05c82291ed3bf4408b57142db3ae3da83206613704b856045dabb7e6e1ccf2a22b6d59b635ba3bc1f37bb759ce245877eba8aa82c0465c8d1bf7057ed0fcbdf5cf8d06bab48b66bcac445bc7", 0xd3}, {&(0x7f0000000a00)="a7c652df859ed2764e960e7f50a64153fba30cbb8e57f06f55dc0ae10dc21fcd48944b17170f070271208ec6eed721805abd1d46290d3fa170a218b0348a277697884eeb0682edd2e557fab3ea869c1920c576a12a3e669d3688abb7db23544f78", 0x61}, {&(0x7f00000021c0)="d317b0ddf805c029d66c50f61f6e1b90bd02c1c2e324ab02219e3cef175c99254ff1c10c27155c41bd5cee7a3663ed4a127c6c18ebb7a51008a0053ac96edeb5843d7b59b6c02532b26ca1c490d9b8113cbdbe99a123e3d5335c531c1c50b15be67220f38338a1e7c494acc2da3b410cf4cf7129cbb5faa24dd84e800249b234bdb2e91f3af98057ad0674eff7875169861ce6274b379522d411d3766aa7de767671efa60a1fb949feae7ec37efdfbcf1afd4d5cf86a0f9ae55644480d6a5e735b84303583d6c2534badb3981b5448037697faa59cc666dd9ac5c7d019b47f102d78fcc0f1b609fdc51fd8d0ff81d918cbd51e9215d34ed61bd9b1bdc7afd86dc924080a278f4a7c1031", 0x10a}], 0x5}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 3.62234663s ago: executing program 4 (id=3327): syz_emit_ethernet(0xae, &(0x7f0000000300)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, [{0x2, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1803"}, {0x0, 0x1, "7ebd1efffeefc01700000000"}, {0x1, 0x1, "fe906d26efe3"}]}}}}}}, 0x0) 3.184093208s ago: executing program 4 (id=3328): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x38, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB], 0x0) recvmmsg(r0, 0x0, 0x0, 0x40010142, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket(0x10, 0x803, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000180)={0x0, 0x47, 0xa}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x20000, {0xa, 0x40, 0x22, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x40}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x510}]}, 0x34}, 0x1, 0xfeffffffffffffff}, 0x0) 3.146553543s ago: executing program 2 (id=3329): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000040), &(0x7f00000010c0)=0x1) r1 = openat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x1180, 0x0, 0x15}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x44, r3, 0x1, 0x170bd2c, 0x8000, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x73}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x20}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}}, 0x20000000) add_key(&(0x7f0000000740)='rxrpc\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f00000007c0)="52b4fb53c217a5", 0x7, 0xfffffffffffffffc) ioctl$BLKPG(r1, 0x1269, &(0x7f0000000700)={0x2, 0x0, 0x98, &(0x7f0000000340)={0x21, 0x1a, 0x2}}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x101, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x64) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cbd7000fcdbdf254b0000000c00a70055000000000000000c00a700ffffff7f000000660800030003000000"], 0x34}, 0x1, 0x0, 0x0, 0x24040004}, 0x40085) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582", @ANYRESDEC], 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f00000001c0)=0x1, 0x4) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NFT_BATCH(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x4080) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7000fedbdf254f00000008000300", @ANYRES32=r8, @ANYBLOB="04007a802539b9f50a69b2541e6efe7adafa385f27727633c844b0e27b9b3cb9dffc62b0206ad54218e38038b26daa400cd7c12c4d36e08b8b1b4b6883232b99e407423c71e9256a2ccbe7208e83251b22d02566ce941b9abcdcd469cc91136d09df6a3752d91e966307b1c9bd78bd4848385f1ee574a46d21b2920c323dfff09cc239190ae98759eb3fd9186745dc27fac2313ef558b3ac495b3773ee03e7969e551cd5"], 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000080) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r9) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r10, 0x5, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r12, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r12, 0x540a, 0x0) r13 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r12, &(0x7f0000000040)={0x80000018}) ioctl$TCXONC(r12, 0x540a, 0x2) ioctl$TCXONC(r12, 0x540a, 0x1) 2.907010464s ago: executing program 4 (id=3330): syz_open_dev$sndctrl(&(0x7f0000000000), 0xa, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfaf8, 0x80, 0x2, 0x11a}, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) r4 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcfd0"], 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) io_uring_enter(r1, 0xdb4, 0xfffffffd, 0x0, 0x0, 0x0) 2.815442377s ago: executing program 1 (id=3331): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000004000a5012bbd700000000000047c00000400c2800c0001800600060608"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) 2.611180853s ago: executing program 0 (id=3332): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000140)=[@wrmsr={0x65, 0x20, {0x400000b3, 0xda74}}], 0x20}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x300]}}], 0xffc8) 2.609741053s ago: executing program 1 (id=3333): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000780)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x400c6313, {0x1, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.415036969s ago: executing program 1 (id=3334): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="8c00000010001fff28bd70000000800000000000", @ANYRES32=0x0, @ANYBLOB="efb00000800000006c0012800b00010062726964676500005c00028008000500010000000c002e"], 0x8c}, 0x1, 0x0, 0x0, 0x4000084}, 0x14) 2.414879431s ago: executing program 0 (id=3335): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}, 0x1, 0xff00}, 0x200400c0) 2.314616374s ago: executing program 0 (id=3336): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x402, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd090328000500300003006000000000286c0081e949b93897bc3b0000000000007d01ff020005000000000000000000000001"], 0xfdef) 2.295065547s ago: executing program 1 (id=3337): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x78, 0x0, 0x2, 0x807, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_NAT={0x5c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x58, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8512bafd7c26b124}, 0x8080) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280541914"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0x20008054) 2.115564434s ago: executing program 3 (id=3338): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, [0x8, 0x4, 0x4], [0x0, 0x2ee7, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}]}}]}, 0x8c}, 0x1, 0x7a00}, 0x0) 2.071859123s ago: executing program 3 (id=3339): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f00000000c0)="91b8a91fd3108691bbc4173c3d6f357d027273117b3d0f171ba4ac4703cad036e68907e50e9997cd", 0x28}, {&(0x7f0000001c00)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097385fb05cf8db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61210c410d799168ffc4b64677af924affd442035db81e18c2d2462d0bb25fff9d3b1ce903597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b25686866f6b53fe7e75cf6854284d501f8535", 0xe2}, {&(0x7f00000003c0)="641a6a2b863c0dd898", 0x9}, {&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd", 0xaa}], 0x4}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001d7545517fd18b5d29978f32a5b5c81755cb89cc0490958", 0x75}, {&(0x7f0000000740)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8d", 0x9d}, {&(0x7f0000000840)="8d684aa45f4b69499d707f3c8d114132fee1eafdcbbc5a16cb7b2841192b5779f99579e5c788b15b023df831028b9e6b5e9edd619e22626535212de5a998c5b793abdd7336cd8eb19e2fbd9a6ac2ca9c0f138ee10572672999ca4f51c09f9810459bad7e7bc28fc8890224dc01efcc276e62afe52450049cb6a165ce771a64b46f9b283ba8083e05c82291ed3bf4408b57142db3ae3da83206613704b856045dabb7e6e1ccf2a22b6d59b635ba3bc1f37bb759ce245877eba8aa82c0465c8d1bf7057ed0fcbdf5cf8d06bab48b66bcac445bc7", 0xd3}, {&(0x7f0000000a00)="a7c652df859ed2764e960e7f50a64153fba30cbb8e57f06f55dc0ae10dc21fcd48944b17170f070271208ec6eed721805abd1d46290d3fa170a218b0348a277697884eeb0682edd2e557fab3ea869c1920c576a12a3e669d3688abb7db23544f78", 0x61}, {&(0x7f00000021c0)="d317b0ddf805c029d66c50f61f6e1b90bd02c1c2e324ab02219e3cef175c99254ff1c10c27155c41bd5cee7a3663ed4a127c6c18ebb7a51008a0053ac96edeb5843d7b59b6c02532b26ca1c490d9b8113cbdbe99a123e3d5335c531c1c50b15be67220f38338a1e7c494acc2da3b410cf4cf7129cbb5faa24dd84e800249b234bdb2e91f3af98057ad0674eff7875169861ce6274b379522d411d3766aa7de767671efa60a1fb949feae7ec37efdfbcf1afd4d5cf86a0f9ae55644480d6a5e735b84303583d6c2534badb3981b5448037697faa59cc666dd9ac5c7d019b47f102d78fcc0f1b609fdc51fd8d0ff81d918cbd51e9215d34ed61bd9b1bdc7afd86dc924080a278f4a7c1031", 0x10a}], 0x5}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.966815342s ago: executing program 1 (id=3340): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x688200, 0x0) fchdir(r1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x40000101, 0x0, 0x327}]}) r5 = syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$setopts(0x4202, r5, 0xe96, 0x455b843fbdb64c65) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="001306000000ec19d02303f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x2, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) (async) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00') (async) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x688200, 0x0) (async) fchdir(r1) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) (async) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x40000101, 0x0, 0x327}]}) (async) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ptrace(0x10, r5) (async) ptrace$setopts(0x4202, r5, 0xe96, 0x455b843fbdb64c65) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="001306000000ec19d02303f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) 1.935379819s ago: executing program 3 (id=3341): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x3e, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffffff07000000400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x20004015}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a01010000000000f9ff000a0000090900020073797a31000000200900010073797a310000000014000380100000800c00018006000100582e000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4004850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000200500000a4000efff0c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c0001800600010050"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.889033114s ago: executing program 0 (id=3342): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000140)='cgroup2\x00', &(0x7f0000000180)='./file0\x00', 0xffffffffffffff9c) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = syz_open_dev$I2C(0x0, 0x1, 0x2603) ioctl$I2C_RDWR(r3, 0x707, &(0x7f00000001c0)={&(0x7f0000000180)=[{0x1, 0x8000, 0x0, &(0x7f0000000100)}], 0x1}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x87, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x2}, &(0x7f0000000480)="d4cb29088bb6b06485c008811a398374e70a7e0dbcc6d60900000000000000ad2519e12f086a340abea1ea5f19377e952977112af913e4fd8f89bced60ef0fec84f8ca53157d87d47a4f56cb7c6aca72ee298172458686bad36fe71e78866a7bc9c8a0deba8b3d04693f5eafbd342f83af3e6776d70bcb00000000000000000000007e000f2352b0748636de61afa0638d9b5b60438fcc921c85bccea801e8d1ba0077fde5c0b8a3c18c5cfc71fcea100f5a8f58b53f700f1a0d6c0ec4", 0xbd, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x11, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x100000001}}, 0x30) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000080)={0x84, @local, 0x15, 0x3, 'sh\x00', 0x28, 0x5, 0x13}, 0x2c) r5 = socket$kcm(0xa, 0x2, 0x0) r6 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4f23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f0000000000)={0x0, &(0x7f0000000140)}, 0x10) open(&(0x7f0000000140)='./bus\x00', 0x486c2, 0x1c0) r7 = inotify_init() inotify_add_watch(r7, &(0x7f0000000040)='.\x00', 0x449) setxattr$incfs_metadata(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) 1.7227122s ago: executing program 3 (id=3343): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x8000000000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}]}}) 1.589784231s ago: executing program 3 (id=3344): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4050000ffe0f505cb103f00100100006600000000800080950000000100000072c2f98cb7333011f1cf97f165ac0dc8c84c1ed04a84f6243cec3706bd2d671c2c28c7a0bd13871d815bbc06c2fa221f1a91d63e4bdbf3cbdd4ff4738d969857122ea180b8b25ad6c006c3e4e86dd319c92d683f6d593cb860187c7640045af58adcfc943a215f12b50493e62b5a127771fc659f39d1470e7d85"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x29, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 1.277378758s ago: executing program 3 (id=3345): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'veth0_to_team\x00', 0x400}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8}, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x54, 0x2, [@TCA_FW_ACT={0x50, 0x4, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3513, 0x6, 0xffffffffffffffff, 0xb6b9, 0x3}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x8}}]}, 0x88}, 0x1, 0x0, 0xffffffffffffffe4, 0x80}, 0x24000880) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x3450, &(0x7f0000000080)) ioctl$TUNSETLINK(r1, 0x400454cd, 0x337) socket$nl_route(0x10, 0x3, 0x0) 830.343274ms ago: executing program 1 (id=3346): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000440)={{0xffbe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x12) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x2) ioctl$UI_DEV_CREATE(r2, 0x5501) ppoll(&(0x7f0000000300)=[{r2, 0x200}], 0x1, 0x0, 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0x2, 0x1, 0x7f5b, 0x3, 0x6, 0x2, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x41, 0x0, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000201, 0x0, 0xfffffffd, 0x4, 0x4, 0xa, 0xa, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x9550, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x800, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x3ff, 0x1, 0x4, 0x8, 0x1, 0x7, 0x9, 0x6, 0x4, 0x5, 0xffffffff, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x9, 0x7c83, 0xd, 0x1, 0x2, 0xf, 0x3, 0x47, 0x7, 0x0, 0x11, 0x3, 0xdfd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x71c, 0x2], [0x81, 0x3, 0x10, 0x4e26, 0x2, 0x40, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc29, 0x9, 0x5, 0x5, 0x8000000a, 0x79a, 0x40, 0x40009, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1003, 0x10, 0xd, 0x6, 0x8000, 0x3ff, 0xf, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x100007, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) 202.895755ms ago: executing program 0 (id=3347): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000040)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x8, 0x0, 0x0}}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYRESHEX=r4, @ANYRESHEX=r2], 0x34}, 0x1, 0x0, 0x0, 0x24048011}, 0x8800) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@target_btf_id=r4}, 0x14) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, 0x0) r7 = syz_open_dev$vivid(&(0x7f0000000140), 0x0, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000380)={0x1}) r8 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x3, 0x1, 0x4de2, 0x1}) ioctl$BLKTRACETEARDOWN(r8, 0x1276, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000040)=0x3ff, 0x4) socket(0x80000000000000a, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 0s ago: executing program 2 (id=3348): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0d0000002a000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="4000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4048aec9, &(0x7f0000000080)={0x3, 0xffffffffffffffff, 0x3}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) sendfile(r3, r3, 0x0, 0x2) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f00000000c0)={0x0, 0x0, 0x0}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00') write$tcp_mem(r6, &(0x7f0000000100)={0xffffffffffffffff, 0x20, 0x7418, 0x20, 0x6e}, 0x48) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, r5, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x0, 0x0]}) kernel console output (not intermixed with test programs): attributes in process `syz.3.2771'. [ 584.755469][T14809] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 585.364061][T14820] netlink: 320 bytes leftover after parsing attributes in process `syz.2.2775'. [ 585.511340][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.600322][ T5929] i2c i2c-1: failure reading functionality [ 585.659151][ T5929] i2c i2c-1: connected i2c-tiny-usb device [ 585.717469][ T5929] usb 1-1: USB disconnect, device number 70 [ 586.217652][T14829] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2778'. [ 586.554993][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 586.563195][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 586.956960][ T43] usb 2-1: USB disconnect, device number 67 [ 587.609273][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 587.822502][T14855] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2788'. [ 587.936297][T14857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2790'. [ 587.946251][T14857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2790'. [ 588.036609][T14860] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2792'. [ 588.349908][ T5929] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 588.561285][ T5929] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 588.570087][ T5929] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 588.593155][ T5929] usb 2-1: config 0 has no interface number 0 [ 588.599402][ T5929] usb 2-1: config 0 interface 110 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 588.610215][ T5929] usb 2-1: config 0 interface 110 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 588.628418][ T5929] usb 2-1: config 0 interface 110 has no altsetting 0 [ 588.641859][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.650342][ T5929] usb 2-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 588.659411][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.663160][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.667996][ T5929] usb 2-1: Product: syz [ 588.677128][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.680362][ T5929] usb 2-1: Manufacturer: syz [ 588.696059][ T5929] usb 2-1: SerialNumber: syz [ 588.710800][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.725962][ T5929] usb 2-1: config 0 descriptor?? [ 588.762288][T14870] IPVS: set_ctl: invalid protocol: 59 172.20.20.20:20001 [ 588.792384][T14872] QAT: failed to copy from user cfg_data. [ 589.059844][T14878] binder: BINDER_SET_CONTEXT_MGR already set [ 589.066116][T14878] binder: 14859:14878 ioctl 4018620d 2000000002c0 returned -16 [ 589.118060][ T5929] cdc_subset 2-1:0.110: probe with driver cdc_subset failed with error -22 [ 589.473991][T14881] could not allocate digest TFM handle sha1-generic [ 589.600715][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 589.750051][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 589.918225][T14895] x_tables: duplicate underflow at hook 1 [ 590.300818][T14904] 8021q: adding VLAN 0 to HW filter on device team0 [ 590.308476][T14904] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 590.790966][T14917] fuse: Bad value for 'fd' [ 590.797755][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 591.361097][ T5929] usb 2-1: USB disconnect, device number 68 [ 591.504053][T14917] ipip0: entered promiscuous mode [ 591.509221][T14917] ipip0: entered allmulticast mode [ 591.584783][T14926] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2812'. [ 591.809048][T14928] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2813'. [ 591.832585][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 591.980766][T14932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2814'. [ 592.361838][T14941] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2815'. [ 592.371492][T14941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2815'. [ 592.462288][T14943] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2817'. [ 592.506471][T14943] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2817'. [ 592.663769][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.874241][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 593.125216][T14955] openvswitch: netlink: Key type 5126 is out of range max 32 [ 593.162760][T14956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'. [ 593.265693][T14956] openvswitch: netlink: Missing key (keys=40, expected=80) [ 593.473761][T14962] bond2: option mode: unable to set because the bond device has slaves [ 593.536561][T14962] bond2: (slave macvlan4): Error -98 calling set_mac_address [ 593.753884][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.620594][ T1316] net_ratelimit: 1 callbacks suppressed [ 594.620609][ T1316] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.635099][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.644031][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.947138][T14990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2832'. [ 595.064495][T14998] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2838'. [ 595.079027][T14997] x_tables: duplicate underflow at hook 1 [ 595.179937][ T5929] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 595.232003][ T5908] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 595.342867][ T5929] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 595.359037][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.381514][ T5929] usb 5-1: config 0 descriptor?? [ 595.403326][ T5908] usb 4-1: Using ep0 maxpacket: 32 [ 595.413143][ T5929] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 595.431947][ T5908] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 595.441343][ T5908] usb 4-1: config 0 has no interface number 0 [ 595.460000][ T5908] usb 4-1: config 0 interface 184 has no altsetting 0 [ 595.471351][ T5908] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 595.489837][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.509915][ T5908] usb 4-1: Product: syz [ 595.518615][ T5908] usb 4-1: Manufacturer: syz [ 595.524052][ T5908] usb 4-1: SerialNumber: syz [ 595.542822][ T5908] usb 4-1: config 0 descriptor?? [ 595.552066][ T5908] smsc75xx v1.0.0 [ 595.648795][ T5929] gspca_cpia1: usb_control_msg 03, error -71 [ 595.668052][ T5929] gspca_cpia1: usb_control_msg 01, error -71 [ 595.677609][ T5929] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 595.702938][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.724719][ T5929] usb 5-1: USB disconnect, device number 65 [ 596.492862][T15022] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 596.754994][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 596.790172][ T5929] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 596.879114][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 596.894084][T15025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 596.905130][T15025] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.930179][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 597.039996][ T5929] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 597.273347][ T5929] usb 3-1: Using ep0 maxpacket: 8 [ 597.340028][ T5929] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 597.349208][ T5929] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 597.386195][ T5929] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 597.459095][ T5929] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 597.493598][ T5929] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 597.573649][ T5929] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 597.626394][ T5929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.835529][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.958621][T15065] fuse: Bad value for 'fd' [ 598.190417][ T5929] usb 3-1: GET_CAPABILITIES returned 0 [ 598.206644][ T5929] usbtmc 3-1:16.0: can't read capabilities [ 598.315666][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 598.411121][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 598.458552][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 598.488843][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 598.527058][ T5908] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 598.564660][ T5908] usb 4-1: USB disconnect, device number 68 [ 598.853664][T15070] __nla_validate_parse: 3 callbacks suppressed [ 598.853685][T15070] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2859'. [ 598.878675][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 599.132433][ T43] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 599.540022][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 599.566668][ T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 599.593134][ T43] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 599.603940][ T43] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 599.612681][T15087] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2863'. [ 599.622443][ T43] usb 1-1: Product: syz [ 599.649719][ T43] usb 1-1: Manufacturer: syz [ 599.664466][ T43] usb 1-1: SerialNumber: syz [ 599.850869][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 599.916075][ T5946] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 600.027451][ T43] usb 1-1: Handspring Visor / Palm OS: No valid connect info available [ 600.066526][ T43] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 600.084757][ T43] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 600.101849][ T43] usb 1-1: Handspring Visor / Palm OS: Number of ports: 2 [ 600.145467][ T5946] usb 3-1: USB disconnect, device number 61 [ 600.548560][ T43] usb 1-1: palm_os_3_probe - error -110 getting bytes available request [ 600.743337][ T43] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 600.855374][ T43] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 600.953311][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 600.961995][ T43] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 601.077216][ T10] usb 1-1: USB disconnect, device number 71 [ 601.086876][ T10] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 601.132973][ T10] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 601.212041][ T10] visor 1-1:1.0: device disconnected [ 601.458467][T15115] FAULT_INJECTION: forcing a failure. [ 601.458467][T15115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.510769][T15115] CPU: 0 UID: 0 PID: 15115 Comm: syz.1.2873 Tainted: G L syzkaller #0 PREEMPT(full) [ 601.510800][T15115] Tainted: [L]=SOFTLOCKUP [ 601.510807][T15115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 601.510819][T15115] Call Trace: [ 601.510827][T15115] [ 601.510835][T15115] dump_stack_lvl+0xe8/0x150 [ 601.510865][T15115] should_fail_ex+0x412/0x560 [ 601.510892][T15115] _copy_to_user+0x31/0xb0 [ 601.510921][T15115] simple_read_from_buffer+0xe1/0x170 [ 601.510946][T15115] proc_fail_nth_read+0x1bb/0x230 [ 601.510976][T15115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.511006][T15115] ? rw_verify_area+0x2a6/0x4d0 [ 601.511031][T15115] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.511058][T15115] vfs_read+0x20c/0xa70 [ 601.511082][T15115] ? fdget_pos+0x246/0x320 [ 601.511107][T15115] ? __pfx___mutex_lock+0x10/0x10 [ 601.511129][T15115] ? __pfx_vfs_read+0x10/0x10 [ 601.511155][T15115] ? __fget_files+0x2a/0x420 [ 601.511179][T15115] ? __fget_files+0x3a0/0x420 [ 601.511198][T15115] ? __fget_files+0x2a/0x420 [ 601.511225][T15115] ksys_read+0x150/0x270 [ 601.511253][T15115] ? __pfx_ksys_read+0x10/0x10 [ 601.511276][T15115] ? fput+0xa0/0xd0 [ 601.511307][T15115] do_syscall_64+0xe2/0xf80 [ 601.511325][T15115] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.511343][T15115] ? trace_irq_disable+0x37/0x100 [ 601.511359][T15115] ? clear_bhb_loop+0x60/0xb0 [ 601.511382][T15115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.511399][T15115] RIP: 0033:0x7fb5e555b78e [ 601.511416][T15115] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 601.511431][T15115] RSP: 002b:00007fb5e652dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 601.511452][T15115] RAX: ffffffffffffffda RBX: 00007fb5e652e6c0 RCX: 00007fb5e555b78e [ 601.511465][T15115] RDX: 000000000000000f RSI: 00007fb5e652e0a0 RDI: 0000000000000004 [ 601.511476][T15115] RBP: 00007fb5e652e090 R08: 0000000000000000 R09: 0000000000000000 [ 601.511488][T15115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.511499][T15115] R13: 00007fb5e5816038 R14: 00007fb5e5815fa0 R15: 00007fb5e593fa48 [ 601.511529][T15115] [ 602.001440][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.004407][T15120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2874'. [ 602.219718][ T5917] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 602.349927][ T5908] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 602.380954][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 602.399333][ T5917] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 602.429411][ T5917] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 602.451299][ T5917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 602.475889][ T5917] usb 1-1: config 1 has no interface number 0 [ 602.475934][ T5917] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 602.494659][ T5917] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 602.494710][ T5917] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 602.494735][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.506368][ T5917] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 602.521426][ T5908] usb 2-1: Using ep0 maxpacket: 32 [ 602.524464][ T5908] usb 2-1: unable to get BOS descriptor or descriptor too short [ 602.526206][ T5908] usb 2-1: config 128 has an invalid interface number: 127 but max is 3 [ 602.526231][ T5908] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 602.526249][ T5908] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 602.526271][ T5908] usb 2-1: config 128 has no interface number 0 [ 602.526315][ T5908] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 602.526341][ T5908] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 602.526364][ T5908] usb 2-1: config 128 interface 127 has no altsetting 0 [ 602.540086][ T5908] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 602.540114][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.540151][ T5908] usb 2-1: Product: syz [ 602.540177][ T5908] usb 2-1: Manufacturer: syz [ 602.540192][ T5908] usb 2-1: SerialNumber: syz [ 602.831720][ T5908] usb 2-1: USB disconnect, device number 69 [ 602.874084][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.913612][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 603.036255][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.214468][T15139] x_tables: duplicate underflow at hook 1 [ 603.349104][T15141] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2885'. [ 603.518042][T15146] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2887'. [ 603.552428][T15146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2887'. [ 603.563844][T15148] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2888'. [ 603.592179][T15148] batadv0: entered promiscuous mode [ 603.608098][T15148] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 603.638701][T15148] batadv0: left promiscuous mode [ 603.793224][T15153] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 603.800958][T15153] IPv6: NLM_F_CREATE should be set when creating new route [ 603.808918][T15152] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 603.818842][T15152] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 603.827170][T15153] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 604.075790][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 604.262077][T15164] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2895'. [ 604.490131][T15175] input: syz1 as /devices/virtual/input/input36 [ 604.975251][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 604.987341][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 604.996334][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 605.005570][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 605.013490][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 605.035756][ T5146] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 605.044061][ T5146] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 605.054730][ T5146] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 605.064062][ T5146] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 605.072593][ T5146] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 605.120696][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.239738][ T5917] snd_usb_pod 1-1:1.1: set_interface failed [ 605.283933][ T5917] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 605.314618][ T5917] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 605.333226][T15182] loop5: detected capacity change from 0 to 7 [ 605.345251][ T5829] Dev loop5: unable to read RDB block 7 [ 605.348947][ T5917] usb 1-1: USB disconnect, device number 72 [ 605.371579][ T5829] loop5: unable to read partition table [ 605.391478][ T5829] loop5: partition table beyond EOD, truncated [ 605.412652][T15182] Dev loop5: unable to read RDB block 7 [ 605.432208][T15182] loop5: unable to read partition table [ 605.454244][T15182] loop5: partition table beyond EOD, truncated [ 605.489785][T15182] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 605.651562][T15192] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2902'. [ 605.746050][T15194] netlink: 'syz.0.2905': attribute type 6 has an invalid length. [ 605.918387][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.974824][T15199] binder: BINDER_SET_CONTEXT_MGR already set [ 605.983538][T15199] binder: 15198:15199 ioctl 4018620d 2000000002c0 returned -16 [ 606.075784][T15192] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2902'. [ 606.094105][T15192] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2902'. [ 606.104722][T15192] loop6: detected capacity change from 0 to 524288000 [ 606.158270][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.565037][T15180] chnl_net:caif_netlink_parms(): no params data found [ 607.072308][T15215] bond0: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 607.131666][T15215] bond0 (unregistering): Released all slaves [ 607.189959][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.198437][ T5146] Bluetooth: hci5: command tx timeout [ 607.405314][T15180] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.412744][T15180] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.420345][T15180] bridge_slave_0: entered allmulticast mode [ 607.431381][T15180] bridge_slave_0: entered promiscuous mode [ 607.445398][T15180] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.452709][T15180] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.460183][T15180] bridge_slave_1: entered allmulticast mode [ 607.467819][T15180] bridge_slave_1: entered promiscuous mode [ 607.489707][ T5929] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 607.577043][T15180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.594745][T15180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 607.660789][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 607.665683][T15180] team0: Port device team_slave_0 added [ 607.682048][ T5929] usb 3-1: unable to get BOS descriptor or descriptor too short [ 607.693602][T15234] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2916'. [ 607.706311][ T5929] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 607.717901][T15180] team0: Port device team_slave_1 added [ 607.721335][ T5929] usb 3-1: can't read configurations, error -22 [ 607.815310][T15180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 607.824273][T15180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 607.850898][T15180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 607.865258][T15180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 607.872772][ T5929] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 607.874101][T15180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 607.907621][T15180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 608.008882][T15180] hsr_slave_0: entered promiscuous mode [ 608.014977][T15245] input: syz0 as /devices/virtual/input/input37 [ 608.022090][T15180] hsr_slave_1: entered promiscuous mode [ 608.028815][T15180] debugfs: 'hsr0' already exists in 'hsr' [ 608.036291][T15180] Cannot create hsr debugfs directory [ 608.071178][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 608.091252][ T5929] usb 3-1: unable to get BOS descriptor or descriptor too short [ 608.102610][ T5929] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 608.130009][ T5929] usb 3-1: can't read configurations, error -22 [ 608.138629][ T5929] usb usb3-port1: attempt power cycle [ 608.210339][ T43] usb 4-1: new low-speed USB device number 69 using dummy_hcd [ 608.231511][ T5917] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 608.330516][ T30] audit: type=1326 audit(1770232823.742:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.4.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba8439aeb9 code=0x7ffc0000 [ 608.353777][ T30] audit: type=1326 audit(1770232823.742:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.4.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba8439aeb9 code=0x7ffc0000 [ 608.381776][ T43] usb 4-1: Invalid ep0 maxpacket: 16 [ 608.388764][ T30] audit: type=1326 audit(1770232823.782:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.4.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fba8439aeb9 code=0x7ffc0000 [ 608.433911][T15253] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2923'. [ 608.457254][T15180] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.490099][ T5929] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 608.510311][ T43] usb 4-1: new low-speed USB device number 70 using dummy_hcd [ 608.521328][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 608.530211][ T5929] usb 3-1: unable to get BOS descriptor or descriptor too short [ 608.539457][ T5929] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 608.549123][ T5929] usb 3-1: can't read configurations, error -22 [ 608.586504][T15180] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.678709][T15180] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.689757][ T5929] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 608.690295][ T43] usb 4-1: Invalid ep0 maxpacket: 16 [ 608.706378][ T43] usb usb4-port1: attempt power cycle [ 608.728856][ T30] audit: type=1326 audit(1770232824.132:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.4.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba8439aeb9 code=0x7ffc0000 [ 608.731434][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 608.757198][ T30] audit: type=1326 audit(1770232824.162:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15251 comm="syz.4.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba8439aeb9 code=0x7ffc0000 [ 608.835043][T15180] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.889896][ T5929] usb 3-1: unable to get BOS descriptor or descriptor too short [ 608.907817][ T5929] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 608.926841][ T5929] usb 3-1: can't read configurations, error -22 [ 608.949926][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 608.990376][ T5929] usb usb3-port1: unable to enumerate USB device [ 609.050023][ T43] usb 4-1: new low-speed USB device number 71 using dummy_hcd [ 609.080846][ T43] usb 4-1: Invalid ep0 maxpacket: 16 [ 609.158700][T15260] bond0: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 609.239765][ T43] usb 4-1: new low-speed USB device number 72 using dummy_hcd [ 609.266711][T15260] bond0 (unregistering): Released all slaves [ 609.273003][ T5146] Bluetooth: hci5: command tx timeout [ 609.278677][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.291440][ T43] usb 4-1: Invalid ep0 maxpacket: 16 [ 609.297998][ T43] usb usb4-port1: unable to enumerate USB device [ 609.482343][T15270] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 609.654944][T15180] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 609.673085][T15180] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 609.703307][T15180] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 609.728980][T15180] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 609.944658][T15180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 610.016557][T15180] 8021q: adding VLAN 0 to HW filter on device team0 [ 610.086406][ T6003] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.093695][ T6003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.209126][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.216368][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 610.321179][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.333630][T15180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 610.399147][T15180] veth0_vlan: entered promiscuous mode [ 610.411368][ T5917] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 610.427205][T15180] veth1_vlan: entered promiscuous mode [ 610.469472][T15180] veth0_macvtap: entered promiscuous mode [ 610.488443][T15180] veth1_macvtap: entered promiscuous mode [ 610.518200][T15180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 610.537734][T15180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 610.567819][ T5997] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.586668][ T5997] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.596578][ T5917] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 610.607453][ T5917] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 610.628028][ T5997] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.639293][ T5917] usb 5-1: config 1 interface 0 has no altsetting 0 [ 610.663237][ T5917] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 610.691084][ T5997] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.700286][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.708438][ T5917] usb 5-1: Product: syz [ 610.713978][ T5917] usb 5-1: Manufacturer: syz [ 610.725048][ T5917] usb 5-1: SerialNumber: syz [ 610.744904][T15287] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 610.768044][T15287] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 610.817354][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.830488][T15292] syzkaller1: entered promiscuous mode [ 610.836011][T15292] syzkaller1: entered allmulticast mode [ 610.840064][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.857298][T15291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.880495][T15291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.907913][ T5997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.917201][ T5997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 611.053214][T15296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2899'. [ 611.064641][T15296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2899'. [ 611.093337][ T5908] usb 3-1: new full-speed USB device number 66 using dummy_hcd [ 611.141547][T15294] loop6: detected capacity change from 0 to 7 [ 611.152749][T15294] Dev loop6: unable to read RDB block 7 [ 611.159560][T15294] loop6: unable to read partition table [ 611.181767][T15294] loop6: partition table beyond EOD, truncated [ 611.188030][T15294] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 611.252514][ T5908] usb 3-1: config 6 has an invalid interface number: 4 but max is 0 [ 611.283815][ T5908] usb 3-1: config 6 has no interface number 0 [ 611.313210][ T5908] usb 3-1: config 6 interface 4 has no altsetting 0 [ 611.335342][ T5908] usb 3-1: New USB device found, idVendor=16d8, idProduct=7003, bcdDevice=d0.3e [ 611.349682][ T5146] Bluetooth: hci5: command tx timeout [ 611.359850][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.390211][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.409141][ T5908] usb 3-1: Product: syz [ 611.415453][ T5908] usb 3-1: Manufacturer: syz [ 611.470245][ T5908] usb 3-1: SerialNumber: syz [ 611.759915][ T5908] usb 3-1: USB disconnect, device number 66 [ 611.779760][ T43] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 611.954302][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 611.966683][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 611.981981][ T43] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 611.994224][ T43] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 612.000480][ T9] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 612.012929][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.025223][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.039390][ T43] usb 2-1: config 0 descriptor?? [ 612.415091][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.427294][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 612.487965][ T9] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 612.509954][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 612.532205][ T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 612.548184][ T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 612.580950][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 612.615858][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 612.643593][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 612.672932][ T9] usb 4-1: SerialNumber: syz [ 612.793856][T15312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 612.816582][T15312] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 612.860272][ T9] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 612.900124][ T10] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 613.047272][ T9] cdc_acm 4-1:1.0: ttyACM0: USB ACM device [ 613.059765][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 613.068550][ T10] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 613.091566][ T9] usb 4-1: USB disconnect, device number 73 [ 613.097579][ T10] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x59, changing to 0x9 [ 613.177620][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 613.219494][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 613.251329][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 613.262529][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.271181][ T10] usb 3-1: Product: syz [ 613.282271][ T10] usb 3-1: Manufacturer: syz [ 613.286950][ T10] usb 3-1: SerialNumber: syz [ 613.361310][T15317] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 613.373278][ T10] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 613.387258][ T10] usbtest 3-1:1.0: Linux user mode ISO test driver [ 613.398614][ T10] usbtest 3-1:1.0: high-speed {control bulk-in iso-out} tests (+alt) [ 613.429755][ T5146] Bluetooth: hci5: command tx timeout [ 613.430535][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.659467][T15325] x_tables: duplicate underflow at hook 1 [ 613.844075][ T5917] rtl8150 5-1:1.0: couldn't reset the device [ 613.880408][ T5917] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5 [ 613.935559][ T5917] usb 5-1: USB disconnect, device number 66 [ 614.456050][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 614.467037][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 614.474376][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.488004][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 614.498433][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 614.508051][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 614.560510][ T9] usb 2-1: USB disconnect, device number 70 [ 614.680514][T15339] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 614.945722][T15336] chnl_net:caif_netlink_parms(): no params data found [ 614.989132][T15347] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 615.035220][ T79] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.133318][ T79] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.232244][ T79] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.284831][T15336] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.293955][T15336] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.302780][T15336] bridge_slave_0: entered allmulticast mode [ 615.312273][T15336] bridge_slave_0: entered promiscuous mode [ 615.365372][ T79] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.397016][T15336] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.410241][T15336] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.417593][T15336] bridge_slave_1: entered allmulticast mode [ 615.426239][T15336] bridge_slave_1: entered promiscuous mode [ 615.558271][T15336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 615.584058][T15336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.613852][ T43] usb 3-1: USB disconnect, device number 67 [ 615.889244][T15360] xt_CT: No such helper "pptp" [ 615.915582][T15336] team0: Port device team_slave_0 added [ 615.981112][T15336] team0: Port device team_slave_1 added [ 616.070396][T15336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 616.087750][T15336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 616.169900][ T10] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 616.263359][T15336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 616.454575][ T10] usb 5-1: config 0 has an invalid descriptor of length 232, skipping remainder of the config [ 616.493005][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=67.3e [ 616.525953][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.556242][ T5838] Bluetooth: hci2: command tx timeout [ 616.564400][ T10] usb 5-1: Product: syz [ 616.581581][ T10] usb 5-1: Manufacturer: syz [ 616.601424][ T10] usb 5-1: SerialNumber: syz [ 616.634578][ T10] usb 5-1: config 0 descriptor?? [ 616.683038][ T10] port100 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 617.009796][T15360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.022029][T15360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.262774][T15419] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2955'. [ 617.336846][T15419] netlink: 'syz.0.2955': attribute type 3 has an invalid length. [ 618.050913][T15433] x_tables: duplicate underflow at hook 1 [ 618.343984][ T79] bond2 (unregistering): (slave macvlan2): Releasing backup interface [ 618.366586][ T79] bond0 (unregistering): Released all slaves [ 618.378105][ T79] bond1 (unregistering): Released all slaves [ 618.389874][ T9] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 618.493821][ T79] bond2 (unregistering): Released all slaves [ 618.514215][T15336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.521426][T15336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 618.550279][T15336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.576287][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 618.601756][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 618.630923][ T5838] Bluetooth: hci2: command tx timeout [ 618.650663][ T30] audit: type=1326 audit(1770232834.052:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15440 comm="syz.0.2960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6e419aeb9 code=0x0 [ 618.696910][ T10] usb 5-1: USB disconnect, device number 67 [ 618.717261][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 618.732921][ T79] tipc: Disabling bearer [ 618.750190][ T79] tipc: Left network mode [ 618.789697][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 618.818089][T15336] hsr_slave_0: entered promiscuous mode [ 618.837285][T15336] hsr_slave_1: entered promiscuous mode [ 618.847157][ T9] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 618.859458][T15336] debugfs: 'hsr0' already exists in 'hsr' [ 618.865901][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.874188][T15336] Cannot create hsr debugfs directory [ 618.887940][ T9] usb 3-1: config 0 descriptor?? [ 618.982914][T15481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2961'. [ 619.040008][T15481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2961'. [ 619.395956][T15553] netlink: 'syz.0.2964': attribute type 3 has an invalid length. [ 619.406905][T15552] netlink: 'syz.0.2964': attribute type 3 has an invalid length. [ 619.427992][ T9] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0019/input/input38 [ 619.648020][ T79] hsr_slave_0: left promiscuous mode [ 619.681705][ T79] hsr_slave_1: left promiscuous mode [ 619.763121][ T9] microsoft 0003:045E:07DA.0019: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 619.982475][ T79] veth1_macvtap: left promiscuous mode [ 620.008426][ T79] veth0_macvtap: left promiscuous mode [ 620.018704][ T79] veth1_vlan: left promiscuous mode [ 620.034362][ T79] veth0_vlan: left promiscuous mode [ 620.711022][ T5838] Bluetooth: hci2: command tx timeout [ 620.720535][ T10] usb 3-1: reset high-speed USB device number 68 using dummy_hcd [ 620.965893][ T79] pim6reg (unregistering): left allmulticast mode [ 622.799776][ T5838] Bluetooth: hci2: command tx timeout [ 623.099730][ T5911] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 623.125817][T15659] random: crng reseeded on system resumption [ 623.319746][ T5911] usb 2-1: Using ep0 maxpacket: 8 [ 623.339551][ T5911] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 623.356069][ T5911] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 623.389354][ T5911] usb 2-1: config 179 has no interface number 0 [ 623.396027][ T5911] usb 2-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 623.426017][ T5911] usb 2-1: config 179 interface 65 has no altsetting 0 [ 623.435758][ T5911] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 623.494215][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.913041][ T5911] usb 5-1: new low-speed USB device number 68 using dummy_hcd [ 624.155080][ T5911] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 624.170915][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 624.190933][ T5911] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 624.304765][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 624.322400][ T5929] usb 2-1: USB disconnect, device number 71 [ 624.371857][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 624.411202][ T5911] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 624.418656][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 624.477846][ T5911] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 624.513083][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 624.530761][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 624.616838][ T5911] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 624.646366][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 624.671649][ T5911] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 624.702053][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 624.728769][ T5911] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 624.770277][ T5911] usb 5-1: string descriptor 0 read error: -22 [ 624.793482][ T5911] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 624.814932][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.864793][ T5911] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 624.973182][T15688] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2976'. [ 625.205327][ T30] audit: type=1326 audit(1770232840.592:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15663 comm="syz.4.2975" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba8439aeb9 code=0x0 [ 625.286186][T15691] netlink: 'syz.1.2977': attribute type 10 has an invalid length. [ 625.588120][T15694] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 625.666263][T15694] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.675566][T15694] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.702447][ T9] usb 3-1: USB disconnect, device number 68 [ 625.775478][T15691] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.782798][T15691] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.790417][T15691] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.797584][T15691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.842102][T15691] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 625.858825][ T1330] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.924445][ T1330] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.982436][ T1330] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.665195][ T24] usb 5-1: USB disconnect, device number 68 [ 626.698663][ T79] IPVS: stop unused estimator thread 0... [ 626.845457][T15336] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 626.974588][T15336] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 627.004720][T15767] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 627.011515][T15767] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 627.028894][T15336] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 627.076191][T15336] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 627.149543][T15767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 627.156376][T15767] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 628.259931][ T5911] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 628.371878][T15336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.419772][ T5911] usb 5-1: Using ep0 maxpacket: 8 [ 628.442514][ T5911] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 628.471778][ T5911] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 628.489339][T15336] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.530510][ T5911] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 628.575533][ T5911] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 628.629946][ T8719] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.637106][ T8719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.645230][ T5911] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 628.731409][ T8719] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.738554][ T8719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.786648][ T5911] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 628.849706][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.176283][T15336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 629.212566][ T5911] usb 5-1: GET_CAPABILITIES returned 0 [ 629.218208][ T5911] usbtmc 5-1:16.0: can't read capabilities [ 629.270009][T15836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2987'. [ 629.401124][T15336] veth0_vlan: entered promiscuous mode [ 629.557997][T15336] veth1_vlan: entered promiscuous mode [ 629.610578][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.618178][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.786077][T15336] veth0_macvtap: entered promiscuous mode [ 629.815569][T15336] veth1_macvtap: entered promiscuous mode [ 629.872951][T15336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 629.909308][T15336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 629.955921][ T6003] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.978609][ T6003] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.024429][ T6003] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.043120][ T6003] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 630.213905][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 630.223692][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 630.317782][ T8719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 630.325954][ T8719] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 630.594001][T15874] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 630.633851][T15874] bond1 (unregistering): Released all slaves [ 631.345229][ T24] usb 5-1: USB disconnect, device number 69 [ 631.804948][T15980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2997'. [ 631.938745][ T5146] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 631.984938][ T5146] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 631.997279][ T5146] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 632.010875][ T5146] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 632.019894][ T5146] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 632.918384][ T5917] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 633.013361][T16077] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 633.072779][ T5917] usb 3-1: device descriptor read/64, error -71 [ 633.100041][T15999] chnl_net:caif_netlink_parms(): no params data found [ 633.160223][T16088] FAULT_INJECTION: forcing a failure. [ 633.160223][T16088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 633.203715][T16088] CPU: 0 UID: 0 PID: 16088 Comm: syz.3.3006 Tainted: G L syzkaller #0 PREEMPT(full) [ 633.203745][T16088] Tainted: [L]=SOFTLOCKUP [ 633.203752][T16088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 633.203763][T16088] Call Trace: [ 633.203771][T16088] [ 633.203780][T16088] dump_stack_lvl+0xe8/0x150 [ 633.203807][T16088] should_fail_ex+0x412/0x560 [ 633.203834][T16088] _copy_from_iter+0x1d3/0x1670 [ 633.203858][T16088] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 633.203887][T16088] ? __pfx_policy_nodemask+0x10/0x10 [ 633.203910][T16088] ? __pfx__copy_from_iter+0x10/0x10 [ 633.203940][T16088] ? set_page_refcounted+0xa0/0x1e0 [ 633.203961][T16088] ? page_copy_sane+0x4e/0x270 [ 633.203986][T16088] copy_page_from_iter+0xdd/0x170 [ 633.204015][T16088] tun_get_user+0x1d4b/0x3dd0 [ 633.204033][T16088] ? tun_get_user+0x6ff/0x3dd0 [ 633.204065][T16088] ? aa_file_perm+0x440/0x1630 [ 633.204089][T16088] ? __pfx_tun_get_user+0x10/0x10 [ 633.204108][T16088] ? __lock_acquire+0x6b5/0x2cf0 [ 633.204144][T16088] ? ref_tracker_alloc+0x363/0x4d0 [ 633.204169][T16088] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 633.204193][T16088] ? tun_get+0x1c/0x2f0 [ 633.204211][T16088] ? tun_get+0x1c/0x2f0 [ 633.204233][T16088] ? tun_get+0x1c/0x2f0 [ 633.204250][T16088] ? tun_get+0x1c/0x2f0 [ 633.204272][T16088] tun_chr_write_iter+0x113/0x200 [ 633.204293][T16088] vfs_write+0x61d/0xb90 [ 633.204327][T16088] ? __pfx_vfs_write+0x10/0x10 [ 633.204361][T16088] ? __fget_files+0x2a/0x420 [ 633.204389][T16088] ksys_write+0x150/0x270 [ 633.204423][T16088] ? __pfx_ksys_write+0x10/0x10 [ 633.204458][T16088] do_syscall_64+0xe2/0xf80 [ 633.204477][T16088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.204495][T16088] ? trace_irq_disable+0x37/0x100 [ 633.204512][T16088] ? clear_bhb_loop+0x60/0xb0 [ 633.204533][T16088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.204550][T16088] RIP: 0033:0x7f5f1035b78e [ 633.204566][T16088] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 633.204581][T16088] RSP: 002b:00007f5f11277fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 633.204600][T16088] RAX: ffffffffffffffda RBX: 00007f5f112786c0 RCX: 00007f5f1035b78e [ 633.204613][T16088] RDX: 00000000000000af RSI: 0000200000000000 RDI: 00000000000000c8 [ 633.204625][T16088] RBP: 00007f5f11278090 R08: 0000000000000000 R09: 0000000000000000 [ 633.204637][T16088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 633.204648][T16088] R13: 00007f5f10616038 R14: 00007f5f10615fa0 R15: 00007f5f1073fa48 [ 633.204677][T16088] [ 633.473367][ T5917] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 633.609728][ T5917] usb 3-1: device descriptor read/64, error -71 [ 633.645654][T15999] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.653021][T15999] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.660274][T15999] bridge_slave_0: entered allmulticast mode [ 633.668939][T15999] bridge_slave_0: entered promiscuous mode [ 633.679243][T15999] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.689444][T15999] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.696792][T15999] bridge_slave_1: entered allmulticast mode [ 633.704801][T15999] bridge_slave_1: entered promiscuous mode [ 633.720998][ T5917] usb usb3-port1: attempt power cycle [ 633.758492][T15999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 633.776297][T16133] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3008'. [ 633.776305][T15999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 633.822897][T15999] team0: Port device team_slave_0 added [ 633.835774][T15999] team0: Port device team_slave_1 added [ 633.876268][T15999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 633.884497][T15999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.911984][T15999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 633.925915][T15999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 633.932938][T15999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 633.996118][T15999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 634.070296][ T5838] Bluetooth: hci0: command tx timeout [ 634.079705][ T5917] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 634.100377][ T5917] usb 3-1: device descriptor read/8, error -71 [ 634.357763][T15999] hsr_slave_0: entered promiscuous mode [ 634.363642][ T5917] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 634.381653][T15999] hsr_slave_1: entered promiscuous mode [ 634.441325][ T5917] usb 3-1: device descriptor read/8, error -71 [ 634.448914][T15999] debugfs: 'hsr0' already exists in 'hsr' [ 634.512277][T16235] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3011'. [ 634.554335][T16235] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 634.563270][ T5917] usb usb3-port1: unable to enumerate USB device [ 634.569822][T15999] Cannot create hsr debugfs directory [ 635.210114][ T5929] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 635.381920][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 635.393987][ T5929] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 635.409695][ T5929] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 635.440449][ T5929] usb 4-1: config 179 has no interface number 0 [ 635.447435][ T5929] usb 4-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 635.483707][ T5929] usb 4-1: config 179 interface 65 has no altsetting 0 [ 635.499659][ T5929] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 635.515457][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.786119][T16344] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3016'. [ 635.868822][T16344] binder: BINDER_SET_CONTEXT_MGR already set [ 635.875011][T16344] binder: 16343:16344 ioctl 4018620d 200000000040 returned -16 [ 636.003171][T15999] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 636.019002][T16364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3019'. [ 636.034014][T15999] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 636.060432][T16364] batadv0: entered promiscuous mode [ 636.077294][T16364] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 636.086881][T16364] batadv0: left promiscuous mode [ 636.140204][T15999] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 636.189246][ T5838] Bluetooth: hci0: command tx timeout [ 636.201222][T15999] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 636.470335][T15999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.530972][T15999] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.558703][ T6003] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.565983][ T6003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.623453][ T43] usb 4-1: USB disconnect, device number 74 [ 636.810997][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.818336][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.054883][T15999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 637.079263][T16397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3024'. [ 637.197925][T15999] veth0_vlan: entered promiscuous mode [ 637.366771][T15999] veth1_vlan: entered promiscuous mode [ 637.416182][T15999] veth0_macvtap: entered promiscuous mode [ 637.437416][T15999] veth1_macvtap: entered promiscuous mode [ 637.476663][T16401] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3025'. [ 637.499488][T15999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.529241][T15999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.575318][ T1330] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.589052][ T1330] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.616813][ T1330] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.647626][ T1330] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.882938][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.914035][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.041202][ T6003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 638.050322][ T6003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.081633][T16433] netlink: 'syz.1.3033': attribute type 12 has an invalid length. [ 638.098841][T16433] netlink: 'syz.1.3033': attribute type 28 has an invalid length. [ 638.129809][T16433] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3033'. [ 638.230107][ T5838] Bluetooth: hci0: command tx timeout [ 638.509785][ T5917] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 638.679793][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 638.700512][ T5917] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 638.715039][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.728530][ T5917] usb 1-1: Product: syz [ 638.756602][ T5917] usb 1-1: Manufacturer: syz [ 638.764271][ T5917] usb 1-1: SerialNumber: syz [ 638.778972][ T5917] usb 1-1: config 0 descriptor?? [ 639.710971][ T5917] peak_usb 1-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 639.950379][ T43] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 640.070402][ T5917] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 640.160491][ T43] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 640.192032][ T5917] usb 1-1: USB disconnect, device number 73 [ 640.206927][ T43] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 640.234305][ T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 640.294755][ T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 640.310000][ T5838] Bluetooth: hci0: command tx timeout [ 640.330182][ T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 640.361499][ T43] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 640.374048][ T43] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 640.394293][ T43] usb 5-1: Product: syz [ 640.409756][ T43] usb 5-1: Manufacturer: syz [ 640.479094][ T43] cdc_wdm 5-1:1.0: skipping garbage [ 640.499992][ T43] cdc_wdm 5-1:1.0: skipping garbage [ 640.517367][ T43] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 640.541813][ T43] cdc_wdm 5-1:1.0: Unknown control protocol [ 640.844363][T16504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3041'. [ 641.101054][T16509] netlink: 71 bytes leftover after parsing attributes in process `syz.3.3042'. [ 641.261090][T16514] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3044'. [ 641.304955][T16518] program syz.2.3045 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 641.360392][T16518] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 641.887719][T16543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3053'. [ 642.001459][ T30] audit: type=1326 audit(1770232857.402:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.033869][T16545] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[16545] [ 642.094386][ T30] audit: type=1326 audit(1770232857.402:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.148926][ T30] audit: type=1326 audit(1770232857.402:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.201997][T16548] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 642.296652][ T30] audit: type=1326 audit(1770232857.402:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.348165][ T9] usb 5-1: USB disconnect, device number 70 [ 642.431814][ T30] audit: type=1326 audit(1770232857.402:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.494110][ T30] audit: type=1326 audit(1770232857.402:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.646439][ T30] audit: type=1326 audit(1770232857.402:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.674367][ T30] audit: type=1326 audit(1770232857.432:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.807288][ T30] audit: type=1326 audit(1770232857.432:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 642.886715][ T30] audit: type=1326 audit(1770232857.432:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16542 comm="syz.1.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fdb55b9aeb9 code=0x7ffc0000 [ 643.302092][T16582] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3063'. [ 643.311133][T16582] openvswitch: netlink: Message has 8 unknown bytes. [ 643.328579][T16583] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 643.432052][T16610] loop5: detected capacity change from 0 to 7 [ 643.655201][T16626] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3066'. [ 643.667858][T16610] Dev loop5: unable to read RDB block 7 [ 643.701450][T16610] loop5: AHDI p1 p2 p3 [ 643.708885][T16583] bond1 (unregistering): Released all slaves [ 643.718562][T16610] loop5: partition table partially beyond EOD, truncated [ 643.744076][T16632] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3067'. [ 643.764826][T16610] loop5: p1 start 1818582900 is beyond EOD, truncated [ 643.817801][T16610] loop5: p3 start 335544320 is beyond EOD, truncated [ 644.446228][T16693] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3074'. [ 644.803461][T16711] binder: 16709:16711 unknown command 0 [ 644.809082][T16711] binder: 16709:16711 ioctl c0306201 2000000001c0 returned -22 [ 645.472876][ T24] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 645.689860][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 645.701503][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.717972][ T24] usb 1-1: Product: syz [ 645.731172][ T24] usb 1-1: Manufacturer: syz [ 645.750684][ T24] usb 1-1: SerialNumber: syz [ 645.792059][ T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 645.823430][ T5917] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 646.380097][ T79] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 646.699289][T16741] fuse: Bad value for 'rootmode' [ 646.916832][ T79] bond1 (unregistering): (slave gretap1): Releasing active interface [ 647.067780][ T79] bond1 (unregistering): (slave bridge1): Releasing active interface [ 647.497146][ T79] bond2 (unregistering): (slave macvlan3): Releasing backup interface [ 647.510099][ T5917] usb 1-1: Service connection timeout for: 258 [ 647.517087][ T5917] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 647.562446][ T79] bond0 (unregistering): Released all slaves [ 647.563042][ T5917] ath9k_htc: Failed to initialize the device [ 647.599361][T16765] netlink: 'syz.1.3094': attribute type 1 has an invalid length. [ 647.625062][ T5917] usb 1-1: ath9k_htc: USB layer deinitialized [ 647.652938][ T79] bond1 (unregistering): Released all slaves [ 647.834044][ T79] bond2 (unregistering): Released all slaves [ 648.048076][ T79] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface [ 648.066811][ T79] bond3 (unregistering): Released all slaves [ 648.097657][T16724] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 648.243749][ T24] usb 1-1: USB disconnect, device number 74 [ 648.437468][T16810] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3095'. [ 648.512989][T16817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3098'. [ 648.524390][T16810] openvswitch: netlink: Message has 8 unknown bytes. [ 648.610370][T16819] xt_hashlimit: size too large, truncated to 1048576 [ 648.824860][T16827] FAULT_INJECTION: forcing a failure. [ 648.824860][T16827] name failslab, interval 1, probability 0, space 0, times 0 [ 648.837651][T16827] CPU: 0 UID: 0 PID: 16827 Comm: syz.4.3101 Tainted: G L syzkaller #0 PREEMPT(full) [ 648.837685][T16827] Tainted: [L]=SOFTLOCKUP [ 648.837694][T16827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 648.837707][T16827] Call Trace: [ 648.837716][T16827] [ 648.837726][T16827] dump_stack_lvl+0xe8/0x150 [ 648.837758][T16827] should_fail_ex+0x412/0x560 [ 648.837791][T16827] should_failslab+0xa8/0x100 [ 648.837818][T16827] kmem_cache_alloc_noprof+0x87/0x6e0 [ 648.837849][T16827] ? __lock_acquire+0x6b5/0x2cf0 [ 648.837879][T16827] ? skb_ext_add+0x148/0x8f0 [ 648.837913][T16827] skb_ext_add+0x148/0x8f0 [ 648.837944][T16827] ? ip6t_do_table+0x1df/0x1560 [ 648.837972][T16827] secpath_set+0x58/0x1f0 [ 648.837998][T16827] xfrm6_input_addr+0x84/0x6a0 [ 648.838032][T16827] ? raw6_local_deliver+0x15d/0xae0 [ 648.838058][T16827] ? lock_acquire+0x106/0x330 [ 648.838095][T16827] ip6_parse_tlv+0x64e/0x1e60 [ 648.838146][T16827] ipv6_destopt_rcv+0x597/0xbc0 [ 648.838189][T16827] ? __pfx_ipv6_destopt_rcv+0x10/0x10 [ 648.838216][T16827] ip6_protocol_deliver_rcu+0xe2d/0x1600 [ 648.838274][T16827] ip6_input_finish+0x191/0x370 [ 648.838308][T16827] NF_HOOK+0x336/0x3c0 [ 648.838338][T16827] ? __pfx_ip6_input_finish+0x10/0x10 [ 648.838366][T16827] ? NF_HOOK+0x9e/0x3c0 [ 648.838392][T16827] ? __pfx_NF_HOOK+0x10/0x10 [ 648.838423][T16827] ? __pfx_ip6_input_finish+0x10/0x10 [ 648.838453][T16827] ? ipv6_chk_mcast_addr+0x2e/0x860 [ 648.838484][T16827] ip6_input+0x16a/0x270 [ 648.838510][T16827] ? ip6_input+0x23/0x270 [ 648.838541][T16827] ip6_mc_input+0x655/0xbd0 [ 648.838577][T16827] ? __pfx_ip6_mc_input+0x10/0x10 [ 648.838607][T16827] ? skb_dst+0x71/0xd0 [ 648.838635][T16827] ? ip6_rcv_finish+0x29e/0x2e0 [ 648.838665][T16827] NF_HOOK+0x336/0x3c0 [ 648.838692][T16827] ? skb_orphan+0x4f/0xd0 [ 648.838732][T16827] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 648.838755][T16827] ? NF_HOOK+0x9e/0x3c0 [ 648.838777][T16827] ? __pfx_NF_HOOK+0x10/0x10 [ 648.838803][T16827] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 648.838833][T16827] ? netif_receive_skb+0x102/0xbb0 [ 648.838853][T16827] netif_receive_skb+0x278/0xbb0 [ 648.838876][T16827] ? __pfx_netif_receive_skb+0x10/0x10 [ 648.838899][T16827] ? tun_rx_batched+0x185/0x790 [ 648.838921][T16827] tun_rx_batched+0x1de/0x790 [ 648.838947][T16827] ? __pfx_tun_rx_batched+0x10/0x10 [ 648.838966][T16827] ? tun_get_user+0x2669/0x3dd0 [ 648.838986][T16827] ? tun_get_user+0x2669/0x3dd0 [ 648.839008][T16827] ? tun_get_user+0x2354/0x3dd0 [ 648.839026][T16827] ? __local_bh_enable_ip+0xd0/0x130 [ 648.839046][T16827] ? tun_get_user+0x2669/0x3dd0 [ 648.839063][T16827] tun_get_user+0x2a78/0x3dd0 [ 648.839100][T16827] ? aa_file_perm+0x440/0x1630 [ 648.839124][T16827] ? __pfx_tun_get_user+0x10/0x10 [ 648.839145][T16827] ? __lock_acquire+0x6b5/0x2cf0 [ 648.839188][T16827] ? ref_tracker_alloc+0x363/0x4d0 [ 648.839214][T16827] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 648.839239][T16827] ? tun_get+0x1c/0x2f0 [ 648.839257][T16827] ? tun_get+0x1c/0x2f0 [ 648.839280][T16827] ? tun_get+0x1c/0x2f0 [ 648.839297][T16827] ? tun_get+0x1c/0x2f0 [ 648.839320][T16827] tun_chr_write_iter+0x113/0x200 [ 648.839341][T16827] vfs_write+0x61d/0xb90 [ 648.839376][T16827] ? __pfx_vfs_write+0x10/0x10 [ 648.839412][T16827] ? __fget_files+0x2a/0x420 [ 648.839442][T16827] ksys_write+0x150/0x270 [ 648.839469][T16827] ? __pfx_ksys_write+0x10/0x10 [ 648.839507][T16827] do_syscall_64+0xe2/0xf80 [ 648.839526][T16827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.839543][T16827] ? trace_irq_disable+0x37/0x100 [ 648.839561][T16827] ? clear_bhb_loop+0x60/0xb0 [ 648.839587][T16827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.839605][T16827] RIP: 0033:0x7fba8435b78e [ 648.839622][T16827] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 648.839636][T16827] RSP: 002b:00007fba851cefb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 648.839654][T16827] RAX: ffffffffffffffda RBX: 00007fba851cf6c0 RCX: 00007fba8435b78e [ 648.839667][T16827] RDX: 00000000000000af RSI: 0000200000000000 RDI: 00000000000000c8 [ 648.839679][T16827] RBP: 00007fba851cf090 R08: 0000000000000000 R09: 0000000000000000 [ 648.839690][T16827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.839701][T16827] R13: 00007fba84616038 R14: 00007fba84615fa0 R15: 00007fba8473fa48 [ 648.839729][T16827] [ 649.778150][T16851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3103'. [ 649.879749][ T43] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 650.020246][T16856] use of bytesused == 0 is deprecated and will be removed in the future, [ 650.043277][T16856] use the actual size instead. [ 650.053297][ T43] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 650.066375][ T43] usb 5-1: config 0 has no interface number 0 [ 650.081679][ T43] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 650.093639][ T43] usb 5-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 650.103867][ T43] usb 5-1: config 0 interface 113 has no altsetting 0 [ 650.119313][ T79] hsr_slave_0: left promiscuous mode [ 650.132770][ T79] hsr_slave_1: left promiscuous mode [ 650.138440][ T43] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 650.148081][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.166609][ T43] usb 5-1: Product: syz [ 650.178046][ T43] usb 5-1: Manufacturer: syz [ 650.214847][ T43] usb 5-1: SerialNumber: syz [ 650.220805][ T79] veth1_macvtap: left promiscuous mode [ 650.237004][ T79] veth0_macvtap: left promiscuous mode [ 650.244168][ T43] usb 5-1: config 0 descriptor?? [ 650.276202][ T79] veth1_vlan: left promiscuous mode [ 650.293433][ T10] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 650.294383][ C1] usb 5-1: NFC: Urb failure (status -71) [ 650.327104][ T79] veth0_vlan: left promiscuous mode [ 650.341339][ T43] usb 5-1: NFC: Unable to get FW version [ 650.375138][ T43] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90 [ 650.522093][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.559230][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.578485][T16872] x_tables: duplicate underflow at hook 1 [ 650.585898][ T10] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 650.634099][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.678806][ T10] usb 1-1: config 0 descriptor?? [ 650.793264][ T79] team0 (unregistering): Port device batadv1 removed [ 650.922662][ T79] pim6reg (unregistering): left allmulticast mode [ 651.103321][ T10] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0 [ 651.131228][ T10] cp2112 0003:10C4:EA90.001A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 651.303162][ T10] cp2112 0003:10C4:EA90.001A: Part Number: 0x82 Device Version: 0xFE [ 651.928191][T16863] cp2112 0003:10C4:EA90.001A: Error starting transaction: -38 [ 651.939292][ T10] cp2112 0003:10C4:EA90.001A: error reading lock byte: -71 [ 651.976198][ T10] usb 1-1: USB disconnect, device number 75 [ 652.747515][ T10] usb 5-1: USB disconnect, device number 71 [ 652.889690][ T9] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 653.056657][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.078412][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.107307][ T9] usb 1-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00 [ 653.134207][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.164132][ T9] usb 1-1: config 0 descriptor?? [ 653.194585][T16940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3118'. [ 653.607020][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 653.613170][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 653.625189][ T9] usb 1-1: USB disconnect, device number 76 [ 653.851856][T16943] bond5: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 653.883266][T16943] bond5 (unregistering): Released all slaves [ 654.039908][T16979] dummy0: entered promiscuous mode [ 654.098256][T16979] dummy0: left promiscuous mode [ 654.203274][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 654.218153][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 654.226535][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 654.234959][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 654.242871][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 654.446188][T17047] fuse: Bad value for 'fd' [ 654.693756][ T79] IPVS: stop unused estimator thread 0... [ 654.790366][ T5917] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 654.882276][T17045] chnl_net:caif_netlink_parms(): no params data found [ 654.969260][ T5917] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 654.982280][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.993797][ T5917] usb 4-1: Product: syz [ 654.998121][ T5917] usb 4-1: Manufacturer: syz [ 655.005674][ T5917] usb 4-1: SerialNumber: syz [ 655.071188][T17045] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.078625][T17045] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.093916][T17045] bridge_slave_0: entered allmulticast mode [ 655.103030][T17045] bridge_slave_0: entered promiscuous mode [ 655.114107][T17045] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.121558][T17045] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.128960][T17045] bridge_slave_1: entered allmulticast mode [ 655.138107][T17045] bridge_slave_1: entered promiscuous mode [ 655.185647][T17045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 655.200946][T17045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 655.247252][T17045] team0: Port device team_slave_0 added [ 655.257289][T17045] team0: Port device team_slave_1 added [ 655.302482][T17045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 655.310745][T17045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 655.337200][T17045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 655.351847][T17045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 655.359011][T17045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 655.385968][T17045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.428541][ T5917] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 655.452872][ T5917] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 655.472103][ T5917] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 655.494043][ T5917] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 655.508168][ T5917] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 655.549255][ T5917] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 655.561243][T17045] hsr_slave_0: entered promiscuous mode [ 655.579007][T17045] hsr_slave_1: entered promiscuous mode [ 655.592156][ T5917] usb 4-1: USB disconnect, device number 75 [ 655.782877][T17278] loop6: detected capacity change from 0 to 7 [ 655.793417][ T5829] Dev loop6: unable to read RDB block 7 [ 655.807561][ T5829] loop6: unable to read partition table [ 655.816350][ T5829] loop6: partition table beyond EOD, truncated [ 655.823733][T17278] Dev loop6: unable to read RDB block 7 [ 655.829368][T17278] loop6: unable to read partition table [ 655.851130][T17278] loop6: partition table beyond EOD, truncated [ 655.860875][T17278] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 655.935827][ T5195] Dev loop6: unable to read RDB block 7 [ 655.942057][ T5195] loop6: unable to read partition table [ 655.944038][T17045] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.948375][ T5195] loop6: partition table beyond EOD, truncated [ 656.015029][ T9] usb 1-1: new full-speed USB device number 77 using dummy_hcd [ 656.125787][T17045] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.234497][T17369] netlink: 'syz.3.3133': attribute type 4 has an invalid length. [ 656.262618][ T9] usb 1-1: config 7 has an invalid interface number: 101 but max is 0 [ 656.271030][ T9] usb 1-1: config 7 has no interface number 0 [ 656.285813][T17045] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.299447][ T9] usb 1-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 656.309694][ T5838] Bluetooth: hci4: command tx timeout [ 656.323545][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.338209][ T9] usb 1-1: Product: syz [ 656.344350][ T9] usb 1-1: Manufacturer: syz [ 656.351154][ T9] usb 1-1: SerialNumber: syz [ 656.404169][ T5917] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 656.531605][T17045] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.571557][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 656.582751][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 656.736234][T17297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 656.749966][ T10] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 656.780522][T17297] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 656.788689][ T5917] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 656.819771][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.920257][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 656.935008][ T9] as10x_usb: device has been detected [ 656.944404][ T10] usb 4-1: config 0 has no interfaces? [ 656.951307][ T5917] usb 5-1: config 0 descriptor?? [ 656.961715][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 656.983449][T17045] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 657.011759][T17045] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 657.020695][ T9] usb 1-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 657.042619][ T9] as10x_usb: error during firmware upload part1 [ 657.050383][T17045] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 657.057823][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 657.067692][ T9] Registered device Elgato EyeTV DTT Deluxe [ 657.083378][ T9] usb 1-1: USB disconnect, device number 77 [ 657.103480][ T10] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 657.123666][ T10] usb 4-1: Manufacturer: syz [ 657.146320][T17045] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 657.156009][ T10] usb 4-1: config 0 descriptor?? [ 657.178677][ T9] Unregistered device Elgato EyeTV DTT Deluxe [ 657.220833][ T9] as10x_usb: device has been disconnected [ 657.376991][ T5917] cp2112 0003:10C4:EA90.001B: unknown main item tag 0x0 [ 657.390220][ T5917] cp2112 0003:10C4:EA90.001B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 657.414226][T17045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.529345][T17045] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.571114][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.578360][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.589202][ T5917] cp2112 0003:10C4:EA90.001B: Part Number: 0x82 Device Version: 0xFE [ 657.637390][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.644582][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 657.910772][ T43] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 657.964418][T17045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 657.994220][T17457] FAULT_INJECTION: forcing a failure. [ 657.994220][T17457] name failslab, interval 1, probability 0, space 0, times 0 [ 658.019706][T17457] CPU: 0 UID: 0 PID: 17457 Comm: syz.1.3136 Tainted: G L syzkaller #0 PREEMPT(full) [ 658.019740][T17457] Tainted: [L]=SOFTLOCKUP [ 658.019749][T17457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 658.019762][T17457] Call Trace: [ 658.019771][T17457] [ 658.019781][T17457] dump_stack_lvl+0xe8/0x150 [ 658.019814][T17457] should_fail_ex+0x412/0x560 [ 658.019845][T17457] should_failslab+0xa8/0x100 [ 658.019872][T17457] kmem_cache_alloc_lru_noprof+0x8c/0x6c0 [ 658.019908][T17457] ? __d_alloc+0x37/0x6f0 [ 658.019940][T17457] __d_alloc+0x37/0x6f0 [ 658.019971][T17457] d_alloc+0x4b/0x190 [ 658.019994][T17457] ? lookup_one_qstr_excl+0xc8/0x360 [ 658.020021][T17457] lookup_one_qstr_excl+0xdc/0x360 [ 658.020052][T17457] filename_create+0x20e/0x370 [ 658.020089][T17457] ? __pfx_filename_create+0x10/0x10 [ 658.020139][T17457] do_mkdirat+0xd2/0x4b0 [ 658.020166][T17457] ? __pfx_do_mkdirat+0x10/0x10 [ 658.020226][T17457] ? getname_flags+0x1e4/0x540 [ 658.020254][T17457] __x64_sys_mkdirat+0x87/0xa0 [ 658.020289][T17457] do_syscall_64+0xe2/0xf80 [ 658.020313][T17457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.020328][T17457] ? trace_irq_disable+0x37/0x100 [ 658.020343][T17457] ? clear_bhb_loop+0x60/0xb0 [ 658.020394][T17457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.020417][T17457] RIP: 0033:0x7fdb55b9aeb9 [ 658.020435][T17457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 658.020454][T17457] RSP: 002b:00007fdb56a09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 658.020482][T17457] RAX: ffffffffffffffda RBX: 00007fdb55e15fa0 RCX: 00007fdb55b9aeb9 [ 658.020494][T17457] RDX: 0000000000000062 RSI: 0000200000000900 RDI: ffffffffffffff9c [ 658.020518][T17457] RBP: 00007fdb56a09090 R08: 0000000000000000 R09: 0000000000000000 [ 658.020544][T17457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.020557][T17457] R13: 00007fdb55e16038 R14: 00007fdb55e15fa0 R15: 00007fdb55f3fa48 [ 658.020590][T17457] [ 658.236711][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 658.310640][T17362] cp2112 0003:10C4:EA90.001B: Error starting transaction: -38 [ 658.398304][ T5838] Bluetooth: hci4: command tx timeout [ 658.475506][ T43] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 658.490614][ T43] usb 1-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 658.553053][ T5917] cp2112 0003:10C4:EA90.001B: error reading lock byte: -71 [ 658.560316][T17464] loop6: detected capacity change from 0 to 7 [ 658.570952][ T43] usb 1-1: config 179 has no interface number 0 [ 658.578552][T17045] veth0_vlan: entered promiscuous mode [ 658.580854][T17464] Dev loop6: unable to read RDB block 7 [ 658.610220][T17464] loop6: unable to read partition table [ 658.610609][ T43] usb 1-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 658.626382][T17464] loop6: partition table beyond EOD, truncated [ 658.655892][ T5917] usb 5-1: USB disconnect, device number 72 [ 658.666060][ T43] usb 1-1: config 179 interface 65 has no altsetting 0 [ 658.679516][T17045] veth1_vlan: entered promiscuous mode [ 658.705319][ T43] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 658.707811][T17464] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 658.754859][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.801871][T17045] veth0_macvtap: entered promiscuous mode [ 658.833980][T17045] veth1_macvtap: entered promiscuous mode [ 658.897109][T17045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 658.947689][T17045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 658.976354][ T6003] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.988061][ T6003] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.018543][ T6003] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.033203][ T6003] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.195253][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.218408][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.309983][ T5917] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 659.363699][ T5997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.377323][ T5997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.469681][ T5917] usb 2-1: Using ep0 maxpacket: 32 [ 659.483986][ T5917] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.501205][ T5917] usb 2-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 659.516672][ T5917] usb 2-1: config 0 interface 0 has no altsetting 0 [ 659.525843][ T5917] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 659.535448][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.550695][ T5917] usb 2-1: config 0 descriptor?? [ 659.733225][ T10] usb 1-1: USB disconnect, device number 78 [ 659.784291][ T9] usb 4-1: USB disconnect, device number 76 [ 659.812324][T17513] bond5: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 659.931903][T17513] bond5 (unregistering): Released all slaves [ 660.004991][T17597] netlink: 'syz.3.3139': attribute type 1 has an invalid length. [ 660.034146][T17597] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 660.469847][ T5838] Bluetooth: hci4: command tx timeout [ 660.744961][T17632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3146'. [ 660.903655][T17641] input: syz1 as /devices/virtual/input/input39 [ 661.162732][T17659] FAULT_INJECTION: forcing a failure. [ 661.162732][T17659] name failslab, interval 1, probability 0, space 0, times 0 [ 661.198047][T17659] CPU: 0 UID: 0 PID: 17659 Comm: syz.2.3154 Tainted: G L syzkaller #0 PREEMPT(full) [ 661.198080][T17659] Tainted: [L]=SOFTLOCKUP [ 661.198088][T17659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 661.198100][T17659] Call Trace: [ 661.198110][T17659] [ 661.198119][T17659] dump_stack_lvl+0xe8/0x150 [ 661.198150][T17659] should_fail_ex+0x412/0x560 [ 661.198179][T17659] should_failslab+0xa8/0x100 [ 661.198203][T17659] __kmalloc_cache_noprof+0x83/0x6e0 [ 661.198225][T17659] ? fuse_dentry_init+0x51/0xe0 [ 661.198241][T17659] ? kmem_cache_alloc_lru_noprof+0x3ac/0x6c0 [ 661.198277][T17659] fuse_dentry_init+0x51/0xe0 [ 661.198298][T17659] __d_alloc+0x47b/0x6f0 [ 661.198329][T17659] d_alloc+0x4b/0x190 [ 661.198349][T17659] ? lookup_one_qstr_excl+0xc8/0x360 [ 661.198390][T17659] lookup_one_qstr_excl+0xdc/0x360 [ 661.198417][T17659] filename_create+0x20e/0x370 [ 661.198466][T17659] ? __pfx_filename_create+0x10/0x10 [ 661.198504][T17659] do_mkdirat+0xd2/0x4b0 [ 661.198537][T17659] ? __pfx_do_mkdirat+0x10/0x10 [ 661.198569][T17659] ? getname_flags+0x1e4/0x540 [ 661.198595][T17659] __x64_sys_mkdirat+0x87/0xa0 [ 661.198624][T17659] do_syscall_64+0xe2/0xf80 [ 661.198645][T17659] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.198664][T17659] ? trace_irq_disable+0x37/0x100 [ 661.198681][T17659] ? clear_bhb_loop+0x60/0xb0 [ 661.198704][T17659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.198724][T17659] RIP: 0033:0x7fd1da39aeb9 [ 661.198742][T17659] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.198758][T17659] RSP: 002b:00007fd1db21b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 661.198781][T17659] RAX: ffffffffffffffda RBX: 00007fd1da615fa0 RCX: 00007fd1da39aeb9 [ 661.198796][T17659] RDX: 0000000000000062 RSI: 0000200000000900 RDI: ffffffffffffff9c [ 661.198806][T17659] RBP: 00007fd1db21b090 R08: 0000000000000000 R09: 0000000000000000 [ 661.198815][T17659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 661.198823][T17659] R13: 00007fd1da616038 R14: 00007fd1da615fa0 R15: 00007fd1da73fa48 [ 661.198865][T17659] [ 661.550357][T17663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3156'. [ 661.581321][T17664] loop6: detected capacity change from 0 to 7 [ 661.588576][T17664] Dev loop6: unable to read RDB block 7 [ 661.597813][T17664] loop6: unable to read partition table [ 661.610761][T17664] loop6: partition table beyond EOD, truncated [ 661.622397][T17664] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 661.798143][T17675] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3158'. [ 662.407131][T17716] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3160'. [ 662.432996][ T5917] usbhid 2-1:0.0: can't add hid device: -71 [ 662.439130][ T5917] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 662.548145][T17721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3162'. [ 662.559679][ T5838] Bluetooth: hci4: command tx timeout [ 662.570051][ T5917] usb 2-1: USB disconnect, device number 72 [ 662.730657][ T9] usb 1-1: new full-speed USB device number 79 using dummy_hcd [ 663.063647][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 663.102033][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.136087][ T9] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 663.148229][ T9] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 663.272864][ T9] usb 1-1: Manufacturer: syz [ 663.300404][ T9] usb 1-1: config 0 descriptor?? [ 663.337106][T17776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3167'. [ 663.718188][ T9] cougar 0003:060B:700A.001C: unknown main item tag 0x0 [ 663.740267][ T9] cougar 0003:060B:700A.001C: unknown main item tag 0x0 [ 663.758282][ T9] cougar 0003:060B:700A.001C: unknown main item tag 0x0 [ 663.774828][ T9] cougar 0003:060B:700A.001C: unknown main item tag 0x0 [ 663.789328][ T9] cougar 0003:060B:700A.001C: unknown main item tag 0x0 [ 663.827351][ T9] cougar 0003:060B:700A.001C: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 663.917643][T17708] tipc: Enabling of bearer rejected, failed to enable media [ 663.948452][ T43] usb 1-1: USB disconnect, device number 79 [ 664.017213][T17785] fido_id[17785]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 664.143813][T17799] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3170'. [ 664.579404][T17821] batman_adv: batadv0: Adding interface: gretap1 [ 664.591656][T17821] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 664.642660][T17821] batman_adv: batadv0: Interface activated: gretap1 [ 664.653937][T17831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3179'. [ 665.727040][T17854] FAULT_INJECTION: forcing a failure. [ 665.727040][T17854] name failslab, interval 1, probability 0, space 0, times 0 [ 665.783056][T17854] CPU: 1 UID: 0 PID: 17854 Comm: syz.2.3186 Tainted: G L syzkaller #0 PREEMPT(full) [ 665.783089][T17854] Tainted: [L]=SOFTLOCKUP [ 665.783097][T17854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 665.783128][T17854] Call Trace: [ 665.783137][T17854] [ 665.783146][T17854] dump_stack_lvl+0xe8/0x150 [ 665.783179][T17854] should_fail_ex+0x412/0x560 [ 665.783210][T17854] should_failslab+0xa8/0x100 [ 665.783235][T17854] __kmalloc_cache_noprof+0x83/0x6e0 [ 665.783258][T17854] ? fuse_lookup_name+0x1d0/0x8b0 [ 665.783285][T17854] fuse_lookup_name+0x1d0/0x8b0 [ 665.783309][T17854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.783336][T17854] ? __pfx_fuse_lookup_name+0x10/0x10 [ 665.783356][T17854] ? fuse_lock_inode+0xd3/0x120 [ 665.783390][T17854] ? __lock_acquire+0x6b5/0x2cf0 [ 665.783434][T17854] fuse_lookup+0x213/0x4e0 [ 665.783463][T17854] ? __pfx_fuse_lookup+0x10/0x10 [ 665.783486][T17854] ? do_raw_spin_lock+0x12b/0x2f0 [ 665.783520][T17854] ? do_raw_spin_unlock+0xf5/0x210 [ 665.783546][T17854] ? _raw_spin_unlock+0x28/0x50 [ 665.783577][T17854] ? d_alloc+0x144/0x190 [ 665.783606][T17854] lookup_one_qstr_excl+0x131/0x360 [ 665.783644][T17854] filename_create+0x20e/0x370 [ 665.783680][T17854] ? __pfx_filename_create+0x10/0x10 [ 665.783721][T17854] do_mkdirat+0xd2/0x4b0 [ 665.783757][T17854] ? __pfx_do_mkdirat+0x10/0x10 [ 665.783791][T17854] ? getname_flags+0x1e4/0x540 [ 665.783818][T17854] __x64_sys_mkdirat+0x87/0xa0 [ 665.783851][T17854] do_syscall_64+0xe2/0xf80 [ 665.783873][T17854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.783892][T17854] ? trace_irq_disable+0x37/0x100 [ 665.783912][T17854] ? clear_bhb_loop+0x60/0xb0 [ 665.783937][T17854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.783957][T17854] RIP: 0033:0x7fd1da39aeb9 [ 665.783977][T17854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 665.783995][T17854] RSP: 002b:00007fd1db21b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 665.784018][T17854] RAX: ffffffffffffffda RBX: 00007fd1da615fa0 RCX: 00007fd1da39aeb9 [ 665.784033][T17854] RDX: 0000000000000062 RSI: 0000200000000900 RDI: ffffffffffffff9c [ 665.784048][T17854] RBP: 00007fd1db21b090 R08: 0000000000000000 R09: 0000000000000000 [ 665.784062][T17854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 665.784074][T17854] R13: 00007fd1da616038 R14: 00007fd1da615fa0 R15: 00007fd1da73fa48 [ 665.784109][T17854] [ 666.126421][T17867] loop6: detected capacity change from 0 to 7 [ 666.136009][T17867] Dev loop6: unable to read RDB block 7 [ 666.173927][T17867] loop6: unable to read partition table [ 666.238724][T17867] loop6: partition table beyond EOD, truncated [ 666.274881][T17867] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 666.580146][T17882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3191'. [ 666.854442][T17898] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3195'. [ 667.284065][T17927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3206'. [ 667.321794][T17928] binder: 17926:17928 unknown command 0 [ 667.359796][T17928] binder: 17926:17928 ioctl c0306201 2000000001c0 returned -22 [ 667.760518][T17943] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3209'. [ 667.798056][T17942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3210'. [ 668.256986][ T43] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 668.500794][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 668.558591][ T43] usb 1-1: config 2 has an invalid interface number: 109 but max is 0 [ 668.569647][ T43] usb 1-1: config 2 has no interface number 0 [ 668.577449][ T43] usb 1-1: config 2 interface 109 has no altsetting 0 [ 668.592295][ T43] usb 1-1: New USB device found, idVendor=0409, idProduct=0249, bcdDevice=db.77 [ 668.616923][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.383422][ T43] usb 1-1: Product: syz [ 669.387770][ T43] usb 1-1: Manufacturer: 鮃䩏㴪伥⌋䴛ᦘ≇ꡂ풌閭냢珕琰뛏纍ᔦ戛꾕坃꫉अ术뀨隼㳖䏛꽮瓰ᖊ辭ᡛ嶓翶흳鷻⴪칇㣲ꖿ橨熉蜙䲸씧괮얱Ḍ [ 669.406753][ T43] usb 1-1: SerialNumber: syz [ 669.597071][T17970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3217'. [ 669.684446][T17972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3218'. [ 669.703306][T17972] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 670.228453][T17989] 8021q: adding VLAN 0 to HW filter on device bond1 [ 670.400439][ T5916] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 670.552838][ T5916] usb 4-1: Using ep0 maxpacket: 16 [ 670.571569][ T5916] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 670.580167][ T5916] usb 4-1: config 0 has no interface number 0 [ 670.599750][ T5916] usb 4-1: config 0 interface 8 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.621791][T18048] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 670.640437][ T5916] usb 4-1: config 0 interface 8 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.660242][ T5916] usb 4-1: config 0 interface 8 has no altsetting 0 [ 670.674201][ T5916] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 670.703324][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.732104][ T5916] usb 4-1: config 0 descriptor?? [ 671.199053][ T5916] uclogic 0003:5543:0522.001D: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.3-1/input8 [ 671.222121][ T9] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 671.223182][ T43] usb 1-1: reset high-speed USB device number 80 using dummy_hcd [ 671.253661][ T43] usb 1-1: device reset changed ep0 maxpacket size! [ 671.300664][ T43] usb 1-1: USB disconnect, device number 80 [ 671.400031][ T9] usb 3-1: config 9 has an invalid interface number: 3 but max is 0 [ 671.416919][ T9] usb 3-1: config 9 has no interface number 0 [ 671.431642][ T9] usb 3-1: config 9 interface 3 has no altsetting 0 [ 671.443233][ T9] usb 3-1: New USB device found, idVendor=0fcf, idProduct=1003, bcdDevice=87.04 [ 671.470048][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.480292][T17989] bond_slave_0: entered promiscuous mode [ 671.486076][T17989] bond_slave_1: entered promiscuous mode [ 671.492826][ T9] usb 3-1: Product: syz [ 671.497427][ T9] usb 3-1: Manufacturer: syz [ 671.503439][ T9] usb 3-1: SerialNumber: syz [ 671.510545][ T43] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 671.519121][T17989] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 671.542380][T17989] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 671.565958][ T5911] usb 4-1: USB disconnect, device number 77 [ 671.669749][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 671.682862][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 671.691376][ T43] usb 1-1: too many configurations: 83, using maximum allowed: 8 [ 671.703067][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 671.710891][ T43] usb 1-1: can't read configurations, error -61 [ 671.730302][T18052] netlink: 'syz.2.3227': attribute type 10 has an invalid length. [ 671.753875][T18052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 671.766042][T18052] team0: Port device bond0 added [ 671.776584][T18052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3227'. [ 671.823804][T18052] team0 (unregistering): Port device team_slave_0 removed [ 671.841666][T18052] team0 (unregistering): Port device team_slave_1 removed [ 671.850398][ T43] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 671.864642][T18052] team0 (unregistering): Port device bond0 removed [ 672.004433][ T9] hub 3-1:9.3: bad descriptor, ignoring hub [ 672.010771][ T9] hub 3-1:9.3: probe with driver hub failed with error -5 [ 672.018714][ T9] cp210x 3-1:9.3: cp210x converter detected [ 672.025745][ T9] cp210x 3-1:9.3: failed to get vendor val 0x370b size 1: -71 [ 672.030604][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 672.036411][ T9] cp210x 3-1:9.3: querying part number failed [ 672.047060][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 672.058872][ T9] usb 3-1: cp210x converter now attached to ttyUSB0 [ 672.065736][ T43] usb 1-1: too many configurations: 83, using maximum allowed: 8 [ 672.094068][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 672.097242][ T9] usb 3-1: USB disconnect, device number 73 [ 672.118810][ T43] usb 1-1: can't read configurations, error -61 [ 672.134843][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 672.140729][ T43] usb usb1-port1: attempt power cycle [ 672.154929][ T9] cp210x 3-1:9.3: device disconnected [ 672.503299][ T43] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 672.580377][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 672.591903][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 672.600748][ T5916] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 672.615977][ T43] usb 1-1: too many configurations: 83, using maximum allowed: 8 [ 672.640811][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 672.648666][ T43] usb 1-1: can't read configurations, error -61 [ 672.799796][ T5916] usb 4-1: Using ep0 maxpacket: 8 [ 672.813972][ T5916] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 673.306627][ T43] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 673.388438][ T5916] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 673.408836][ T5908] usb 3-1: new full-speed USB device number 74 using dummy_hcd [ 673.420504][ T5916] usb 4-1: config 179 has no interface number 0 [ 673.427275][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 673.438857][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 673.449979][ T43] usb 1-1: too many configurations: 83, using maximum allowed: 8 [ 673.457853][ T5916] usb 4-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 673.489901][ T5916] usb 4-1: config 179 interface 65 has no altsetting 0 [ 673.496872][ T5916] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 673.506423][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.515804][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 673.525585][ T43] usb 1-1: can't read configurations, error -61 [ 673.532436][ T43] usb usb1-port1: unable to enumerate USB device [ 673.641330][ T5908] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 673.652684][ T5908] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 673.678722][ T5908] usb 3-1: config 0 interface 0 has no altsetting 0 [ 673.701137][ T5908] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 673.712475][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 673.721080][ T5908] usb 3-1: Product: syz [ 673.726983][ T5908] usb 3-1: Manufacturer: syz [ 673.741355][ T5908] usb 3-1: SerialNumber: syz [ 673.758027][ T5908] usb 3-1: config 0 descriptor?? [ 673.770734][ T5908] usb 3-1: selecting invalid altsetting 0 [ 674.296252][ T5916] usb 4-1: USB disconnect, device number 78 [ 674.537332][T18181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3240'. [ 674.657896][T18188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 674.670662][T18188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 674.687593][T18188] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3241'. [ 674.889874][ T5911] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 674.943448][T18199] bond2: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 675.020447][ T5911] usb 1-1: device descriptor read/64, error -71 [ 675.099463][T18199] bond2 (unregistering): Released all slaves [ 675.286715][ T5911] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 675.419920][ T5911] usb 1-1: device descriptor read/64, error -71 [ 675.529971][ T5911] usb usb1-port1: attempt power cycle [ 676.049906][ T5911] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 676.090473][ T5911] usb 1-1: device descriptor read/8, error -71 [ 676.409908][ T24] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 676.491315][ T5911] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 676.530407][ T5911] usb 1-1: device descriptor read/8, error -71 [ 676.537819][ T5916] usb 3-1: USB disconnect, device number 74 [ 676.559820][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 676.580054][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 676.590490][ T24] usb 2-1: config 4 interface 0 has no altsetting 0 [ 676.619135][ T24] usb 2-1: string descriptor 0 read error: -22 [ 676.648086][ T24] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 676.673453][ T5911] usb usb1-port1: unable to enumerate USB device [ 676.699778][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.740991][ T24] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 676.834717][ T24] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 676.857744][ T24] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 676.865454][ T24] usb 2-1: media controller created [ 676.908999][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 676.990969][ T24] zl10353_read_register: readreg error (reg=127, ret==0) [ 677.132274][T18335] dummy0: entered promiscuous mode [ 677.146781][ T24] usb 2-1: USB disconnect, device number 73 [ 677.160921][T18335] dummy0: left promiscuous mode [ 677.210073][ T43] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 677.410108][ T43] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 677.431240][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.452782][ T43] usb 3-1: config 0 descriptor?? [ 677.489320][ T43] cp210x 3-1:0.0: cp210x converter detected [ 677.612361][T18366] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3253'. [ 677.626689][ T24] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 677.822035][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 677.841502][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 677.860967][ T24] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 677.880037][ T24] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 677.896469][ T24] usb 5-1: Product: syz [ 677.921802][ T24] usb 5-1: Manufacturer: syz [ 677.928170][ T24] usb 5-1: SerialNumber: syz [ 677.945952][ T43] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -71 [ 677.973286][T18380] 8021q: adding VLAN 0 to HW filter on device bond1 [ 678.014010][ T43] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 678.057181][ T43] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 678.099196][T18396] bond_slave_0: entered promiscuous mode [ 678.103749][ T43] usb 3-1: cp210x converter now attached to ttyUSB0 [ 678.105202][T18396] bond_slave_1: entered promiscuous mode [ 678.119025][T18396] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 678.140842][ T43] usb 3-1: USB disconnect, device number 75 [ 678.162455][ T24] usb 5-1: Handspring Visor / Palm OS: No valid connect info available [ 678.164493][T18396] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 678.203032][ T24] usb 5-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 678.212965][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 678.226919][ T43] cp210x 3-1:0.0: device disconnected [ 678.239908][ T24] usb 5-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 678.253720][ T24] usb 5-1: Handspring Visor / Palm OS: Number of ports: 2 [ 678.292179][T18426] loop6: detected capacity change from 0 to 7 [ 678.302278][T18426] Dev loop6: unable to read RDB block 7 [ 678.308080][T18426] loop6: unable to read partition table [ 678.317659][T18426] loop6: partition table beyond EOD, truncated [ 678.324617][T18426] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 678.429391][ T24] usb 5-1: palm_os_3_probe - error -71 getting bytes available request [ 678.453949][ T24] visor 5-1:1.0: Handspring Visor / Palm OS converter detected [ 678.505590][ T24] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 678.552177][ T24] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 678.581799][ T24] usb 5-1: USB disconnect, device number 73 [ 678.607570][ T24] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 678.631452][ T24] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 678.647539][ T24] visor 5-1:1.0: device disconnected [ 678.855323][T18506] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3261'. [ 678.897969][T18513] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.924730][T18513] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 680.131540][T18544] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3268'. [ 681.036268][T18566] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3274'. [ 681.449511][T18592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3278'. [ 681.513089][T18592] macvlan2: entered promiscuous mode [ 681.518459][T18592] macvlan2: entered allmulticast mode [ 681.524298][T18592] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode [ 681.872478][ T24] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 682.029753][ T9] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 682.051480][ T24] usb 1-1: config 0 has no interfaces? [ 682.059142][ T24] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 682.069880][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.078622][ T24] usb 1-1: Product: syz [ 682.083263][ T24] usb 1-1: Manufacturer: syz [ 682.087930][ T24] usb 1-1: SerialNumber: syz [ 682.100400][ T24] usb 1-1: config 0 descriptor?? [ 682.237141][ T9] usb 5-1: config 0 has no interfaces? [ 682.243040][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=1290, bcdDevice=dc.1b [ 682.272850][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.304853][ T9] apple-mfi-fastcharge 5-1: config 0 descriptor?? [ 682.330364][T18653] binder: BINDER_SET_CONTEXT_MGR already set [ 682.338533][T18601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 682.360024][T18609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 682.374939][T18653] binder: 18652:18653 ioctl 4018620d 200000004a80 returned -16 [ 682.391091][T18609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 682.400487][T18601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 682.409184][T18653] binder: 18652:18653 ioctl c0306201 2000000001c0 returned -22 [ 682.479177][T18664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3290'. [ 682.535882][ T5911] usb 1-1: USB disconnect, device number 89 [ 682.680050][T18672] syz_tun: refused to change device tx_queue_len [ 682.703263][ T43] apple-mfi-fastcharge 5-1: USB disconnect, device number 74 [ 682.927609][T18706] bond2: option lacp_rate: mode dependency failed, not supported in mode active-backup(1) [ 682.979405][T18706] bond2 (unregistering): Released all slaves [ 683.089960][ T5911] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 683.276210][ T5911] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 683.280697][ T43] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 683.295605][ T5911] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 683.316248][ T5911] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 683.333287][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 683.355273][ T5911] usb 4-1: SerialNumber: syz [ 683.470799][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 683.480042][ T43] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 683.488815][ T43] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 683.511822][ T43] usb 3-1: config 179 has no interface number 0 [ 683.519387][ T43] usb 3-1: config 179 interface 65 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 683.543119][ T43] usb 3-1: config 179 interface 65 has no altsetting 0 [ 683.568004][ T43] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 683.579719][T18700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 683.590720][T18700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 683.598651][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.831424][ T9] usb 3-1: USB disconnect, device number 76 [ 684.055691][T18833] geneve2: entered promiscuous mode [ 685.988700][ T5911] usb 4-1: 0:2 : does not exist [ 686.156490][ T5911] usb 4-1: USB disconnect, device number 79 [ 686.268159][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 686.274803][T18898] input: syz1 as /devices/virtual/input/input42 [ 686.447567][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 686.447599][ T30] audit: type=1326 audit(1770232901.852:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18883 comm="syz.3.3320" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f1039aeb9 code=0x0 [ 688.139823][ T43] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 688.173256][T18952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3331'. [ 688.182543][T18952] openvswitch: netlink: Key type 1542 is out of range max 32 [ 688.303820][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 52, changing to 7 [ 688.333841][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 9272, setting to 1024 [ 688.346979][ T43] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 688.356499][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.374292][ T43] usb 3-1: config 0 descriptor?? [ 688.389921][ T5916] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 688.404293][T18956] binder: 18954:18956 unknown command 0 [ 688.411012][T18956] binder: 18954:18956 ioctl c0306201 2000000001c0 returned -22 [ 688.488238][T18961] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3334'. [ 688.554787][ T5916] usb 5-1: Using ep0 maxpacket: 16 [ 688.577221][ T5916] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 688.599754][ T5916] usb 5-1: config 0 has no interface number 0 [ 688.615357][ T5916] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 688.666856][ T5916] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 688.699698][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 688.707912][ T5916] usb 5-1: Product: syz [ 688.739380][ T5916] usb 5-1: SerialNumber: syz [ 688.747579][T18980] netlink: 'syz.1.3337': attribute type 1 has an invalid length. [ 688.758134][T18980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 688.769026][ T5916] usb 5-1: config 0 descriptor?? [ 688.813873][ T5916] cm109 5-1:0.8: invalid payload size 208, expected 4 [ 688.861280][ T5916] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input43 [ 689.083648][T19000] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3341'. [ 689.272320][ T5911] IPVS: starting estimator thread 0... [ 689.291013][ T10] usb 2-1: new full-speed USB device number 74 using dummy_hcd [ 689.379760][T19008] IPVS: using max 26 ests per chain, 62400 per kthread [ 689.433387][ T43] ath6kl: Failed to submit usb control message: -110 [ 689.453104][ T43] ath6kl: unable to send the bmi data to the device: -110 [ 689.460732][ T43] ath6kl: Unable to send get target info: -110 [ 689.463749][ T10] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 689.555189][ T43] ath6kl: Failed to init ath6kl core: -110 [ 689.562756][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.579254][ T10] usb 2-1: Product: syz [ 689.586460][ T43] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 689.609438][ T10] usb 2-1: Manufacturer: syz [ 689.626711][ T10] usb 2-1: SerialNumber: syz [ 689.656941][ T10] usb 2-1: config 0 descriptor?? [ 689.690917][ T10] gspca_main: sq930x-2.14.0 probing 2770:930c [ 689.941900][T18995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 689.955498][T18995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 689.966883][ T10] gspca_sq930x: reg_r 001f failed -32 [ 689.978787][ T10] sq930x 2-1:0.0: probe with driver sq930x failed with error -32 [ 690.205909][T19031] input: syz1 as /devices/virtual/input/input44 [ 690.883486][ T10] usb 3-1: USB disconnect, device number 77 [ 691.033675][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.040205][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.099391][ C1] cm109 5-1:0.8: cm109_urb_irq_callback: urb status -71 [ 691.106400][ C1] ------------[ cut here ]------------ [ 691.112192][ C1] URB ffff888031ebc900 submitted while active [ 691.118274][ C1] WARNING: drivers/usb/core/urb.c:380 at usb_submit_urb+0x7b/0x18b0, CPU#1: ksoftirqd/1/23 [ 691.128293][ C1] Modules linked in: [ 691.132589][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 691.143389][ C1] Tainted: [L]=SOFTLOCKUP [ 691.147742][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 691.157831][ C1] RIP: 0010:usb_submit_urb+0x7e/0x18b0 [ 691.163340][ C1] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 57 1c 07 fb 49 83 3e 00 74 40 e8 7c cc 9e fa 48 8d 3d a5 84 d6 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 61 cc 9e fa eb 05 e8 5a cc [ 691.182972][ C1] RSP: 0000:ffffc900001d7680 EFLAGS: 00010087 [ 691.189162][ C1] RAX: ffffffff8725aad4 RBX: ffff888031ebc900 RCX: 0000000000040000 [ 691.197161][ C1] RDX: ffffc90002392000 RSI: ffff888031ebc900 RDI: ffffffff8ffc2f80 [ 691.205160][ C1] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004 [ 691.213149][ C1] R10: dffffc0000000000 R11: fffff5200003aed0 R12: 0000000000000820 [ 691.221202][ C1] R13: ffff888078980030 R14: ffff888031ebc908 R15: dffffc0000000000 [ 691.229191][ C1] FS: 0000000000000000(0000) GS:ffff8881257f5000(0000) knlGS:0000000000000000 [ 691.238150][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 691.244797][ C1] CR2: 00007fdb55f3eccc CR3: 000000006080a000 CR4: 00000000003526f0 [ 691.252798][ C1] Call Trace: [ 691.256102][ C1] [ 691.259045][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 691.264911][ C1] ? ___ratelimit+0x58c/0x8d0 [ 691.269636][ C1] cm109_urb_irq_callback+0x6e2/0xcb0 [ 691.275065][ C1] __usb_hcd_giveback_urb+0x376/0x540 [ 691.280489][ C1] dummy_timer+0xbbd/0x45d0 [ 691.285046][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 691.290065][ C1] ? __pfx_pwq_dec_nr_in_flight+0x10/0x10 [ 691.295879][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.300880][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 691.306735][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.311720][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.316704][ C1] __hrtimer_run_queues+0x527/0xc30 [ 691.321942][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 691.327694][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 691.333815][ C1] hrtimer_run_softirq+0x182/0x5a0 [ 691.338963][ C1] handle_softirqs+0x22a/0x7c0 [ 691.343772][ C1] ? run_ksoftirqd+0x36/0x60 [ 691.348376][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 691.353398][ C1] run_ksoftirqd+0x36/0x60 [ 691.357820][ C1] smpboot_thread_fn+0x541/0xa50 [ 691.362763][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 691.367991][ C1] kthread+0x726/0x8b0 [ 691.372075][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 691.377572][ C1] ? __pfx_kthread+0x10/0x10 [ 691.382182][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 691.387404][ C1] ? __pfx_kthread+0x10/0x10 [ 691.392017][ C1] ret_from_fork+0x51b/0xa40 [ 691.396635][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 691.401759][ C1] ? __switch_to+0xc82/0x1410 [ 691.406460][ C1] ? __pfx_kthread+0x10/0x10 [ 691.411084][ C1] ret_from_fork_asm+0x1a/0x30 [ 691.415867][ C1] [ 691.418886][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 691.426167][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 691.436930][ C1] Tainted: [L]=SOFTLOCKUP [ 691.441272][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 691.451356][ C1] Call Trace: [ 691.454693][ C1] [ 691.457628][ C1] vpanic+0x1e0/0x670 [ 691.461655][ C1] panic+0xc5/0xd0 [ 691.465384][ C1] ? __pfx_panic+0x10/0x10 [ 691.469812][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 691.474767][ C1] __warn+0x315/0x4a0 [ 691.478756][ C1] ? usb_submit_urb+0x7b/0x18b0 [ 691.483623][ C1] ? usb_submit_urb+0x7b/0x18b0 [ 691.488495][ C1] __report_bug+0x29a/0x540 [ 691.493021][ C1] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 691.498436][ C1] ? usb_submit_urb+0x7b/0x18b0 [ 691.503290][ C1] ? __pfx___report_bug+0x10/0x10 [ 691.508314][ C1] ? mark_lock+0x180/0x190 [ 691.512760][ C1] ? dev_printk_emit+0xee/0x140 [ 691.517629][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 691.522571][ C1] report_bug_entry+0x19a/0x290 [ 691.527424][ C1] ? usb_submit_urb+0x7e/0x18b0 [ 691.532277][ C1] ? usb_submit_urb+0x83/0x18b0 [ 691.537132][ C1] handle_bug+0xca/0x200 [ 691.541385][ C1] exc_invalid_op+0x1a/0x50 [ 691.545908][ C1] asm_exc_invalid_op+0x1a/0x20 [ 691.550790][ C1] RIP: 0010:usb_submit_urb+0x7e/0x18b0 [ 691.556271][ C1] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 57 1c 07 fb 49 83 3e 00 74 40 e8 7c cc 9e fa 48 8d 3d a5 84 d6 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 61 cc 9e fa eb 05 e8 5a cc [ 691.575879][ C1] RSP: 0000:ffffc900001d7680 EFLAGS: 00010087 [ 691.581955][ C1] RAX: ffffffff8725aad4 RBX: ffff888031ebc900 RCX: 0000000000040000 [ 691.589939][ C1] RDX: ffffc90002392000 RSI: ffff888031ebc900 RDI: ffffffff8ffc2f80 [ 691.597932][ C1] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004 [ 691.605908][ C1] R10: dffffc0000000000 R11: fffff5200003aed0 R12: 0000000000000820 [ 691.613912][ C1] R13: ffff888078980030 R14: ffff888031ebc908 R15: dffffc0000000000 [ 691.621895][ C1] ? usb_submit_urb+0x74/0x18b0 [ 691.626759][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 691.632602][ C1] ? ___ratelimit+0x58c/0x8d0 [ 691.637296][ C1] cm109_urb_irq_callback+0x6e2/0xcb0 [ 691.642692][ C1] __usb_hcd_giveback_urb+0x376/0x540 [ 691.648100][ C1] dummy_timer+0xbbd/0x45d0 [ 691.652657][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 691.657645][ C1] ? __pfx_pwq_dec_nr_in_flight+0x10/0x10 [ 691.663401][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.668372][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 691.674191][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.679136][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 691.684081][ C1] __hrtimer_run_queues+0x527/0xc30 [ 691.689296][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 691.695028][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 691.701146][ C1] hrtimer_run_softirq+0x182/0x5a0 [ 691.706274][ C1] handle_softirqs+0x22a/0x7c0 [ 691.711045][ C1] ? run_ksoftirqd+0x36/0x60 [ 691.715662][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 691.720691][ C1] run_ksoftirqd+0x36/0x60 [ 691.725113][ C1] smpboot_thread_fn+0x541/0xa50 [ 691.730054][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 691.735084][ C1] kthread+0x726/0x8b0 [ 691.739159][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 691.744625][ C1] ? __pfx_kthread+0x10/0x10 [ 691.749234][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 691.754474][ C1] ? __pfx_kthread+0x10/0x10 [ 691.759078][ C1] ret_from_fork+0x51b/0xa40 [ 691.763685][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 691.768809][ C1] ? __switch_to+0xc82/0x1410 [ 691.773506][ C1] ? __pfx_kthread+0x10/0x10 [ 691.778098][ C1] ret_from_fork_asm+0x1a/0x30 [ 691.782892][ C1] [ 691.786532][ C1] Kernel Offset: disabled [ 691.790864][ C1] Rebooting in 86400 seconds..