last executing test programs: 1m55.289394941s ago: executing program 0 (id=1405): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 1m54.71899696s ago: executing program 3 (id=1415): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) 1m54.680021701s ago: executing program 0 (id=1416): r0 = socket(0x200000000000011, 0x4000000000080002, 0x9) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'ip6gre0\x00'}) write(r0, 0x0, 0x0) 1m54.425331789s ago: executing program 3 (id=1421): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x70bd2c, 0x0, {{@in=@private=0xa010101, @in=@initdev={0xac, 0x1e, 0xff, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x400, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) 1m54.27874267s ago: executing program 0 (id=1422): r0 = socket(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r1, &(0x7f0000003f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040040}, 0x6044) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000100)={'veth1_vlan\x00', 0xe0}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x80000, 0x4) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa8100000086dd60b79a5600442900fe8000000000000000000000000000aaff45"], 0x82) 1m53.227102379s ago: executing program 3 (id=1434): syz_init_net_socket$rose(0xb, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_enter(0xffffffffffffffff, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd) 1m53.089987164s ago: executing program 3 (id=1437): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 1m52.898279263s ago: executing program 3 (id=1440): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d40)=@newqdisc={0x88, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xc}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x6, 0x9, 0xc, 0xf, 0x1, 0xa, 0xf, 0x1, 0x10, 0x9, 0x3, 0xb, 0x8, 0x5, 0x0, 0xa], 0x1, [0x4, 0x8, 0x81, 0x5, 0x9, 0x40, 0x4, 0xf, 0x8000, 0x6, 0x3, 0x7, 0x0, 0x5, 0x9, 0x8], [0x2, 0x6df, 0x3, 0xf, 0x8001, 0x5, 0xeaa, 0x8, 0x20, 0x2, 0x1, 0x200, 0x3, 0x4, 0xfff9, 0x80]}}}}]}, 0x88}}, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r3, 0x201, 0x70bd27, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8884}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) 1m52.694358209s ago: executing program 0 (id=1444): socket$kcm(0x10, 0x2, 0x0) listen(0xffffffffffffffff, 0x2) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1e02040102cd42"], 0x7) 1m52.566443002s ago: executing program 3 (id=1445): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x3) getsockname$packet(r0, 0x0, 0x0) 1m52.21242828s ago: executing program 0 (id=1449): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0) 1m52.014377714s ago: executing program 0 (id=1452): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r4, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5) 1m40.250972376s ago: executing program 1 (id=1675): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000680001ed020000000000008000000000000000000c00020001000000060000000800010001"], 0x2c}}, 0x4000) splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0) 1m40.250758512s ago: executing program 1 (id=1676): r0 = socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'hsr0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0xf3f, 0xa) sendto$packet(r0, &(0x7f0000000680)="3f031c00030014000600160089e9aaa911d7c2290f0086dd1327c9167c643c4a1b6800000cc9", 0x26, 0x24000094, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 1m40.201187056s ago: executing program 1 (id=1677): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x43, 0x107, 0x70bd27, 0x25dfdbfc, {0x3, 0x7c}, [@nested={0x4, 0x145}, @nested={0x4, 0x1}]}, 0x1c}}, 0xc000) 1m40.147323696s ago: executing program 1 (id=1678): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="1cfac2cf", 0x4}], 0x1}}], 0x1, 0x40000) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 1m40.079576799s ago: executing program 1 (id=1679): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000003680)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}, {&(0x7f00000022c0)="1b402e8e9475e89669f1b5cf1b76d9fe36b9ee4f93d387a5aa27bfa6e4e55bb5e1daf537593a9487d6c62af0b7bf20c68cbce2ffb2ce2fa0e03bf4e871b61e1030d3e29af75e2d89ddbda0331419610204b22a06ec71b3a0ceea477e7291e833c8", 0x61}, {&(0x7f0000002340)="6d18cb95a82641bca9ff128e29596f919dd4c9d27c5e0d297d3c0928bc6c331e2ae9b847b0dbdb597c1208a2adc2d5cd46078cf4f7066d8bc4104858cf3928f466a909f5b23a5eef30c9e138bf4a9db3a4c31847077eabf084bc5ead91ba5f55e62fb20a76b6a2feabe3b92c0ff87e4d1f4fd6144806c3c988e97c7827", 0x7d}, {&(0x7f00000024c0)="c90def966c9dff6c661b71cd3776031654f7d5707116430c4ada81fbd0377788dec99979606e4b92b6632eaafc958f92ac9192dcd78127ae9ea25582b3014e509f60c032b71e1789994a313bf57ed5b65b3391a7d2d2c3328e7827fc17b47e17fffb16ccf403781118059fda3b790d037f3e576647376478120e8b88341864ca4b6f979200bbf43cbd3491f3d361081ae8b4fc03592231eaf7dd46f6c4ef079cf7bfadfeac495e9b9ed7e174630a0959694eb944bfb5d9cba0e5dbeea74c6322698eda27adfd76e1911b3aa02f45f5a9e3b96f2a688e260466877dc75c87023c936e42df4574aa5658c6b0ad3834f835b5ebde9ccd4653bb58d914bdc875b1f9af90621dce8437eb6658a3221127e3eb42c126dc1f98f371d26dd2db304a1ba60b1555674337a03f137b97449869d1066dcbeb8a7c64f16a30f6dc9cdc204ed74787630f75eef6b1e8e96d54679cfc8d2560f525c61431f6e77fe65c5161bb1f884c70a42f0c25398bcc1c5c1af8f12df242eaa5ef35b94036c566bb1a6907a27968d5c157fd067feeeb0cc2412268f79ed21542bac062d82118e972cec99961547d3bd2c98313e8a918a3d3b3a6efba6b27608d3aa131cf51bde8124746a501b797d8970260e8ede401e8e0a0d1534f941d2ea811f47ce9737a4e03f131c262c2af4f1751aa4ad0037816a720cb189f115d40bf3d529e289362ef6c1a6c53221e6e338e77a9a0d0ce617cc27f9e43f8003c855a243c0ffcfcaeb0735b391b49944bb6d9177d87233bb3a59126cefec069235c5de6ef2725fc712928fff8bfb8351fd662401e639c4de922eb945a6d6e271d9bab1539b87e9b6562955e21f1c59a15f661c3c6809812594c1ed255770f165dbde2bb73196f140dc8ec949180cff78cbb4a143ac76fa3646f6350aafcb3340b44ac427eaca521446dbfc38f7307585e05cd60d14afb235353def1a480f494e5240ea58db6a161d115bb8731bdefb682f35591b3b24ad5f097238b5549253f0ffd20ce66d8fafb70891cf8049c9ebf2bb02e640531391d046e2265f94baa17beb2a839839442ad496fda962868105fbe5bed099ced3c0074d6527723c5bd71d7b3f344517540b5aa4f240ee2c0ad86da6332579a1da118364ee0b850e2ff0304761f673e81eeabb97a0118280a912eac02a1d2914580ebac1f615cf72d75a314bca4a994dabb7662a7eb6046531dfe893b6a2f4d241ed63e8773bc420d3387c1f115f9b6385205e4347d69eefc82246cc501195bb22debab5260566697ee9be21637af05a5f7657f014b849f82433a971bba9b3930948e8f99d45cc01d99674d84cce191c8317a09afa440acc30841058a541bcac7426e7d2e2fb3785fb031a027e38a4af3e80f3cacb28d92f8c38d15d0551dd4e6c7e60832cb3f61fc3b71d46d6aefc6de535107773cecfe5a9f2753917c2c4c6c3e5b511c228086e3d437c04c968e3a6c3efae8871e981c257c54496eb5532c3e59429e8af0f6613254cab4827426d484911c67393f127ab3a4af521bc8c9b20e8567c1609bcd30c81bee6f6c40f470b9d8e2da1839cdaf1a4ce3d7a3334e4964a81df2242789a33e545983e45fa63f4a20cc87b1e3add88ba17e3d9a099381da7406ab755a4b67ae66a681c9abf04080ae9e14d35258151ecd0d7144575612a2f3e1886a95a6f10da960d64331f353b7cbf9f124f8f64d86b7ae5eaf48926229da8ac72782fab7bcda65ffe745c7343adb50366ac2c13448563cedeb3c1d51b9974d7f9ffd5c89462dcfd2c213d4ca7a080c54c8f65bb268549a76a2ce3c39c201a6a4e568e16cf3ef854c613609e2edcd0f700ca3543d7599562b15dd494185412f910c1274e242648b52693c1c2c273acacbba83f59200f1807be3e67a580da1958a8a9e395e25cb6361fb554b5df4bbced79bf6c3364127d94a5c75dde1adb94db82d8f5d936c8b2497cae784c38a1a526d16330a4a50c52ebdb53cfac4e163571b67693490d88fa5f55d01471570862d80ad8d8256f8dd12a9239c3c35c16c5abe76304a868ac2e2c916edeb30ce18558874cbdbfa0f0c339b41727f17718e098165e13a03810d79a074a9ffcbb52fbebe459070f63ae1462b0001a07a612686a296c0295922e33853249a41c3491f174fcb249cdecd81c4ea8c5d4c055e0997a52925b6784cd0a21e42", 0x613}], 0x4}, 0x240488c1) 1m40.07928597s ago: executing program 1 (id=1680): socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket(0x10, 0x803, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DONE(r0, 0x0, 0xc9, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="6321a1780e3fe8d9098f1f28f3c1f1895857b6b4afebba414b5998fa7c73702eb715d85b6a7709a53bf91325a9fbf7387371592c3533a8a34a28e9364405bb05cdeedb9ddfbe45a6933c33e5019991d691e8e8817a584f5392630d34c12a00aac5c546266df9fbb755447a0ff32acb32fc4b9c54b7fa15f82a9848478df5354f7158ece711c634aead9f427b8a3e580b3b", 0x91}], 0x1}}], 0x1, 0x20000001) recvmmsg(r1, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/248, 0xf8}], 0x1}, 0x8}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/109, 0x6d}], 0x1}, 0x8}], 0x2, 0x100, 0x0) 1m36.078363302s ago: executing program 32 (id=1445): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x3) getsockname$packet(r0, 0x0, 0x0) 1m35.56860587s ago: executing program 33 (id=1452): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r4, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5) 1m26.064843082s ago: executing program 4 (id=1707): socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x541b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x9, 0xfffffffffffffffc, 0x0, 0x5, 0xfffffffffffffff7}, {0x0, 0xc, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3}, {{@in6=@empty, 0x2, 0x6c}, 0x2, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) socket(0x15, 0x5, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000000)='GPL\x00'}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) 1m25.009476359s ago: executing program 4 (id=1708): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r2, 0x0, &(0x7f0000579000/0x2000)=nil, 0x2000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1}) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001440), 0x49001, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000480)={0x48, 0x8, r3, 0x0, 0x201, 0xe00, &(0x7f0000001480)="31bb4ec77ee0edf5a052e63ec7f79b3ab56d2c206e9c183499df90598e942f13cd9a2903a9d51fe4a07ebe6214d279e733874d16615bcb34cda1a44be72996af769eeebe39142eaf6b3744be4a86853813ae876b741b65c339f76441f04e8c34c428b5c9a6412dfc94af7cc2cb364274c9eb1595a1912dc107b889df1668051e6a27c07cb5f42f2d097acd8b95bf1d07139994056653c3cb83a1f756c5bd79374d81d10fffdd89cf613babd136c2ec27754fde021ecd84f4255881f3272a0f52f3b3ae232b0843e705daf97bd7c625a4f1c7ef9987515c7d33a8790047bb5daab6059e97253c1124b1e097f32cf3be7a04437da98bd749b391d21d374abe25c715604d562a4e163dc3bbc4568d558a04f361846bddc80c988302497546f62c0b1b7fe335af05668f50fc66fc2345f2fb4a13b72e762bcfe8977af9aab95e6d516a98bb0247b4cca89b2896867f81dae584118313c62fce1942952ebc75ff14e583bf1ace2101855cac909c53b2a5e129e6b6b780ecfa98d653aa0105fbd9d5c76906550af7f3f5b8cd612dc3d0823dd1ebf33ada49a82932365b869a0da45db213981589ad56b7b2f897469b1e73b1bd396f413074ad19a18dd095a2d3db75acdae5f5d8d486bff89c59277b0bfb89355d65ed97aadc56e6f81fe6abae5ab6b79e04e26bd7bdae87a68f8f6c9a034bfb7df2adf4dd81c29b57c3f5053a4d05728f148d8770ee7691f96a7c31038fc5285293e3c34c9eeb26e81bb8c95c2b4ae0ca4ccb662e3acfaf651d4798f94439e03d8d1b54fc3faedc43905163d508bd265c41da50aa16b0203a3e34f502124e6c1e8737947ebc95b6f880f6f47bd2660ba0d3d902f3b4256f6b28d4f6b41039c952afe0886b3a351e3c3ce92be7e2b8aec310ba61560bde3954120d15d775c0094eb61cb665c327c25a72ad14ec6731b36fdab273ef785794697a1ad02193dd70619a0389a51219f0a95cd836e9aba775e6ef38e872a1aaad500a9360f1164f3e98ef7a96690248c7b125383de41019f35d1de2a38bd90a5f60c6aa7b6bcc62c951330a49bf9b8932289de5542a143b987c4f01acd2665123d603942cc727757ac16e17ac55f4e39cea7b5da45b13e2b8dc00b60ecb9086f000e197908f81cf3ca8bae652b78bb80357df1e8f5357eff0e5db2541910e645fbcda847e569483c169daea6628f3c942f357757fb327da64cd6cde61e295fa5872bcd6834a06d65a6c253fb7cb004ca971b59e1aece01c544835e48f8ed2c9861aa2390d70dadd02c27b3e308d26f476b34dbdc67444c62ba10ab9646b326bc3ebf0f92c96c64cb6c5f3ed78a3be919a2a983790cf3578602f7b69258b2a6fc58046b08bdbcad58e2c9d7025e20a78fe58520f8e3aafdeb944edfa728a5fba1629dee808bf22e205e797f82c4bb50c40bbe660b899f39944520a58287620c87e766166bcb89f764d81c96f3804c7dbd17408bd7f765aec08dff46ba568073cd45060b646eb3215ec7ff511f769a0e5483f1dca9860ea21767f0fe68c45eb46396e418b25bd1065135e92e74cb8929f526ce293d002c354a9bb22b2dfbfcb5b0612d5f7625a559e85c3ac6f89790f78502df7b02f2affcdbbe2732a8632ae95e7a1a7388b6df19aafb2c6b94e985f26c159e2648ae1ce3cae0d176b060e152d003a439dcbe8463d462eb5e843bfd9c2b1e5b2d89e372100e96443e2e574fefcd2ed899ef6e12cc92dfdc3ff8eeba109fecb0f0f04d55fc148ab026a71976d9479999ee6fec731c144cc106668e703fab82d7061a36035b2221488d6f3d56ff1d552df990ae8a4a34a76bad5b7824bfd38df1065ef61cab967f7dea1a622b06f51b76441a6f218049959e988cc7f7e577a6c40db4dafed7bdc9ea52d4edb79b9d9a55d006d243af481d745ba62f7114d0f8aa14cd4e45899983cfc783c77cdce37cfbbe33fa369147880bfb7dea7e741d6c781eda3b84f383b6f3e0a14e58cf1302d2daebffbba86bebbc30abb16b47ed28f5b8d8a43f9aa9e0692e448a1ef4e16a73507a61cef339c6be89ce95ca399a3139b27bfbd0c93ff276e13345a93ee6a152e03f4dc107f3a862b68f6e6b4267f51903a81cc1b585b211a65307bd5573f13c955c1e179729fb361197bccbd5e4700f49f93a72948634e3b7882724b973b14dc168bed2538f81acd2ddc2bc9265a3729c50f92a1750d058102899cbca79b46cc11aea6363e740ef16587b7c45e685b7a8b7b8c3a7fe83d8e2d81ec86fd7e55d46688fc9002f2abf917062e5d10bf593a4ed80fa891057c8e360efe5cbec03c562cb9d947353cbda57383bf90c471f05e04745ba51b61ab347d04539f43408c3b5a998f71f36dec641fe6e4bb91367ec7d8d6cd3cb730803573b4cad5304ef7c60faa1c3105cea24f4fa65cedec131a814a9ba90d0830eedf9ddb4142bbf83a0609697199eebf1dc85bb5b8a9acc4617788589361d32caa0fa4776f37e11e3081bb3a4f88fdcc86a74d14c66276fe779f36475c902c395901f979a18d1740ac8bd56dcf56365fce544a8e0f7385dbd9e0c45dc93454ede05e8c069fddafd933d661e60f7c05b9efeaf601866eaa31393cad3e77d43401749ddd0690b68f6e785f4fea3dd4e68152ae269a16661f9b64549b974a415d1adc6f63a600d4af9e59473ed15c24bdef127428bf81f86fd4d7e0c0cf2ec29cf90351572e73a557a781322d729e29caddf5b8e49e3e5e27d111cc77c652a9da5d5ecf11ed6ea37b8e4e65ea499f9d084a89054761f46c778d60ef66a235414904a92a566aa9781177dc79aa727ee91aae76fc6f42f68e712db2052fd890ced01237bef531699f640fccef7c76c00d43c0d641be019298f2d18b02e230f1fa97be1ea1a3e9c7b7354d4753a7c5a16cc11efbb8b1ed27fedd9a09dcd4a16e496edb18495473bbc65d00696d572e0168d726d4551b72d6ddaebefa8ffe8eb8ea74e7628d18aac4eefe906217f2f714853834bdcb9098e5aea133787bdf89bd823977e085f00ce42841c2aae50c2d25003fc29cdef9ff63a86ff56a6bf5e4079b99cbe177fcdf83df61cb4f625c4c09adabda8730d343b47123ac7ce8bb2a02a11b76d60cbf12fb4e1d810b5fa4866fe3af57eb95de0f4a2c64b8e47b1ec490d4dac6f0fd8807f1b8de68ec6464c14850a2f5392726a657cb752a9ce1862eaa09edb99eb3361339e47256061296e353fe88c5f0f48adcfd1448ff5147ab72bf079aee5cd5db9a99a7c6dce61026e71bee7eac0c53d59e8b3df92b859dbb7de42c83b06f5351bc185f8f2bdee7576e6997d3c33e1292356803417518eabdc1c4ab9ce48d8225a7a6b6ff345ece2169e1d44ddc265d31d65a1fe424cde95c06ba38db2eaa1b3885c24d4ae406890859a00b6b897a143dd9a9be11701ad56d8c8fea930175980ccc1ca92bba2ead93e07f6e0edaa83217aa6db93c9c0d69bf7e8c95134eda2a9e4c9921f02ffe88adcbeaa9d30d8800187f056c5fb4748ab727c1f985d03e7fa6e32eb82cfd8bc74f3bdee3f9cbbeff224d7be84dc4ec3b18bc09ff618db548ac339284e54aa5479056a25060943ad1e0a8b163af504cbff63421b22559d6bc6c512ea6efa65d205998e16382283dc1bf253937b01166eb5787db87660c0cfcb978d3cc87fed5b0f426275d3efa8ce8fdc43b02793da2db569a65f809007543426ac636d354add7dfef2a630facb07dfe9b68b4fabf0aa08d22fb79c71f2876fdc3fe262f0e69e0bf3bf5809fe8069257e8de47f22cec88632ae148e15647946be3f03acd8481528e84c805b75c1dccd43830a662582d24ff9a826a427b94a3b0f11d96601e5925ecc91946b0984b078503e0a13c88a5d795fa7ac30ce93b477b238cd4092ff7ef9a6ac04f9f8753ef352af50755168119a56437f840e9612cdc17a4f93d3f2fbfd1d61bd40a14730d11238d0bab527f2526597f093070d0a7653660f3c011564691f3ff69e20ec73b0cb9df84b60d11760263735f799465cef870607ac1246f7c38fcdf9f301417ddadc2fc37a8ae59805038beaa98edbdf9f5001f3f7f0e36259b584a9ff6c5526c818c1798432f91e09fc1803d40feec71725122dc7cc7badc5eb67bed50382da58d53632718258c51e1886745d74624ee8ce43ad416908b97f1ccb8e020afedaada0438432a060e8bc6477cfa0d5ba13ca21ea93fbfe977e0e3ab0360aff422bae21c21c61bc3dc895f4ef8c0ad03860aada0eab0e087efa87e34e9269c2d4a3fbdad61fc214dd463c091b28e8265e3c38e53373b577a643e1a2d6e2e477fa1057ede21fb0d29a292780a06f4afde814002b6400e260b1a8fabed0fe20de12fdd4ddcd9863a2f065b6c04d1feb11b1f7c5fda211b17a5a4f2ffa66e15c3c95281ef91a952ae8e6bad9b57fea63f476ddf5cbe4694b662524de66eb49346f5f02b0379ed8f2d41b250d0f340f7cc28b96330778632cf2bb69b9926c055ed352413cfb14bafc57a8bf6dfd7f4fdc9a7d2939e9754d86b5b905387b5dd141cb7354f529c90eb52152bf34cec8cc380aed1e924a124a06d6a68d6df7de9bf699aa170af0f47203d83e89e0ff215e420eaeaa3593a23b41e04a1237b8c3b8123d7e5ce60f4355594d1c2bd2cff8677aa6532019cdb79363452f337bcedb5b12905cf253e22f7e82d7411c55d74525bf761c5529dcae6a7ffeecbdf1b1de19cee2aa18e2a3efebb32b3e023bea2dca94ccd30ce65a0cb0eb030365b71ed1d7762e9136066c006fd32bb9ee2312f6540ebde9d5d96639eba753b9a16ff1a7c25ffbe519e4f2c65abcb1655125f3cb44687455ed339cbb4fa480dc5685ee26a425b3f8732f796467fa230a677c008a3f852ccd45427e68ef972c1b134a43958453687516b805b904ad98b9a0f62bddb786c67572b14a40912776aae6e22ddcd5df40756e264497596de3436089860ba2abd550c14c1d1ecc3e7f86046546ae0661c4e9078f7bc613cdaab5583ace3d212c748c671b39bc94ce61f68b48ae5dfa62698100c06d51fa33d43dde913827fefb558", 0x4}) 1m24.916973826s ago: executing program 4 (id=1709): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000000)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82) socket$unix(0x1, 0x1, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0xeeef0000}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/97, 0x0}) 1m23.821678999s ago: executing program 4 (id=1710): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ab) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x181000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000000c40)={{0x80, 0x4}, 'port0\x00', 0x0, 0x100c40, 0x5, 0x0, 0x4, 0x40, 0xfffffc01, 0x0, 0x1, 0x25}) close(r1) r4 = landlock_create_ruleset(&(0x7f0000000140)={0x6000}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x101) mkdirat(r5, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) setsockopt$netrom_NETROM_T2(r5, 0x103, 0x2, &(0x7f0000000040)=0x7, 0x4) r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r6, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r6, &(0x7f00000002c0)='./file0\x00', 0x2) 1m22.428265485s ago: executing program 4 (id=1711): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) 1m22.230651035s ago: executing program 4 (id=1712): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[], 0xffdd) 1m6.09767938s ago: executing program 34 (id=1712): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[], 0xffdd) 19.446547173s ago: executing program 2 (id=1787): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 19.380541781s ago: executing program 2 (id=1788): socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x541b, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x9, 0xfffffffffffffffc, 0x0, 0x5, 0xfffffffffffffff7}, {0x0, 0xc, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3}, {{@in6=@empty, 0x2, 0x6c}, 0x2, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) r4 = socket(0x40000000015, 0x5, 0x0) bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) r5 = socket(0x15, 0x5, 0x0) getsockopt(r5, 0x200000000114, 0x2713, 0x0, &(0x7f0000000040)) 18.354217041s ago: executing program 2 (id=1789): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000000)=0x1, 0x4) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x2f}, @local, {[], {{0x2, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 18.250087882s ago: executing program 2 (id=1790): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$getenv(0x4201, 0x0, 0x7f, &(0x7f0000000040)) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_pts(0xffffffffffffffff, 0x83) ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f00000000c0)) mknodat$null(0xffffffffffffffff, 0x0, 0x80, 0x103) close(0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) syz_emit_ethernet(0x82, &(0x7f0000000280)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x2, 0x0, @broadcast=0x1000000, {0x16, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x11, 0x6, @empty, @dev={0xac, 0x14, 0x14, 0x15}, {[@cipso={0x86, 0x6, 0xfffffffffffffffe}, @timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@rand_addr=0x64010101}, {@loopback}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x40000}, {@local, 0x800}, {@multicast2}, {@dev, 0x4}, {@private=0xa010102, 0x1}]}]}}}}}}}, 0x0) 17.228254821s ago: executing program 2 (id=1791): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$getenv(0x4201, 0x0, 0x7f, &(0x7f0000000040)) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f00000000c0)) openat$sysfs(0xffffffffffffff9c, 0x0, 0x82802, 0xf) mknodat$null(0xffffffffffffffff, 0x0, 0x80, 0x103) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r4) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) syz_emit_ethernet(0x82, &(0x7f0000000280)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x2, 0x0, @broadcast=0x1000000, {0x16, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x11, 0x6, @empty, @dev={0xac, 0x14, 0x14, 0x15}, {[@cipso={0x86, 0x6, 0xfffffffffffffffe}, @timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@rand_addr=0x64010101}, {@loopback}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x40000}, {@local, 0x800}, {@multicast2}, {@dev, 0x4}, {@private=0xa010102, 0x1}]}]}}}}}}}, 0x0) 16.201756906s ago: executing program 2 (id=1792): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x8000) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x0) 0s ago: executing program 35 (id=1792): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x8000) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x0) kernel console output (not intermixed with test programs): toloading is deprecated and will be removed. [ 390.172842][ T8715] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 390.172870][ T8715] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 390.214318][ T8715] vhci_hcd vhci_hcd.0: Device attached [ 390.302196][ T5890] usbhid 2-1:0.0: can't add hid device: -71 [ 390.302326][ T5890] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 390.328685][ T5890] usb 2-1: USB disconnect, device number 16 [ 390.477368][ T5978] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 390.496536][ T8717] vhci_hcd: connection reset by peer [ 390.517139][ T43] vhci_hcd: stop threads [ 390.525510][ T43] vhci_hcd: release socket [ 390.530562][ T43] vhci_hcd: disconnect device [ 390.712594][ T5805] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 390.799138][ T8729] netlink: 60 bytes leftover after parsing attributes in process `syz.2.822'. [ 390.800146][ T8729] netlink: 60 bytes leftover after parsing attributes in process `syz.2.822'. [ 391.110435][ T5805] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.110470][ T5805] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 391.110507][ T5805] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 391.110529][ T5805] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.995100][ T5805] usb 5-1: config 0 descriptor?? [ 392.016853][ T37] audit: type=1326 audit(1764260166.352:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8728 comm="syz.2.822" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71afc2f749 code=0x0 [ 392.264866][ T8723] netlink: 'syz.4.818': attribute type 10 has an invalid length. [ 392.264889][ T8723] netlink: 40 bytes leftover after parsing attributes in process `syz.4.818'. [ 392.269036][ T8723] veth0_vlan: entered allmulticast mode [ 392.304337][ T8723] bridge0: port 3(veth0_vlan) entered blocking state [ 392.305418][ T8723] bridge0: port 3(veth0_vlan) entered disabled state [ 392.404182][ T8723] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 392.476473][ T5805] usbhid 5-1:0.0: can't add hid device: -71 [ 392.476601][ T5805] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 392.502480][ T5805] usb 5-1: USB disconnect, device number 19 [ 392.851016][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.470073][ T5978] vhci_hcd: vhci_device speed not set [ 402.279366][ T8793] netlink: 24 bytes leftover after parsing attributes in process `syz.3.841'. [ 402.291082][ T8796] netlink: 72 bytes leftover after parsing attributes in process `syz.4.840'. [ 405.596484][ T8822] trusted_key: encrypted_key: keyword 'upw' not recognized [ 405.977799][ T8824] FAULT_INJECTION: forcing a failure. [ 405.977799][ T8824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 405.977832][ T8824] CPU: 0 UID: 0 PID: 8824 Comm: syz.3.850 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 405.977856][ T8824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 405.977866][ T8824] Call Trace: [ 405.977872][ T8824] [ 405.977881][ T8824] dump_stack_lvl+0x189/0x250 [ 405.977911][ T8824] ? __pfx____ratelimit+0x10/0x10 [ 405.977936][ T8824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 405.977959][ T8824] ? __pfx__printk+0x10/0x10 [ 405.977980][ T8824] ? __might_fault+0xb0/0x130 [ 405.978014][ T8824] should_fail_ex+0x46c/0x600 [ 405.978042][ T8824] _copy_from_user+0x2d/0xb0 [ 405.978063][ T8824] memdup_user+0x5e/0xd0 [ 405.978083][ T8824] strndup_user+0x68/0xd0 [ 405.978102][ T8824] __se_sys_mount+0x9d/0x410 [ 405.978133][ T8824] ? __pfx___se_sys_mount+0x10/0x10 [ 405.978155][ T8824] ? rcu_is_watching+0x15/0xb0 [ 405.978176][ T8824] ? __x64_sys_mount+0x20/0xc0 [ 405.978201][ T8824] do_syscall_64+0xfa/0xfa0 [ 405.978224][ T8824] ? lockdep_hardirqs_on+0x9c/0x150 [ 405.978246][ T8824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.978264][ T8824] ? clear_bhb_loop+0x60/0xb0 [ 405.978285][ T8824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.978302][ T8824] RIP: 0033:0x7f7b4f3ff749 [ 405.978318][ T8824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.978334][ T8824] RSP: 002b:00007f7b4d666038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 405.978353][ T8824] RAX: ffffffffffffffda RBX: 00007f7b4f655fa0 RCX: 00007f7b4f3ff749 [ 405.978366][ T8824] RDX: 00002000000004c0 RSI: 0000200000000040 RDI: 00002000000000c0 [ 405.978379][ T8824] RBP: 00007f7b4d666090 R08: 0000000000000000 R09: 0000000000000000 [ 405.978390][ T8824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.978401][ T8824] R13: 00007f7b4f656038 R14: 00007f7b4f655fa0 R15: 00007ffdd0da49e8 [ 405.978440][ T8824] [ 406.278455][ T8832] usb usb8: check_ctrlrecip: process 8832 (syz.2.853) requesting ep 01 but needs 81 [ 406.278487][ T8832] usb usb8: usbfs: process 8832 (syz.2.853) did not claim interface 0 before use [ 406.288762][ T8832] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 406.363545][ T5958] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 406.509849][ T5958] usb 5-1: device descriptor read/64, error -71 [ 407.058434][ T5958] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 407.304749][ T5958] usb 5-1: device descriptor read/64, error -71 [ 407.497301][ T5978] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 408.079615][ T5958] usb usb5-port1: attempt power cycle [ 408.194065][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 408.194086][ T5978] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 408.194099][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 408.245256][ T5978] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 408.245286][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.245305][ T5978] usb 4-1: Product: syz [ 408.245318][ T5978] usb 4-1: Manufacturer: syz [ 408.245332][ T5978] usb 4-1: SerialNumber: syz [ 408.278680][ T5978] usb 4-1: config 0 descriptor?? [ 408.284708][ T5978] kvaser_usb 4-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 408.458962][ T5958] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 408.481751][ T5958] usb 5-1: device descriptor read/8, error -71 [ 408.586104][ T8834] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 409.038560][ T5958] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 409.141421][ T5958] usb 5-1: device descriptor read/8, error -71 [ 409.286734][ T5958] usb usb5-port1: unable to enumerate USB device [ 409.332621][ T5978] usb 4-1: USB disconnect, device number 22 [ 409.940166][ T8875] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 409.940810][ T8875] VFS: Can't find a romfs filesystem on dev nullb0. [ 409.940810][ T8875] [ 411.020876][ T8878] usb usb8: check_ctrlrecip: process 8878 (syz.4.865) requesting ep 01 but needs 81 [ 411.020954][ T8878] usb usb8: usbfs: process 8878 (syz.4.865) did not claim interface 0 before use [ 411.033292][ T8878] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 412.050647][ T8895] syz.1.872 uses obsolete (PF_INET,SOCK_PACKET) [ 415.080547][ T5978] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 415.775750][ T8920] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 415.776617][ T8920] VFS: Can't find a romfs filesystem on dev nullb0. [ 415.776617][ T8920] [ 416.052963][ T8920] usb usb8: check_ctrlrecip: process 8920 (syz.4.881) requesting ep 01 but needs 81 [ 416.052982][ T8920] usb usb8: usbfs: process 8920 (syz.4.881) did not claim interface 0 before use [ 416.053140][ T8920] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 416.147551][ T5978] usb 2-1: Using ep0 maxpacket: 8 [ 416.151924][ T5978] usb 2-1: config 2 has an invalid interface number: 133 but max is 0 [ 416.151949][ T5978] usb 2-1: config 2 has no interface number 0 [ 416.151982][ T5978] usb 2-1: config 2 interface 133 has no altsetting 0 [ 416.155201][ T5978] usb 2-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=a5.a0 [ 416.155228][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.155247][ T5978] usb 2-1: Product: syz [ 416.155260][ T5978] usb 2-1: Manufacturer: syz [ 416.155273][ T5978] usb 2-1: SerialNumber: syz [ 417.693442][ T5978] usb 2-1: USB disconnect, device number 17 [ 418.536910][ T8951] netlink: 'syz.1.892': attribute type 10 has an invalid length. [ 418.631631][ T8951] team0: Port device dummy0 added [ 422.537293][ T8977] FAULT_INJECTION: forcing a failure. [ 422.537293][ T8977] name failslab, interval 1, probability 0, space 0, times 0 [ 422.537326][ T8977] CPU: 0 UID: 0 PID: 8977 Comm: syz.3.901 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 422.537351][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 422.537362][ T8977] Call Trace: [ 422.537369][ T8977] [ 422.537377][ T8977] dump_stack_lvl+0x189/0x250 [ 422.537411][ T8977] ? __pfx____ratelimit+0x10/0x10 [ 422.537436][ T8977] ? __pfx_dump_stack_lvl+0x10/0x10 [ 422.537459][ T8977] ? __pfx__printk+0x10/0x10 [ 422.537487][ T8977] ? __pfx___might_resched+0x10/0x10 [ 422.537507][ T8977] ? fs_reclaim_acquire+0x7d/0x100 [ 422.537535][ T8977] should_fail_ex+0x46c/0x600 [ 422.537563][ T8977] ? getname_flags+0xb8/0x540 [ 422.537587][ T8977] should_failslab+0xa8/0x100 [ 422.537612][ T8977] ? getname_flags+0xb8/0x540 [ 422.537631][ T8977] kmem_cache_alloc_noprof+0x6f/0x6b0 [ 422.537654][ T8977] ? strncpy_from_user+0x150/0x290 [ 422.537680][ T8977] getname_flags+0xb8/0x540 [ 422.537708][ T8977] __x64_sys_rename+0x6a/0x90 [ 422.537731][ T8977] do_syscall_64+0xfa/0xfa0 [ 422.537754][ T8977] ? lockdep_hardirqs_on+0x9c/0x150 [ 422.537777][ T8977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.537795][ T8977] ? clear_bhb_loop+0x60/0xb0 [ 422.537817][ T8977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.537831][ T8977] RIP: 0033:0x7f7b4f3ff749 [ 422.537846][ T8977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.537860][ T8977] RSP: 002b:00007f7b4d666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 422.537877][ T8977] RAX: ffffffffffffffda RBX: 00007f7b4f655fa0 RCX: 00007f7b4f3ff749 [ 422.537890][ T8977] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000200000000000 [ 422.537901][ T8977] RBP: 00007f7b4d666090 R08: 0000000000000000 R09: 0000000000000000 [ 422.537912][ T8977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.537923][ T8977] R13: 00007f7b4f656038 R14: 00007f7b4f655fa0 R15: 00007ffdd0da49e8 [ 422.537954][ T8977] [ 422.946110][ T8986] netlink: 8 bytes leftover after parsing attributes in process `syz.2.904'. [ 424.329965][ T8998] trusted_key: encrypted_key: keyword 'upw' not recognized [ 425.151855][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.759269][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.792702][ T9010] netlink: 40 bytes leftover after parsing attributes in process `syz.4.912'. [ 425.792727][ T9010] netlink: 40 bytes leftover after parsing attributes in process `syz.4.912'. [ 425.987063][ T9014] netlink: 40 bytes leftover after parsing attributes in process `syz.0.913'. [ 425.987081][ T9014] netlink: 40 bytes leftover after parsing attributes in process `syz.0.913'. [ 426.499199][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.729775][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.502858][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.497638][ T9047] 9pnet: Unknown protocol version 9 [ 430.375566][ C1] vkms_vblank_simulate: vblank timer overrun [ 430.721086][ T9070] netlink: 'syz.3.929': attribute type 72 has an invalid length. [ 430.721108][ T9070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.929'. [ 431.144555][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.412692][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.846695][ T9081] netlink: 40 bytes leftover after parsing attributes in process `syz.1.933'. [ 431.846720][ T9081] netlink: 40 bytes leftover after parsing attributes in process `syz.1.933'. [ 432.542664][ T9083] netlink: 80 bytes leftover after parsing attributes in process `syz.0.931'. [ 432.812156][ T5958] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 432.983867][ T5958] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 432.983894][ T5958] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.983911][ T5958] usb 3-1: config 0 has no interface number 0 [ 432.986685][ T5958] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 432.986714][ T5958] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.986734][ T5958] usb 3-1: Product: syz [ 432.986748][ T5958] usb 3-1: Manufacturer: syz [ 432.986761][ T5958] usb 3-1: SerialNumber: syz [ 433.656075][ T5958] usb 3-1: config 0 descriptor?? [ 433.699901][ T5958] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22 [ 433.886733][ T5958] usb 3-1: USB disconnect, device number 19 [ 435.315391][ T9117] tmpfs: Bad value for 'mpol' [ 436.159366][ T9130] netlink: 40 bytes leftover after parsing attributes in process `syz.0.947'. [ 436.159383][ T9130] netlink: 40 bytes leftover after parsing attributes in process `syz.0.947'. [ 436.295867][ T9138] netlink: 'syz.1.949': attribute type 1 has an invalid length. [ 436.496385][ T9138] 8021q: adding VLAN 0 to HW filter on device bond1 [ 438.552222][ T9166] netlink: 24 bytes leftover after parsing attributes in process `syz.3.956'. [ 438.603684][ T9174] FAULT_INJECTION: forcing a failure. [ 438.603684][ T9174] name failslab, interval 1, probability 0, space 0, times 0 [ 438.603745][ T9174] CPU: 1 UID: 0 PID: 9174 Comm: syz.1.958 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 438.603775][ T9174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 438.603789][ T9174] Call Trace: [ 438.603803][ T9174] [ 438.603810][ T9174] dump_stack_lvl+0x189/0x250 [ 438.603840][ T9174] ? irqentry_exit+0x74/0x90 [ 438.603867][ T9174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 438.603908][ T9174] should_fail_ex+0x46c/0x600 [ 438.603936][ T9174] ? alloc_empty_file+0x55/0x1d0 [ 438.603951][ T9174] should_failslab+0xa8/0x100 [ 438.603976][ T9174] ? alloc_empty_file+0x55/0x1d0 [ 438.603991][ T9174] kmem_cache_alloc_noprof+0x6f/0x6b0 [ 438.604018][ T9174] alloc_empty_file+0x55/0x1d0 [ 438.604036][ T9174] path_openat+0x10d/0x3840 [ 438.604063][ T9174] ? try_to_take_rt_mutex+0x840/0xb00 [ 438.604095][ T9174] ? rtlock_slowlock_locked+0xd8/0x4010 [ 438.604130][ T9174] ? __pfx_path_openat+0x10/0x10 [ 438.604149][ T9174] ? do_raw_spin_lock+0x121/0x290 [ 438.604178][ T9174] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 438.604201][ T9174] ? lockdep_hardirqs_on+0x9c/0x150 [ 438.604223][ T9174] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 438.604252][ T9174] do_filp_open+0x1fa/0x410 [ 438.604271][ T9174] ? __pfx_do_filp_open+0x10/0x10 [ 438.604286][ T9174] ? rt_mutex_slowunlock+0x493/0x8a0 [ 438.604331][ T9174] ? alloc_fd+0x64f/0x6c0 [ 438.604366][ T9174] do_sys_openat2+0x121/0x1c0 [ 438.604387][ T9174] ? __pfx_do_sys_openat2+0x10/0x10 [ 438.604409][ T9174] ? ksys_write+0x230/0x260 [ 438.604431][ T9174] ? __pfx_ksys_write+0x10/0x10 [ 438.604451][ T9174] __x64_sys_openat+0x138/0x170 [ 438.604471][ T9174] do_syscall_64+0xfa/0xfa0 [ 438.604488][ T9174] ? lockdep_hardirqs_on+0x9c/0x150 [ 438.604505][ T9174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.604517][ T9174] ? clear_bhb_loop+0x60/0xb0 [ 438.604533][ T9174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.604545][ T9174] RIP: 0033:0x7fec4d78f749 [ 438.604558][ T9174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.604570][ T9174] RSP: 002b:00007fec4b9cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 438.604585][ T9174] RAX: ffffffffffffffda RBX: 00007fec4d9e6090 RCX: 00007fec4d78f749 [ 438.604596][ T9174] RDX: 0000000000200002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 438.604606][ T9174] RBP: 00007fec4b9cd090 R08: 0000000000000000 R09: 0000000000000000 [ 438.604616][ T9174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 438.604627][ T9174] R13: 00007fec4d9e6128 R14: 00007fec4d9e6090 R15: 00007ffcc694fd28 [ 438.604658][ T9174] [ 439.009688][ T9166] syz.3.956 (9166) used greatest stack depth: 17976 bytes left [ 439.151138][ T9180] exFAT-fs (nullb0): invalid boot record signature [ 439.151157][ T9180] exFAT-fs (nullb0): failed to read boot sector [ 439.151165][ T9180] exFAT-fs (nullb0): failed to recognize exfat type [ 439.603706][ T1245] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 440.330307][ T1245] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 440.330343][ T1245] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1648, setting to 1024 [ 440.330370][ T1245] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 440.330396][ T1245] usb 1-1: config 1 interface 0 has no altsetting 0 [ 440.367096][ T1245] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0a56, bcdDevice= 0.40 [ 440.367126][ T1245] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.367146][ T1245] usb 1-1: Product: С [ 440.367159][ T1245] usb 1-1: Manufacturer: ᠁ [ 440.367172][ T1245] usb 1-1: SerialNumber: 艿畆㫆躐픍ই娮䋨샺ꯤ琨׀蹄윋숃豂㨖斛큍竢괳ⵌ༠歨覥뫿六庽繿蕫먶ᘋ뽉虬㲹琻椣ㄅЌ綑润䙓睼磥翧䫥쫾ꬢ궐꒲톸㮂Ժ쥵贿ᅫ霽 [ 440.466309][ T9188] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 440.504981][ T9202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.967'. [ 440.903829][ T1245] usbhid 1-1:1.0: can't add hid device: -71 [ 440.903953][ T1245] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 440.909750][ T1245] usb 1-1: USB disconnect, device number 26 [ 442.292981][ T9220] netlink: 40 bytes leftover after parsing attributes in process `syz.1.973'. [ 442.293010][ T9220] netlink: 40 bytes leftover after parsing attributes in process `syz.1.973'. [ 445.678092][ T9237] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 447.426214][ T5790] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 447.445384][ T9243] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 447.588851][ T5790] usb 5-1: Using ep0 maxpacket: 16 [ 447.589933][ T5790] usb 5-1: too many configurations: 60, using maximum allowed: 8 [ 447.659760][ T5790] usb 5-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9 [ 447.659779][ T5790] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204 [ 447.659790][ T5790] usb 5-1: Product: syz [ 447.659797][ T5790] usb 5-1: Manufacturer: syz [ 447.659804][ T5790] usb 5-1: SerialNumber: syz [ 447.694591][ T5790] usb 5-1: config 0 descriptor?? [ 447.713999][ T5790] pwc: Philips SPC 880NC USB webcam detected. [ 447.777060][ T37] audit: type=1326 audit(1764260219.211:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.777881][ T37] audit: type=1326 audit(1764260219.211:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.793460][ T37] audit: type=1326 audit(1764260219.230:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b4f3fdf90 code=0x7ffc0000 [ 447.793510][ T37] audit: type=1326 audit(1764260219.230:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.793549][ T37] audit: type=1326 audit(1764260219.230:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.799087][ T37] audit: type=1326 audit(1764260219.230:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.801228][ T37] audit: type=1326 audit(1764260219.239:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.801273][ T37] audit: type=1326 audit(1764260219.239:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.801981][ T37] audit: type=1326 audit(1764260219.239:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.802238][ T37] audit: type=1326 audit(1764260219.239:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9250 comm="syz.3.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x7ffc0000 [ 447.896612][ T5978] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 447.919470][ T5790] pwc: Warning: more than 1 configuration available. [ 447.920009][ T5790] pwc: Failed to set LED on/off time (-71) [ 447.920410][ T5790] pwc: send_video_command error -71 [ 447.920423][ T5790] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 447.920544][ T5790] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 448.049436][ T5790] usb 5-1: USB disconnect, device number 24 [ 448.060646][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 448.060704][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 448.521605][ T5978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 448.521657][ T5978] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 448.521678][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.541009][ T5978] usb 3-1: config 0 descriptor?? [ 448.542830][ T9249] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 448.893734][ T9272] netlink: 40 bytes leftover after parsing attributes in process `syz.4.991'. [ 448.893761][ T9272] netlink: 40 bytes leftover after parsing attributes in process `syz.4.991'. [ 449.355470][ C0] vkms_vblank_simulate: vblank timer overrun [ 449.548133][ T5978] elan 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 449.744662][ T9288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.745563][ T9288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.919301][ T9291] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 450.502483][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.644005][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.744730][ C0] vkms_vblank_simulate: vblank timer overrun [ 451.305839][ C0] vkms_vblank_simulate: vblank timer overrun [ 451.769098][ T1245] usb 3-1: reset full-speed USB device number 20 using dummy_hcd [ 452.269027][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 452.800426][ C0] vkms_vblank_simulate: vblank timer overrun [ 452.816707][ T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 452.816744][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.850041][ T9] usb 2-1: config 0 descriptor?? [ 452.867196][ T9] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 453.319187][ T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 453.348369][ T5892] usb 3-1: USB disconnect, device number 20 [ 453.571708][ T9319] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 453.751435][ T9] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 454.019698][ T9329] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1008'. [ 454.019726][ T9329] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1008'. [ 454.739388][ T5978] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 455.160812][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 455.160844][ T5978] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 455.160869][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 455.165978][ T5978] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 455.166018][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.166877][ T5978] usb 4-1: Product: syz [ 455.166893][ T5978] usb 4-1: Manufacturer: syz [ 455.166908][ T5978] usb 4-1: SerialNumber: syz [ 455.279375][ T5978] usb 4-1: config 0 descriptor?? [ 455.300563][ T5978] kvaser_usb 4-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 455.332452][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.450284][ T9] usb 2-1: USB disconnect, device number 18 [ 455.520051][ T9328] snd_dummy snd_dummy.0: control 0:0:0:syz0:524289 is already present [ 455.520626][ T9328] overlayfs: failed to resolve './file0': -2 [ 455.650960][ T9346] trusted_key: encrypted_key: keyword 'upw' not recognized [ 456.671117][ T5978] usb 4-1: USB disconnect, device number 23 [ 457.912869][ T5978] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 458.689811][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 458.689839][ T5978] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 458.689862][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 458.693168][ T5978] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 458.693197][ T5978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.693217][ T5978] usb 4-1: Product: syz [ 458.693231][ T5978] usb 4-1: Manufacturer: syz [ 458.693244][ T5978] usb 4-1: SerialNumber: syz [ 458.769975][ T5978] usb 4-1: config 0 descriptor?? [ 458.774225][ T5978] kvaser_usb 4-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 458.854496][ T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 459.041809][ T10] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 459.041837][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 459.041863][ T10] usb 3-1: config 0 has no interface number 0 [ 459.044294][ T10] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 459.044320][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.044339][ T10] usb 3-1: Product: syz [ 459.044351][ T10] usb 3-1: Manufacturer: syz [ 459.044364][ T10] usb 3-1: SerialNumber: syz [ 459.105938][ T10] usb 3-1: config 0 descriptor?? [ 459.146256][ T10] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22 [ 459.181536][ T9402] FAULT_INJECTION: forcing a failure. [ 459.181536][ T9402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.181568][ T9402] CPU: 0 UID: 0 PID: 9402 Comm: syz.1.1030 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 459.181589][ T9402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 459.181599][ T9402] Call Trace: [ 459.181606][ T9402] [ 459.181614][ T9402] dump_stack_lvl+0x189/0x250 [ 459.181644][ T9402] ? __pfx____ratelimit+0x10/0x10 [ 459.181667][ T9402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.181691][ T9402] ? __pfx__printk+0x10/0x10 [ 459.181725][ T9402] should_fail_ex+0x46c/0x600 [ 459.181753][ T9402] _copy_from_user+0x2d/0xb0 [ 459.181774][ T9402] bpf_test_init+0xd8/0x150 [ 459.181798][ T9402] bpf_prog_test_run_flow_dissector+0x1e1/0x5c0 [ 459.181830][ T9402] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 459.181861][ T9402] ? __fget_files+0x2a/0x420 [ 459.181889][ T9402] ? __fget_files+0x2a/0x420 [ 459.181909][ T9402] ? __fget_files+0x3a6/0x420 [ 459.181930][ T9402] ? __fget_files+0x2a/0x420 [ 459.181957][ T9402] ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10 [ 459.181978][ T9402] bpf_prog_test_run+0x2cd/0x340 [ 459.182006][ T9402] __sys_bpf+0x562/0x860 [ 459.182032][ T9402] ? __pfx___sys_bpf+0x10/0x10 [ 459.182051][ T9402] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 459.182088][ T9402] ? ksys_write+0x230/0x260 [ 459.182110][ T9402] ? __pfx_ksys_write+0x10/0x10 [ 459.182138][ T9402] __x64_sys_bpf+0x7c/0x90 [ 459.182159][ T9402] do_syscall_64+0xfa/0xfa0 [ 459.182181][ T9402] ? lockdep_hardirqs_on+0x9c/0x150 [ 459.182204][ T9402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.182221][ T9402] ? clear_bhb_loop+0x60/0xb0 [ 459.182242][ T9402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.182258][ T9402] RIP: 0033:0x7fec4d78f749 [ 459.182274][ T9402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.182290][ T9402] RSP: 002b:00007fec4b9ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 459.182310][ T9402] RAX: ffffffffffffffda RBX: 00007fec4d9e5fa0 RCX: 00007fec4d78f749 [ 459.182323][ T9402] RDX: 000000000000004c RSI: 0000200000000440 RDI: 000000000000000a [ 459.182334][ T9402] RBP: 00007fec4b9ee090 R08: 0000000000000000 R09: 0000000000000000 [ 459.182346][ T9402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.182357][ T9402] R13: 00007fec4d9e6038 R14: 00007fec4d9e5fa0 R15: 00007ffcc694fd28 [ 459.182388][ T9402] [ 459.192594][ T9399] netlink: 'syz.0.1029': attribute type 1 has an invalid length. [ 459.192617][ T9399] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1029'. [ 459.330807][ T10] usb 3-1: USB disconnect, device number 21 [ 459.568680][ T9409] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1032'. [ 459.568706][ T9409] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1032'. [ 459.640157][ T10] usb 4-1: USB disconnect, device number 24 [ 460.107875][ T9423] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1036'. [ 464.647785][ T9466] trusted_key: encrypted_key: keyword 'upw' not recognized [ 466.803881][ T9477] trusted_key: encrypted_key: keyword 'upw' not recognized [ 466.923149][ T9489] FAULT_INJECTION: forcing a failure. [ 466.923149][ T9489] name failslab, interval 1, probability 0, space 0, times 0 [ 466.923181][ T9489] CPU: 1 UID: 0 PID: 9489 Comm: syz.2.1056 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 466.923203][ T9489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 466.923213][ T9489] Call Trace: [ 466.923220][ T9489] [ 466.923228][ T9489] dump_stack_lvl+0x189/0x250 [ 466.923258][ T9489] ? __pfx____ratelimit+0x10/0x10 [ 466.923283][ T9489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.923309][ T9489] ? __pfx__printk+0x10/0x10 [ 466.923337][ T9489] ? __pfx___might_resched+0x10/0x10 [ 466.923361][ T9489] should_fail_ex+0x46c/0x600 [ 466.923390][ T9489] should_failslab+0xa8/0x100 [ 466.923417][ T9489] __kmalloc_noprof+0xcc/0x7d0 [ 466.923440][ T9489] ? drm_dev_exit+0x3a/0x60 [ 466.923458][ T9489] ? drm_ioctl+0x55b/0xb20 [ 466.923492][ T9489] drm_ioctl+0x55b/0xb20 [ 466.923516][ T9489] ? __pfx_drm_getstats+0x10/0x10 [ 466.923541][ T9489] ? __pfx_drm_ioctl+0x10/0x10 [ 466.923576][ T9489] ? __fget_files+0x3a6/0x420 [ 466.923598][ T9489] ? __fget_files+0x2a/0x420 [ 466.923625][ T9489] ? bpf_lsm_file_ioctl+0x9/0x20 [ 466.923642][ T9489] ? __pfx_drm_ioctl+0x10/0x10 [ 466.923662][ T9489] __se_sys_ioctl+0xff/0x170 [ 466.923685][ T9489] do_syscall_64+0xfa/0xfa0 [ 466.923707][ T9489] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.923730][ T9489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.923747][ T9489] ? clear_bhb_loop+0x60/0xb0 [ 466.923768][ T9489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.923786][ T9489] RIP: 0033:0x7f71afc2f749 [ 466.923802][ T9489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.923817][ T9489] RSP: 002b:00007f71ade8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.923835][ T9489] RAX: ffffffffffffffda RBX: 00007f71afe85fa0 RCX: 00007f71afc2f749 [ 466.923849][ T9489] RDX: 0000000000000000 RSI: 0000000080f86406 RDI: 0000000000000003 [ 466.923859][ T9489] RBP: 00007f71ade8e090 R08: 0000000000000000 R09: 0000000000000000 [ 466.923870][ T9489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 466.923881][ T9489] R13: 00007f71afe86038 R14: 00007f71afe85fa0 R15: 00007ffdad936528 [ 466.923911][ T9489] [ 467.653076][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.316985][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.495874][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.509152][ T9506] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 468.867378][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.894521][ T9511] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1064'. [ 468.894546][ T9511] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1064'. [ 468.903694][ T5790] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 469.330093][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.705378][ T5790] usb 2-1: Using ep0 maxpacket: 8 [ 469.885220][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.203251][ T5790] usb 2-1: config 1 has an invalid interface number: 114 but max is 6 [ 470.204051][ T5790] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 470.204405][ T5790] usb 2-1: config 1 has no interface number 0 [ 470.208177][ T5790] usb 2-1: config 1 interface 114 has no altsetting 0 [ 470.340805][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.393741][ T5790] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 470.393769][ T5790] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 470.393782][ T5790] usb 2-1: Product: syz [ 470.393789][ T5790] usb 2-1: Manufacturer: syz [ 470.393796][ T5790] usb 2-1: SerialNumber: syz [ 470.713875][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.439786][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.441531][ T5790] usb 2-1: palm_os_3_probe - error -110 getting connection information [ 471.441652][ T5790] visor 2-1:1.114: probe with driver visor failed with error -110 [ 471.546245][ T9526] trusted_key: encrypted_key: keyword 'upw' not recognized [ 471.549480][ T5790] usb 2-1: USB disconnect, device number 19 [ 471.582917][ T9527] trusted_key: encrypted_key: keyword 'upw' not recognized [ 471.901885][ T9536] trusted_key: encrypted_key: keyword 'upw' not recognized [ 473.500642][ T5790] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 473.936074][ T5790] usb 2-1: Using ep0 maxpacket: 32 [ 473.943509][ T5790] usb 2-1: config 0 has no interfaces? [ 473.952845][ T5790] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 473.952875][ T5790] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.952895][ T5790] usb 2-1: Product: syz [ 473.952909][ T5790] usb 2-1: Manufacturer: syz [ 473.952923][ T5790] usb 2-1: SerialNumber: syz [ 473.967464][ T5790] usb 2-1: config 0 descriptor?? [ 475.445138][ T5790] usb 2-1: USB disconnect, device number 20 [ 475.550737][ T9569] FAULT_INJECTION: forcing a failure. [ 475.550737][ T9569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 475.550765][ T9569] CPU: 1 UID: 0 PID: 9569 Comm: syz.3.1083 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 475.550781][ T9569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 475.550789][ T9569] Call Trace: [ 475.550795][ T9569] [ 475.550801][ T9569] dump_stack_lvl+0x189/0x250 [ 475.550828][ T9569] ? __pfx____ratelimit+0x10/0x10 [ 475.550847][ T9569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.550865][ T9569] ? __pfx__printk+0x10/0x10 [ 475.550893][ T9569] should_fail_ex+0x46c/0x600 [ 475.550916][ T9569] _copy_to_user+0x31/0xb0 [ 475.550934][ T9569] simple_read_from_buffer+0xe1/0x170 [ 475.550956][ T9569] proc_fail_nth_read+0x1b6/0x220 [ 475.550973][ T9569] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 475.550993][ T9569] ? rw_verify_area+0x2ac/0x4e0 [ 475.551009][ T9569] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 475.551025][ T9569] vfs_read+0x206/0xa30 [ 475.551048][ T9569] ? __pfx_vfs_read+0x10/0x10 [ 475.551060][ T9569] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 475.551084][ T9569] ? mutex_lock_nested+0x154/0x1d0 [ 475.551098][ T9569] ? fdget_pos+0x253/0x320 [ 475.551123][ T9569] ksys_read+0x14b/0x260 [ 475.551141][ T9569] ? __pfx_ksys_read+0x10/0x10 [ 475.551160][ T9569] ? do_syscall_64+0xbe/0xfa0 [ 475.551182][ T9569] do_syscall_64+0xfa/0xfa0 [ 475.551199][ T9569] ? lockdep_hardirqs_on+0x9c/0x150 [ 475.551216][ T9569] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.551230][ T9569] ? clear_bhb_loop+0x60/0xb0 [ 475.551246][ T9569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.551259][ T9569] RIP: 0033:0x7f7b4f3fe15c [ 475.551273][ T9569] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 475.551286][ T9569] RSP: 002b:00007f7b4d666030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 475.551302][ T9569] RAX: ffffffffffffffda RBX: 00007f7b4f655fa0 RCX: 00007f7b4f3fe15c [ 475.551312][ T9569] RDX: 000000000000000f RSI: 00007f7b4d6660a0 RDI: 0000000000000004 [ 475.551321][ T9569] RBP: 00007f7b4d666090 R08: 0000000000000000 R09: 0000000000000000 [ 475.551329][ T9569] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.551337][ T9569] R13: 00007f7b4f656038 R14: 00007f7b4f655fa0 R15: 00007ffdd0da49e8 [ 475.551363][ T9569] [ 475.799056][ T5892] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 475.959366][ T5892] usb 1-1: Using ep0 maxpacket: 32 [ 475.962156][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 475.962187][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 475.962225][ T5892] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 475.962248][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.021428][ T5892] usb 1-1: config 0 descriptor?? [ 476.031307][ T5892] hub 1-1:0.0: USB hub found [ 476.239604][ T5892] hub 1-1:0.0: 1 port detected [ 476.791771][ T9582] FAULT_INJECTION: forcing a failure. [ 476.791771][ T9582] name failslab, interval 1, probability 0, space 0, times 0 [ 476.791816][ T9582] CPU: 0 UID: 0 PID: 9582 Comm: syz.3.1087 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 476.791838][ T9582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 476.791849][ T9582] Call Trace: [ 476.791857][ T9582] [ 476.791865][ T9582] dump_stack_lvl+0x189/0x250 [ 476.791895][ T9582] ? __pfx____ratelimit+0x10/0x10 [ 476.791920][ T9582] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.791944][ T9582] ? __pfx__printk+0x10/0x10 [ 476.791970][ T9582] ? __pfx___might_resched+0x10/0x10 [ 476.791988][ T9582] ? fs_reclaim_acquire+0x7d/0x100 [ 476.792016][ T9582] should_fail_ex+0x46c/0x600 [ 476.792046][ T9582] should_failslab+0xa8/0x100 [ 476.792072][ T9582] __kmalloc_noprof+0xcc/0x7d0 [ 476.792094][ T9582] ? sock_kmalloc+0xd6/0x160 [ 476.792121][ T9582] sock_kmalloc+0xd6/0x160 [ 476.792145][ T9582] ____sys_sendmsg+0x1b5/0x820 [ 476.792173][ T9582] ? __pfx_____sys_sendmsg+0x10/0x10 [ 476.792204][ T9582] ? import_iovec+0x74/0xa0 [ 476.792228][ T9582] ___sys_sendmsg+0x21f/0x2a0 [ 476.792252][ T9582] ? __pfx____sys_sendmsg+0x10/0x10 [ 476.792309][ T9582] ? __fget_files+0x2a/0x420 [ 476.792339][ T9582] ? __fget_files+0x3a6/0x420 [ 476.792378][ T9582] __sys_sendmmsg+0x22d/0x430 [ 476.792405][ T9582] ? __pfx___sys_sendmmsg+0x10/0x10 [ 476.792436][ T9582] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 476.792477][ T9582] ? ksys_write+0x230/0x260 [ 476.792500][ T9582] ? __pfx_ksys_write+0x10/0x10 [ 476.792527][ T9582] __x64_sys_sendmmsg+0xa0/0xc0 [ 476.792551][ T9582] do_syscall_64+0xfa/0xfa0 [ 476.792573][ T9582] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.792596][ T9582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.792614][ T9582] ? clear_bhb_loop+0x60/0xb0 [ 476.792635][ T9582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.792652][ T9582] RIP: 0033:0x7f7b4f3ff749 [ 476.792668][ T9582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.792683][ T9582] RSP: 002b:00007f7b4d666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 476.792704][ T9582] RAX: ffffffffffffffda RBX: 00007f7b4f655fa0 RCX: 00007f7b4f3ff749 [ 476.792718][ T9582] RDX: 0000000000000001 RSI: 0000200000001500 RDI: 0000000000000003 [ 476.792730][ T9582] RBP: 00007f7b4d666090 R08: 0000000000000000 R09: 0000000000000000 [ 476.792741][ T9582] R10: 000000000000c040 R11: 0000000000000246 R12: 0000000000000001 [ 476.792753][ T9582] R13: 00007f7b4f656038 R14: 00007f7b4f655fa0 R15: 00007ffdd0da49e8 [ 476.792784][ T9582] [ 477.574654][ T5892] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 477.574681][ T5892] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 477.592828][ T5892] usbhid 1-1:0.0: can't add hid device: -71 [ 477.592945][ T5892] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 478.504434][ T5892] usb 1-1: USB disconnect, device number 27 [ 478.734319][ T9599] tipc: Enabling of bearer rejected, failed to enable media [ 480.079933][ T9609] IPVS: length: 528 != 297784399128 [ 480.233466][ T9614] netlink: zone id is out of range [ 480.442060][ T9616] FAULT_INJECTION: forcing a failure. [ 480.442060][ T9616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 480.442093][ T9616] CPU: 1 UID: 0 PID: 9616 Comm: syz.4.1098 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 480.442114][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 480.442125][ T9616] Call Trace: [ 480.442132][ T9616] [ 480.442141][ T9616] dump_stack_lvl+0x189/0x250 [ 480.442179][ T9616] ? __pfx____ratelimit+0x10/0x10 [ 480.442203][ T9616] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.442227][ T9616] ? __pfx__printk+0x10/0x10 [ 480.442260][ T9616] should_fail_ex+0x46c/0x600 [ 480.442291][ T9616] _copy_to_user+0x31/0xb0 [ 480.442314][ T9616] simple_read_from_buffer+0xe1/0x170 [ 480.442341][ T9616] proc_fail_nth_read+0x1b6/0x220 [ 480.442364][ T9616] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 480.442384][ T9616] ? rw_verify_area+0x2ac/0x4e0 [ 480.442404][ T9616] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 480.442424][ T9616] vfs_read+0x206/0xa30 [ 480.442454][ T9616] ? __pfx_vfs_read+0x10/0x10 [ 480.442470][ T9616] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 480.442499][ T9616] ? mutex_lock_nested+0x154/0x1d0 [ 480.442517][ T9616] ? fdget_pos+0x253/0x320 [ 480.442549][ T9616] ksys_read+0x14b/0x260 [ 480.442569][ T9616] ? ldsem_up_read+0xcd/0x130 [ 480.442587][ T9616] ? __pfx_ksys_read+0x10/0x10 [ 480.442611][ T9616] ? do_syscall_64+0xbe/0xfa0 [ 480.442639][ T9616] do_syscall_64+0xfa/0xfa0 [ 480.442661][ T9616] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.442684][ T9616] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.442702][ T9616] ? clear_bhb_loop+0x60/0xb0 [ 480.442724][ T9616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.442741][ T9616] RIP: 0033:0x7f36ed6de15c [ 480.442757][ T9616] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 480.442772][ T9616] RSP: 002b:00007f36eb93e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 480.442791][ T9616] RAX: ffffffffffffffda RBX: 00007f36ed935fa0 RCX: 00007f36ed6de15c [ 480.442804][ T9616] RDX: 000000000000000f RSI: 00007f36eb93e0a0 RDI: 0000000000000005 [ 480.442815][ T9616] RBP: 00007f36eb93e090 R08: 0000000000000000 R09: 0000000000000000 [ 480.442826][ T9616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.442837][ T9616] R13: 00007f36ed936038 R14: 00007f36ed935fa0 R15: 00007fffba97a748 [ 480.442871][ T9616] [ 483.239961][ T9654] netlink: 'syz.2.1110': attribute type 2 has an invalid length. [ 483.305771][ T9654] !9: entered promiscuous mode [ 484.864081][ T9673] futex_wake_op: syz.1.1116 tries to shift op by -1; fix this program [ 485.430659][ T9681] trusted_key: encrypted_key: keyword 'upw' not recognized [ 485.881904][ T9694] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1123'. [ 485.883125][ T9694] binder: BINDER_SET_CONTEXT_MGR already set [ 485.883137][ T9694] binder: 9693:9694 ioctl 40046207 0 returned -16 [ 485.885069][ T9694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1123'. [ 486.779865][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 486.982167][ T1245] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 487.314451][ T9] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 487.314483][ T9] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1648, setting to 1024 [ 487.314505][ T9] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 487.314526][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 487.316674][ T9] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0a56, bcdDevice= 0.40 [ 487.316701][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.316717][ T9] usb 2-1: Product: С [ 487.316730][ T9] usb 2-1: Manufacturer: ᠁ [ 487.316746][ T9] usb 2-1: SerialNumber: 艿畆㫆躐픍ই娮䋨샺ꯤ琨׀蹄윋숃豂㨖斛큍竢괳ⵌ༠歨覥뫿六庽繿蕫먶ᘋ뽉虬㲹琻椣ㄅЌ綑润䙓睼磥翧䫥쫾ꬢ궐꒲톸㮂Ժ쥵贿ᅫ霽 [ 487.454285][ T9699] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 487.494560][ T1245] usb 5-1: Using ep0 maxpacket: 8 [ 487.504567][ T1245] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 487.504626][ T1245] usb 5-1: New USB device found, idVendor=05a9, idProduct=2630, bcdDevice=55.12 [ 487.504648][ T1245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.522637][ T1245] usb 5-1: config 0 descriptor?? [ 487.554502][ T1245] uvcvideo 5-1:0.0: Found UVC 0.00 device (05a9:2630) [ 487.554536][ T1245] uvcvideo 5-1:0.0: No valid video chain found. [ 487.726113][ T9] usbhid 2-1:1.0: can't add hid device: -71 [ 487.726258][ T9] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 487.751226][ T9] usb 2-1: USB disconnect, device number 21 [ 487.774897][ T5790] usb 5-1: USB disconnect, device number 25 [ 488.323882][ T9726] trusted_key: encrypted_key: keyword 'upw' not recognized [ 489.883133][ T9740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1139'. [ 489.883954][ T9738] input: syz0 as /devices/virtual/input/input7 [ 492.313316][ T9764] IPVS: length: 528 != 297784399128 [ 492.751146][ T9771] trusted_key: encrypted_key: keyword 'upw' not recognized [ 492.926398][ T1245] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 493.203328][ T1245] usb 2-1: Using ep0 maxpacket: 8 [ 493.209333][ T1245] usb 2-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 493.209361][ T1245] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.209379][ T1245] usb 2-1: Product: syz [ 493.209391][ T1245] usb 2-1: Manufacturer: syz [ 493.209405][ T1245] usb 2-1: SerialNumber: syz [ 493.246137][ T5978] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 493.263135][ T1245] usb 2-1: config 0 descriptor?? [ 493.491969][ T5978] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 493.492774][ T5978] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 493.698889][ T5978] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 493.699066][ T5978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.699259][ T5978] usb 1-1: Product: syz [ 493.699447][ T5978] usb 1-1: Manufacturer: syz [ 493.699642][ T5978] usb 1-1: SerialNumber: syz [ 494.082269][ T1245] option 2-1:0.0: GSM modem (1-port) converter detected [ 494.142713][ T1245] usb 2-1: USB disconnect, device number 22 [ 494.200546][ T1245] option 2-1:0.0: device disconnected [ 494.390082][ T5890] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 494.550493][ T5890] usb 4-1: Using ep0 maxpacket: 16 [ 494.559514][ T5890] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 494.559561][ T5890] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.559593][ T5890] usb 4-1: config 0 has no interface number 0 [ 494.579205][ T5890] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 494.579249][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.579282][ T5890] usb 4-1: Product: syz [ 494.579311][ T5890] usb 4-1: Manufacturer: syz [ 494.579342][ T5890] usb 4-1: SerialNumber: syz [ 494.690587][ T5890] usb 4-1: config 0 descriptor?? [ 495.021350][ T5890] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08d3) [ 495.021386][ T5890] uvcvideo 4-1:0.105: No valid video chain found. [ 496.559995][ T5890] usb 4-1: USB disconnect, device number 25 [ 497.045917][ T5790] usb 1-1: USB disconnect, device number 28 [ 497.227181][ T9820] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 497.227210][ T9820] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 497.227355][ T9820] vhci_hcd vhci_hcd.0: Device attached [ 497.405868][ T9827] FAULT_INJECTION: forcing a failure. [ 497.405868][ T9827] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.405901][ T9827] CPU: 0 UID: 0 PID: 9827 Comm: syz.1.1163 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 497.405926][ T9827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 497.405936][ T9827] Call Trace: [ 497.405943][ T9827] [ 497.405951][ T9827] dump_stack_lvl+0x189/0x250 [ 497.405981][ T9827] ? __pfx____ratelimit+0x10/0x10 [ 497.406005][ T9827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 497.406030][ T9827] ? __pfx__printk+0x10/0x10 [ 497.406052][ T9827] ? __might_fault+0xb0/0x130 [ 497.406088][ T9827] should_fail_ex+0x46c/0x600 [ 497.406117][ T9827] _copy_from_user+0x2d/0xb0 [ 497.406138][ T9827] userfaultfd_ioctl+0x9da/0x5050 [ 497.406163][ T9827] ? kasan_save_track+0x4f/0x80 [ 497.406183][ T9827] ? kasan_save_track+0x3e/0x80 [ 497.406201][ T9827] ? __kasan_save_free_info+0x46/0x50 [ 497.406218][ T9827] ? __kasan_slab_free+0x5c/0x80 [ 497.406238][ T9827] ? kfree+0x197/0x950 [ 497.406256][ T9827] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 497.406280][ T9827] ? security_file_ioctl+0xcb/0x2d0 [ 497.406297][ T9827] ? __se_sys_ioctl+0x47/0x170 [ 497.406314][ T9827] ? do_syscall_64+0xfa/0xfa0 [ 497.406336][ T9827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.406366][ T9827] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 497.406421][ T9827] ? kasan_quarantine_put+0xdd/0x220 [ 497.406442][ T9827] ? lockdep_hardirqs_on+0x9c/0x150 [ 497.406475][ T9827] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 497.406506][ T9827] ? do_vfs_ioctl+0xbeb/0x1440 [ 497.406523][ T9827] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 497.406550][ T9827] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 497.406567][ T9827] ? smack_log+0xef/0x3f0 [ 497.406592][ T9827] ? __pfx_smack_log+0x10/0x10 [ 497.406614][ T9827] ? smk_access+0x14c/0x4e0 [ 497.406643][ T9827] ? smk_tskacc+0x2fc/0x370 [ 497.406670][ T9827] ? smack_file_ioctl+0x2ac/0x340 [ 497.406696][ T9827] ? __pfx_smack_file_ioctl+0x10/0x10 [ 497.406731][ T9827] ? ksys_write+0x1e7/0x260 [ 497.406758][ T9827] ? bpf_lsm_file_ioctl+0x9/0x20 [ 497.406775][ T9827] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 497.406798][ T9827] __se_sys_ioctl+0xff/0x170 [ 497.406820][ T9827] do_syscall_64+0xfa/0xfa0 [ 497.406842][ T9827] ? lockdep_hardirqs_on+0x9c/0x150 [ 497.406865][ T9827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.406882][ T9827] ? clear_bhb_loop+0x60/0xb0 [ 497.406904][ T9827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.406921][ T9827] RIP: 0033:0x7fec4d78f749 [ 497.406938][ T9827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 497.406953][ T9827] RSP: 002b:00007fec4b9ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 497.406972][ T9827] RAX: ffffffffffffffda RBX: 00007fec4d9e5fa0 RCX: 00007fec4d78f749 [ 497.406985][ T9827] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 497.406997][ T9827] RBP: 00007fec4b9ee090 R08: 0000000000000000 R09: 0000000000000000 [ 497.407008][ T9827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.407019][ T9827] R13: 00007fec4d9e6038 R14: 00007fec4d9e5fa0 R15: 00007ffcc694fd28 [ 497.407052][ T9827] [ 497.481555][ T9822] vhci_hcd: connection closed [ 497.554407][ T74] vhci_hcd: stop threads [ 497.554426][ T74] vhci_hcd: release socket [ 497.554489][ T74] vhci_hcd: disconnect device [ 497.555503][ T5990] vhci_hcd: vhci_device speed not set [ 497.569099][ T37] kauditd_printk_skb: 14 callbacks suppressed [ 497.569115][ T37] audit: type=1326 audit(1764260265.775:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.569160][ T37] audit: type=1326 audit(1764260265.794:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.590675][ T37] audit: type=1326 audit(1764260265.813:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.590725][ T37] audit: type=1326 audit(1764260265.813:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.593615][ T37] audit: type=1326 audit(1764260265.813:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.609936][ T37] audit: type=1326 audit(1764260265.832:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.609985][ T37] audit: type=1326 audit(1764260265.832:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.610023][ T37] audit: type=1326 audit(1764260265.832:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.623465][ T37] audit: type=1326 audit(1764260265.841:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.623516][ T37] audit: type=1326 audit(1764260265.841:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9828 comm="syz.4.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36ed6df749 code=0x7ffc0000 [ 497.971631][ T5890] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 498.228523][ T5890] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 498.228554][ T5890] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 498.228573][ T5890] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 498.228593][ T5890] usb 1-1: config 220 has no interface number 2 [ 498.228696][ T5890] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 498.228723][ T5890] usb 1-1: config 220 interface 0 has no altsetting 0 [ 498.228741][ T5890] usb 1-1: config 220 interface 76 has no altsetting 0 [ 498.228758][ T5890] usb 1-1: config 220 interface 1 has no altsetting 0 [ 498.287391][ T5890] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 498.287421][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.287440][ T5890] usb 1-1: Product: syz [ 498.287454][ T5890] usb 1-1: Manufacturer: syz [ 498.287467][ T5890] usb 1-1: SerialNumber: syz [ 499.351155][ T5890] usb 1-1: selecting invalid altsetting 0 [ 499.351776][ T5890] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 499.351805][ T5890] uvcvideo 1-1:220.0: No valid video chain found. [ 499.455703][ T5890] usb 1-1: selecting invalid altsetting 0 [ 499.455744][ T5890] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 499.465407][ T5890] usb 1-1: USB disconnect, device number 29 [ 499.573781][ T9852] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 500.891351][ C0] vkms_vblank_simulate: vblank timer overrun [ 501.306068][ C0] vkms_vblank_simulate: vblank timer overrun [ 501.471388][ C0] vkms_vblank_simulate: vblank timer overrun [ 501.969364][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.370560][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.499242][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.596145][ T9864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1174'. [ 502.721627][ T9866] trusted_key: encrypted_key: keyword 'upw' not recognized [ 504.070739][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1174'. [ 504.072774][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1174'. [ 504.156664][ T9883] netlink: 'syz.1.1179': attribute type 6 has an invalid length. [ 504.156687][ T9883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1179'. [ 504.663731][ T5892] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 504.760739][ T5890] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 504.828997][ T5892] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 504.829033][ T5892] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1648, setting to 1024 [ 504.829060][ T5892] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 504.829086][ T5892] usb 2-1: config 1 interface 0 has no altsetting 0 [ 504.832336][ T5892] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0a56, bcdDevice= 0.40 [ 504.832364][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.832384][ T5892] usb 2-1: Product: С [ 504.832397][ T5892] usb 2-1: Manufacturer: ᠁ [ 504.832410][ T5892] usb 2-1: SerialNumber: 艿畆㫆躐픍ই娮䋨샺ꯤ琨׀蹄윋숃豂㨖斛큍竢괳ⵌ༠歨覥뫿六庽繿蕫먶ᘋ뽉虬㲹琻椣ㄅЌ綑润䙓睼磥翧䫥쫾ꬢ궐꒲톸㮂Ժ쥵贿ᅫ霽 [ 504.849225][ T9887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 504.866935][ T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 505.027247][ T5890] usb 3-1: Using ep0 maxpacket: 8 [ 505.031143][ T5890] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 505.031172][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.083196][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 505.086578][ T9] usb 1-1: config 0 has no interfaces? [ 505.119014][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=66.d1 [ 505.119046][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.119066][ T9] usb 1-1: Product: syz [ 505.119079][ T9] usb 1-1: Manufacturer: syz [ 505.119093][ T9] usb 1-1: SerialNumber: syz [ 505.126156][ T5892] usbhid 2-1:1.0: can't add hid device: -71 [ 505.126281][ T5892] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 505.175112][ T5892] usb 2-1: USB disconnect, device number 23 [ 505.194164][ T5890] pvrusb2: Hardware description: Terratec Grabster AV400 [ 505.194185][ T5890] pvrusb2: ********** [ 505.194192][ T5890] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 505.194202][ T5890] pvrusb2: Important functionality might not be entirely working. [ 505.194211][ T5890] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 505.194222][ T5890] pvrusb2: ********** [ 505.256265][ T9] usb 1-1: config 0 descriptor?? [ 505.472923][ T9886] kAFS: Can only specify source 'none' with -o dyn [ 505.517995][ T2364] pvrusb2: Invalid write control endpoint [ 505.522788][ T9898] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 505.523455][ T9898] VFS: Can't find a romfs filesystem on dev nullb0. [ 505.523455][ T9898] [ 505.628530][ T9899] usb usb8: check_ctrlrecip: process 9899 (syz.4.1186) requesting ep 01 but needs 81 [ 505.628608][ T9899] usb usb8: usbfs: process 9899 (syz.4.1186) did not claim interface 0 before use [ 505.633817][ T9899] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 506.279164][ T5890] usb 3-1: USB disconnect, device number 22 [ 507.172410][ T9901] gfs2: error -5 reading superblock [ 507.385975][ T2364] pvrusb2: Invalid write control endpoint [ 507.385985][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 507.385991][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 507.385995][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 507.386003][ T2364] pvrusb2: Device being rendered inoperable [ 507.422178][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 507.422294][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 507.426999][ T2364] pvrusb2: Attached sub-driver cx25840 [ 507.427013][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 507.427023][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 507.638081][ T9916] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 507.865434][ T9916] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 508.855249][ T5892] usb 1-1: USB disconnect, device number 30 [ 511.355142][ T9952] FAULT_INJECTION: forcing a failure. [ 511.355142][ T9952] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 511.355176][ T9952] CPU: 1 UID: 0 PID: 9952 Comm: syz.1.1201 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 511.355188][ T9952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 511.355195][ T9952] Call Trace: [ 511.355199][ T9952] [ 511.355204][ T9952] dump_stack_lvl+0x189/0x250 [ 511.355223][ T9952] ? __pfx____ratelimit+0x10/0x10 [ 511.355238][ T9952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 511.355252][ T9952] ? __pfx__printk+0x10/0x10 [ 511.355265][ T9952] ? fs_reclaim_acquire+0x7d/0x100 [ 511.355283][ T9952] should_fail_ex+0x46c/0x600 [ 511.355300][ T9952] prepare_alloc_pages+0x213/0x670 [ 511.355318][ T9952] __alloc_frozen_pages_noprof+0x123/0x370 [ 511.355334][ T9952] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 511.355353][ T9952] ? policy_nodemask+0x27c/0x720 [ 511.355366][ T9952] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 511.355383][ T9952] alloc_pages_mpol+0xd1/0x380 [ 511.355398][ T9952] vma_alloc_folio_noprof+0xe4/0x280 [ 511.355410][ T9952] ? rt_spin_lock+0x1c1/0x3e0 [ 511.355425][ T9952] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 511.355445][ T9952] folio_prealloc+0x30/0x180 [ 511.355461][ T9952] do_wp_page+0x11f4/0x4930 [ 511.355482][ T9952] ? preempt_count_add+0x91/0x1a0 [ 511.355493][ T9952] ? __pfx_do_wp_page+0x10/0x10 [ 511.355503][ T9952] ? rt_spin_lock+0x2ae/0x3e0 [ 511.355516][ T9952] ? __pfx_rt_spin_lock+0x10/0x10 [ 511.355529][ T9952] ? pte_offset_map_rw_nolock+0xea/0x160 [ 511.355543][ T9952] handle_mm_fault+0x97c/0x3400 [ 511.355556][ T9952] ? mt_find+0x15c/0x5e0 [ 511.355569][ T9952] ? __pfx_mt_find+0x10/0x10 [ 511.355583][ T9952] ? handle_mm_fault+0xdb/0x3400 [ 511.355600][ T9952] ? __pfx_handle_mm_fault+0x10/0x10 [ 511.355624][ T9952] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 511.355652][ T9952] ? lock_mm_and_find_vma+0x9c/0x300 [ 511.355666][ T9952] do_user_addr_fault+0x764/0x1380 [ 511.355694][ T9952] exc_page_fault+0x82/0x100 [ 511.355716][ T9952] ? __might_fault+0xb0/0x130 [ 511.355739][ T9952] asm_exc_page_fault+0x26/0x30 [ 511.355755][ T9952] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 511.355778][ T9952] Code: 0b 05 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 511.355793][ T9952] RSP: 0018:ffffc90006587b60 EFLAGS: 00050202 [ 511.355809][ T9952] RAX: ffffffff84798201 RBX: 0000000000000fc0 RCX: 00000000000006b0 [ 511.355821][ T9952] RDX: 0000000000000000 RSI: ffff88803c836950 RDI: 0000200000001000 [ 511.355833][ T9952] RBP: 0000000000000fc0 R08: ffff88803c836fff R09: 1ffff11007906dff [ 511.355845][ T9952] R10: dffffc0000000000 R11: ffffed1007906e00 R12: 00002000000016b0 [ 511.355857][ T9952] R13: 00007ffffffff000 R14: ffff88803c836040 R15: 00002000000006f0 [ 511.355878][ T9952] ? _copy_from_user+0x41/0xb0 [ 511.355903][ T9952] _copy_to_user+0x8a/0xb0 [ 511.355923][ T9952] mon_bin_read+0x379/0x7d0 [ 511.355963][ T9952] vfs_readv+0x5b3/0x850 [ 511.355978][ T9952] ? __pfx_mon_bin_read+0x10/0x10 [ 511.355992][ T9952] ? __pfx_vfs_readv+0x10/0x10 [ 511.356014][ T9952] ? __fget_files+0x2a/0x420 [ 511.356029][ T9952] ? __fget_files+0x3a6/0x420 [ 511.356041][ T9952] ? __fget_files+0x2a/0x420 [ 511.356058][ T9952] do_readv+0x153/0x2d0 [ 511.356073][ T9952] ? __pfx_do_readv+0x10/0x10 [ 511.356088][ T9952] ? do_syscall_64+0xbe/0xfa0 [ 511.356104][ T9952] do_syscall_64+0xfa/0xfa0 [ 511.356115][ T9952] ? lockdep_hardirqs_on+0x9c/0x150 [ 511.356128][ T9952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.356137][ T9952] ? clear_bhb_loop+0x60/0xb0 [ 511.356149][ T9952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.356158][ T9952] RIP: 0033:0x7fec4d78f749 [ 511.356251][ T9952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.356260][ T9952] RSP: 002b:00007fec4b9ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 511.356270][ T9952] RAX: ffffffffffffffda RBX: 00007fec4d9e5fa0 RCX: 00007fec4d78f749 [ 511.356277][ T9952] RDX: 0000000000000002 RSI: 00002000000002c0 RDI: 0000000000000004 [ 511.356283][ T9952] RBP: 00007fec4b9ee090 R08: 0000000000000000 R09: 0000000000000000 [ 511.356289][ T9952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 511.356295][ T9952] R13: 00007fec4d9e6038 R14: 00007fec4d9e5fa0 R15: 00007ffcc694fd28 [ 511.356312][ T9952] [ 513.309889][ T9966] trusted_key: encrypted_key: keyword 'upw' not recognized [ 513.743286][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 513.743328][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 513.916251][ T9968] netlink: 'syz.0.1207': attribute type 11 has an invalid length. [ 513.916267][ T9968] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1207'. [ 513.925177][ T9975] team0: Device gtp0 is of different type [ 515.191215][ T9989] FAULT_INJECTION: forcing a failure. [ 515.191215][ T9989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.191248][ T9989] CPU: 0 UID: 0 PID: 9989 Comm: syz.4.1213 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 515.191269][ T9989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 515.191280][ T9989] Call Trace: [ 515.191287][ T9989] [ 515.191295][ T9989] dump_stack_lvl+0x189/0x250 [ 515.191326][ T9989] ? __pfx____ratelimit+0x10/0x10 [ 515.191351][ T9989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 515.191372][ T9989] ? __pfx__printk+0x10/0x10 [ 515.191402][ T9989] should_fail_ex+0x46c/0x600 [ 515.191430][ T9989] strncpy_from_user+0x36/0x290 [ 515.191456][ T9989] getname_flags+0xf3/0x540 [ 515.191484][ T9989] __x64_sys_newlstat+0xcc/0x170 [ 515.191500][ T9989] ? __pfx___x64_sys_newlstat+0x10/0x10 [ 515.191537][ T9989] ? __pfx_ksys_write+0x10/0x10 [ 515.191560][ T9989] ? do_syscall_64+0xbe/0xfa0 [ 515.191587][ T9989] do_syscall_64+0xfa/0xfa0 [ 515.191608][ T9989] ? lockdep_hardirqs_on+0x9c/0x150 [ 515.191631][ T9989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.191648][ T9989] ? clear_bhb_loop+0x60/0xb0 [ 515.191670][ T9989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.191686][ T9989] RIP: 0033:0x7f36ed6df749 [ 515.191701][ T9989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.191723][ T9989] RSP: 002b:00007f36eb93e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 515.191742][ T9989] RAX: ffffffffffffffda RBX: 00007f36ed935fa0 RCX: 00007f36ed6df749 [ 515.191755][ T9989] RDX: 0000000000000000 RSI: 000020000000a600 RDI: 000020000000a5c0 [ 515.191766][ T9989] RBP: 00007f36eb93e090 R08: 0000000000000000 R09: 0000000000000000 [ 515.191776][ T9989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.191786][ T9989] R13: 00007f36ed936038 R14: 00007f36ed935fa0 R15: 00007fffba97a748 [ 515.191815][ T9989] [ 515.538415][ T9993] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1216'. [ 515.538442][ T9993] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1216'. [ 515.657124][ T9997] FAULT_INJECTION: forcing a failure. [ 515.657124][ T9997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.657157][ T9997] CPU: 1 UID: 0 PID: 9997 Comm: syz.2.1217 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 515.657178][ T9997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 515.657189][ T9997] Call Trace: [ 515.657196][ T9997] [ 515.657203][ T9997] dump_stack_lvl+0x189/0x250 [ 515.657233][ T9997] ? __pfx____ratelimit+0x10/0x10 [ 515.657259][ T9997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 515.657284][ T9997] ? __pfx__printk+0x10/0x10 [ 515.657306][ T9997] ? __might_fault+0xb0/0x130 [ 515.657340][ T9997] should_fail_ex+0x46c/0x600 [ 515.657370][ T9997] _copy_from_user+0x2d/0xb0 [ 515.657391][ T9997] snd_seq_ioctl+0x1e3/0x450 [ 515.657416][ T9997] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 515.657454][ T9997] ? __fget_files+0x3a6/0x420 [ 515.657478][ T9997] ? __fget_files+0x2a/0x420 [ 515.657505][ T9997] ? bpf_lsm_file_ioctl+0x9/0x20 [ 515.657522][ T9997] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 515.657539][ T9997] __se_sys_ioctl+0xff/0x170 [ 515.657563][ T9997] do_syscall_64+0xfa/0xfa0 [ 515.657584][ T9997] ? lockdep_hardirqs_on+0x9c/0x150 [ 515.657607][ T9997] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.657625][ T9997] ? clear_bhb_loop+0x60/0xb0 [ 515.657646][ T9997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.657664][ T9997] RIP: 0033:0x7f71afc2f749 [ 515.657679][ T9997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.657695][ T9997] RSP: 002b:00007f71ade8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 515.657713][ T9997] RAX: ffffffffffffffda RBX: 00007f71afe85fa0 RCX: 00007f71afc2f749 [ 515.657727][ T9997] RDX: 0000000000000000 RSI: 00000000c0505350 RDI: 0000000000000003 [ 515.657737][ T9997] RBP: 00007f71ade8e090 R08: 0000000000000000 R09: 0000000000000000 [ 515.657747][ T9997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.657757][ T9997] R13: 00007f71afe86038 R14: 00007f71afe85fa0 R15: 00007ffdad936528 [ 515.657789][ T9997] [ 516.759657][T10018] trusted_key: encrypted_key: keyword 'upw' not recognized [ 517.895543][T10023] netlink: 'syz.0.1224': attribute type 1 has an invalid length. [ 517.945015][T10023] bond2: entered promiscuous mode [ 517.945393][T10023] 8021q: adding VLAN 0 to HW filter on device bond2 [ 518.764643][ T9570] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 519.351387][ T5890] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 519.386623][ T9570] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 519.386641][ T9570] usb 4-1: config 0 has no interface number 1 [ 519.386676][ T9570] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 519.386688][ T9570] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.441696][ T9570] usb 4-1: config 0 descriptor?? [ 519.479041][ T9570] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 519.479105][ T9570] usb 4-1: MIDIStreaming interface descriptor not found [ 519.523675][ T5890] usb 3-1: Using ep0 maxpacket: 16 [ 519.525460][ T5890] usb 3-1: config 0 has no interfaces? [ 519.530708][ T5890] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=66.d1 [ 519.530735][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.530754][ T5890] usb 3-1: Product: syz [ 519.530763][ T5890] usb 3-1: Manufacturer: syz [ 519.530771][ T5890] usb 3-1: SerialNumber: syz [ 519.533930][ T5890] usb 3-1: config 0 descriptor?? [ 519.608529][ T9570] gspca_main: spca561-2.14.0 probing abcd:cdee [ 519.675125][ T9570] spca561 4-1:0.0: probe with driver spca561 failed with error -22 [ 519.703742][ T9570] usb 4-1: USB disconnect, device number 26 [ 519.830515][ T5976] udevd[5976]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 520.265555][T10056] gfs2: error -5 reading superblock [ 521.377665][T10068] netlink: 'syz.4.1236': attribute type 1 has an invalid length. [ 521.377689][T10068] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1236'. [ 521.453477][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1237'. [ 521.565588][ T5978] usb 3-1: USB disconnect, device number 23 [ 521.739458][ T37] kauditd_printk_skb: 18 callbacks suppressed [ 521.739477][ T37] audit: type=1326 audit(1764260288.403:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10080 comm="syz.3.1240" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b4f3ff749 code=0x0 [ 521.751114][T10082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1239'. [ 522.193197][T10091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1242'. [ 526.156124][T10106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1245'. [ 526.156150][T10106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1245'. [ 526.371068][T10121] bridge0: port 3(syz_tun) entered blocking state [ 526.373491][T10121] bridge0: port 3(syz_tun) entered disabled state [ 526.374897][T10121] syz_tun: entered allmulticast mode [ 526.448707][T10121] syz_tun: entered promiscuous mode [ 526.465626][T10121] bridge0: port 3(syz_tun) entered blocking state [ 526.465812][T10121] bridge0: port 3(syz_tun) entered forwarding state [ 526.569173][ T9570] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 526.734705][ T9570] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 526.734738][ T9570] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.734758][ T9570] usb 1-1: Product: syz [ 526.734771][ T9570] usb 1-1: Manufacturer: syz [ 526.734786][ T9570] usb 1-1: SerialNumber: syz [ 527.235022][T10118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 527.236994][T10118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 527.364906][ T9570] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 527.364973][ T9570] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 527.366777][ T9570] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 527.366834][ T9570] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 527.443001][ T9570] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 527.482746][ T9570] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 527.516578][ T9570] usb 1-1: USB disconnect, device number 31 [ 529.227810][T10206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1283'. [ 529.300479][T10210] netlink: 'syz.3.1285': attribute type 29 has an invalid length. [ 529.361636][T10211] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1285'. [ 529.533083][T10210] netlink: 'syz.3.1285': attribute type 29 has an invalid length. [ 529.713851][T10219] bridge0: port 3(syz_tun) entered disabled state [ 530.034708][T10219] syz_tun (unregistering): left allmulticast mode [ 530.034740][T10219] syz_tun (unregistering): left promiscuous mode [ 530.037495][T10219] bridge0: port 3(syz_tun) entered disabled state [ 530.371692][T10245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1299'. [ 530.877171][ T5892] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 531.041065][ T5892] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 531.041094][ T5892] usb 4-1: config 0 has no interface number 0 [ 531.041144][ T5892] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 531.041168][ T5892] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 531.041193][ T5892] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 531.041219][ T5892] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 531.041245][ T5892] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 531.041287][ T5892] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 531.041310][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.156039][ T5892] usb 4-1: config 0 descriptor?? [ 531.164440][T10251] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 531.207112][ T5892] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 531.438268][T10275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1312'. [ 531.848849][T10283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1315'. [ 532.183705][T10292] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.601969][T10284] lec:lec_atm_close: lec0: Shut down! [ 533.989142][ T9570] usb 4-1: USB disconnect, device number 27 [ 534.011795][ T9570] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 534.047546][T10331] syz_tun: left allmulticast mode [ 534.220536][T10334] netlink: 'syz.0.1331': attribute type 11 has an invalid length. [ 535.376570][T10386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1347'. [ 535.458076][T10391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 535.517180][T10391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 535.529216][T10391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 535.534606][T10391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.078419][ T5805] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 536.080727][T10413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 536.265850][ T5805] usb 1-1: Using ep0 maxpacket: 8 [ 536.268468][ T5805] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 536.268495][ T5805] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 536.270857][ T5805] usb 1-1: New USB device found, idVendor=0711, idProduct=0900, bcdDevice=fa.6f [ 536.270884][ T5805] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 536.270903][ T5805] usb 1-1: Product: syz [ 536.270917][ T5805] usb 1-1: SerialNumber: syz [ 536.285443][ T5805] usb 1-1: config 0 descriptor?? [ 536.514931][T10405] netlink: 'syz.0.1356': attribute type 6 has an invalid length. [ 536.521494][ T9570] usb 1-1: USB disconnect, device number 32 [ 536.595311][T10430] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.619146][T10430] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.982499][ T5809] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 536.982525][ T5809] CPU: 1 UID: 0 PID: 5809 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 536.982559][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 536.982573][ T5809] Workqueue: hci2 hci_rx_work [ 536.982606][ T5809] Call Trace: [ 536.982614][ T5809] [ 536.982622][ T5809] dump_stack_lvl+0x189/0x250 [ 536.982660][ T5809] ? __pfx_dump_stack_lvl+0x10/0x10 [ 536.982691][ T5809] ? __pfx__printk+0x10/0x10 [ 536.982723][ T5809] ? kernfs_path_from_node+0x2c/0x280 [ 536.982744][ T5809] ? kernfs_path_from_node+0x243/0x280 [ 536.982763][ T5809] ? kernfs_path_from_node+0x2c/0x280 [ 536.982789][ T5809] sysfs_create_dir_ns+0x259/0x280 [ 536.982809][ T5809] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 536.982841][ T5809] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 536.982867][ T5809] ? rt_spin_unlock+0x161/0x200 [ 536.982894][ T5809] kobject_add_internal+0x5a5/0xb50 [ 536.982925][ T5809] kobject_add+0x155/0x220 [ 536.982951][ T5809] ? __pfx_kobject_add+0x10/0x10 [ 536.982979][ T5809] ? get_device_parent+0x370/0x3a0 [ 536.983011][ T5809] device_add+0x408/0xb50 [ 536.983043][ T5809] hci_conn_add_sysfs+0xd5/0x1e0 [ 536.983067][ T5809] le_conn_complete_evt+0xf39/0x1500 [ 536.983109][ T5809] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 536.983138][ T5809] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 536.983175][ T5809] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.983209][ T5809] ? skb_pull_data+0xfb/0x200 [ 536.983242][ T5809] hci_le_conn_complete_evt+0x187/0x450 [ 536.983278][ T5809] hci_event_packet+0x78f/0x1200 [ 536.983305][ T5809] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 536.983334][ T5809] ? __pfx_hci_event_packet+0x10/0x10 [ 536.983369][ T5809] ? hci_send_to_monitor+0xe2/0x570 [ 536.983402][ T5809] hci_rx_work+0x46a/0xe80 [ 536.983434][ T5809] ? process_scheduled_works+0x9ef/0x17b0 [ 536.983462][ T5809] process_scheduled_works+0xae1/0x17b0 [ 536.983519][ T5809] ? __pfx_process_scheduled_works+0x10/0x10 [ 536.983565][ T5809] worker_thread+0x8a0/0xda0 [ 536.983605][ T5809] ? __kthread_parkme+0x7b/0x200 [ 536.983642][ T5809] kthread+0x711/0x8a0 [ 536.983675][ T5809] ? __pfx_worker_thread+0x10/0x10 [ 536.983699][ T5809] ? __pfx_kthread+0x10/0x10 [ 536.983724][ T5809] ? rt_spin_unlock+0x150/0x200 [ 536.983751][ T5809] ? rt_spin_unlock+0x161/0x200 [ 536.983773][ T5809] ? __pfx_kthread+0x10/0x10 [ 536.983802][ T5809] ret_from_fork+0x4bc/0x870 [ 536.983835][ T5809] ? __pfx_ret_from_fork+0x10/0x10 [ 536.983866][ T5809] ? __switch_to_asm+0x39/0x70 [ 536.983885][ T5809] ? __switch_to_asm+0x33/0x70 [ 536.983903][ T5809] ? __pfx_kthread+0x10/0x10 [ 536.983932][ T5809] ret_from_fork_asm+0x1a/0x30 [ 536.983972][ T5809] [ 536.984126][ T5809] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 536.984182][ T5809] Bluetooth: hci2: failed to register connection device [ 537.679719][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1377'. [ 537.789762][ T5469] veth1_vlan: left promiscuous mode [ 538.747411][T10502] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1390'. [ 539.421174][ T5469] lec:lec_start_xmit: lec0:No lecd attached [ 540.207786][T10557] syzkaller0: entered promiscuous mode [ 540.207813][T10557] syzkaller0: entered allmulticast mode [ 540.211342][T10557] 0: reclassify loop, rule prio 0, protocol 800 [ 541.135480][T10605] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1427'. [ 541.135517][T10605] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1427'. [ 541.459620][T10605] ip6gretap0: entered promiscuous mode [ 541.470138][T10605] syz_tun: entered promiscuous mode [ 541.893610][T10630] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1435'. [ 542.071311][T10642] syzkaller0: entered promiscuous mode [ 542.071338][T10642] syzkaller0: entered allmulticast mode [ 543.515238][T10682] syzkaller0: entered promiscuous mode [ 543.515266][T10682] syzkaller0: entered allmulticast mode [ 543.588259][ T5804] Bluetooth: hci2: command 0x0406 tx timeout [ 545.214943][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5420 ms [ 545.218924][ C0] lec:lec_tx_timeout: lec0 [ 545.221076][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 550.569309][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 550.569596][ C0] lec:lec_tx_timeout: lec0 [ 550.569752][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 555.161442][T10449] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 555.165076][T10449] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 555.215084][T10449] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 555.216827][T10449] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 555.217533][T10449] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 555.925163][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 555.925200][ C0] lec:lec_tx_timeout: lec0 [ 555.925290][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 557.454029][ T5804] Bluetooth: hci5: command tx timeout [ 559.021669][T10449] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 559.024905][T10449] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 559.028173][T10449] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 559.029296][T10449] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 559.030028][T10449] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 559.105009][T10722] sch_tbf: burst 3936 is lower than device lo mtu (65550) ! [ 559.604770][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880612d6c00: rx timeout, send abort [ 559.606464][ T5804] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 559.615925][ T5804] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 559.617301][ T5804] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 559.649057][ T5804] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 559.652037][ T5804] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 559.672235][ T5804] Bluetooth: hci5: command tx timeout [ 560.139378][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880612d6c00: abort rx timeout. Force session deactivation [ 560.142936][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880612d7000: rx timeout, send abort [ 560.677587][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880612d7000: abort rx timeout. Force session deactivation [ 561.323675][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5040 ms [ 561.323712][ C0] lec:lec_tx_timeout: lec0 [ 561.324065][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 561.325884][T10449] Bluetooth: hci4: command tx timeout [ 561.895217][ T5804] Bluetooth: hci5: command tx timeout [ 561.899407][T10449] Bluetooth: hci6: command tx timeout [ 562.503622][ T59] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.117859][ T59] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.187684][ T5978] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 563.357897][ T5978] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 563.357925][ T5978] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.357944][ T5978] usb 3-1: config 0 has no interface number 0 [ 563.361168][ T5978] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 563.361195][ T5978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.361214][ T5978] usb 3-1: Product: syz [ 563.361227][ T5978] usb 3-1: Manufacturer: syz [ 563.361241][ T5978] usb 3-1: SerialNumber: syz [ 563.374515][ T5978] usb 3-1: config 0 descriptor?? [ 563.385457][ T5978] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22 [ 563.515980][T10449] Bluetooth: hci4: command tx timeout [ 563.617788][ T59] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.626869][ T5978] usb 3-1: USB disconnect, device number 24 [ 563.791458][T11225] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1696'. [ 564.055224][ T59] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.114195][T10449] Bluetooth: hci6: command tx timeout [ 564.114231][T10449] Bluetooth: hci5: command tx timeout [ 565.169422][T11258] netlink: 'syz.4.1699': attribute type 4 has an invalid length. [ 565.882474][ T5804] Bluetooth: hci4: command tx timeout [ 566.345757][ T5804] Bluetooth: hci6: command tx timeout [ 566.680530][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 566.680565][ C0] lec:lec_tx_timeout: lec0 [ 566.680707][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 566.996753][T11277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1702'. [ 566.996778][T11277] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1702'. [ 567.317787][T11159] chnl_net:caif_netlink_parms(): no params data found [ 567.585822][ T59] bridge_slave_1: left allmulticast mode [ 567.586024][ T59] bridge_slave_1: left promiscuous mode [ 567.599777][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.739853][ T59] bridge_slave_0: left allmulticast mode [ 567.739881][ T59] bridge_slave_0: left promiscuous mode [ 567.740150][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.110310][ T5804] Bluetooth: hci4: command tx timeout [ 568.561500][ T5804] Bluetooth: hci6: command tx timeout [ 572.035854][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 572.035889][ C0] lec:lec_tx_timeout: lec0 [ 572.035990][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 572.753023][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 572.843347][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.882843][ T59] bond0 (unregistering): Released all slaves [ 573.760026][ T59] bond1 (unregistering): Released all slaves [ 574.036342][ T59] !9: left promiscuous mode [ 577.395629][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 577.395663][ C0] lec:lec_tx_timeout: lec0 [ 577.395876][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 577.583248][T11355] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1718'. [ 577.583274][T11355] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1718'. [ 579.432606][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 579.432677][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 582.750873][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 582.750896][ C0] lec:lec_tx_timeout: lec0 [ 582.750982][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 588.103887][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 588.103922][ C0] lec:lec_tx_timeout: lec0 [ 588.104028][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 588.964100][T10449] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 589.013801][T10449] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 589.020935][T10449] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 589.022367][T10449] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 589.025696][T10449] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 590.018379][T11166] chnl_net:caif_netlink_parms(): no params data found [ 590.023857][T11154] chnl_net:caif_netlink_parms(): no params data found [ 591.236230][ T5804] Bluetooth: hci0: command tx timeout [ 591.418560][T11327] syz_tun (unregistering): left promiscuous mode [ 591.654591][T11159] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.654763][T11159] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.654976][T11159] bridge_slave_0: entered allmulticast mode [ 591.657510][T11159] bridge_slave_0: entered promiscuous mode [ 591.737253][T11159] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.737394][T11159] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.737609][T11159] bridge_slave_1: entered allmulticast mode [ 591.742239][T11159] bridge_slave_1: entered promiscuous mode [ 592.123089][T11393] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1726'. [ 592.123106][T11393] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1726'. [ 592.823037][T11159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 593.123068][T11166] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.123249][T11166] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.123501][T11166] bridge_slave_0: entered allmulticast mode [ 593.126655][T11166] bridge_slave_0: entered promiscuous mode [ 593.242236][T11154] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.242358][T11154] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.242599][T11154] bridge_slave_0: entered allmulticast mode [ 593.248434][T11154] bridge_slave_0: entered promiscuous mode [ 593.257268][T11402] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 593.271104][T11159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 593.271750][T11166] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.271884][T11166] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.272071][T11166] bridge_slave_1: entered allmulticast mode [ 593.274747][T11166] bridge_slave_1: entered promiscuous mode [ 593.390192][T11154] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.390328][T11154] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.390545][T11154] bridge_slave_1: entered allmulticast mode [ 593.393413][T11154] bridge_slave_1: entered promiscuous mode [ 593.411113][T11405] 9pnet_fd: Insufficient options for proto=fd [ 593.449211][ T5804] Bluetooth: hci0: command tx timeout [ 593.459960][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 593.459993][ C0] lec:lec_tx_timeout: lec0 [ 593.460084][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 593.955659][T11159] team0: Port device team_slave_0 added [ 594.090672][ T59] hsr_slave_0: left promiscuous mode [ 594.112042][ T59] hsr_slave_1: left promiscuous mode [ 594.113089][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 594.113226][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.169604][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 594.169631][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.246179][ T59] veth1_macvtap: left promiscuous mode [ 594.246529][ T59] veth0_macvtap: left promiscuous mode [ 594.248330][ T59] veth1_vlan: left promiscuous mode [ 594.248757][ T59] veth0_vlan: left promiscuous mode [ 594.319772][ T5804] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 594.319798][ T5804] CPU: 0 UID: 0 PID: 5804 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 594.319820][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 594.319833][ T5804] Workqueue: hci3 hci_rx_work [ 594.319860][ T5804] Call Trace: [ 594.319869][ T5804] [ 594.319879][ T5804] dump_stack_lvl+0x189/0x250 [ 594.319918][ T5804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 594.319946][ T5804] ? __pfx__printk+0x10/0x10 [ 594.319972][ T5804] ? kernfs_path_from_node+0x2c/0x280 [ 594.319992][ T5804] ? kernfs_path_from_node+0x243/0x280 [ 594.320010][ T5804] ? kernfs_path_from_node+0x2c/0x280 [ 594.320031][ T5804] sysfs_create_dir_ns+0x259/0x280 [ 594.320049][ T5804] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 594.320070][ T5804] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 594.320093][ T5804] ? rt_spin_unlock+0x161/0x200 [ 594.320118][ T5804] kobject_add_internal+0x5a5/0xb50 [ 594.320146][ T5804] kobject_add+0x155/0x220 [ 594.320169][ T5804] ? __pfx_kobject_add+0x10/0x10 [ 594.320197][ T5804] ? get_device_parent+0x370/0x3a0 [ 594.320229][ T5804] device_add+0x408/0xb50 [ 594.320260][ T5804] hci_conn_add_sysfs+0xd5/0x1e0 [ 594.320283][ T5804] le_conn_complete_evt+0xf39/0x1500 [ 594.320323][ T5804] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 594.320351][ T5804] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 594.320378][ T5804] ? lockdep_hardirqs_on+0x9c/0x150 [ 594.320410][ T5804] ? skb_pull_data+0xfb/0x200 [ 594.320441][ T5804] hci_le_conn_complete_evt+0x187/0x450 [ 594.320474][ T5804] hci_event_packet+0x78f/0x1200 [ 594.320581][ T5804] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 594.320610][ T5804] ? __pfx_hci_event_packet+0x10/0x10 [ 594.320642][ T5804] ? hci_send_to_monitor+0xe2/0x570 [ 594.320671][ T5804] hci_rx_work+0x46a/0xe80 [ 594.320701][ T5804] ? process_scheduled_works+0x9ef/0x17b0 [ 594.320725][ T5804] process_scheduled_works+0xae1/0x17b0 [ 594.320775][ T5804] ? __pfx_process_scheduled_works+0x10/0x10 [ 594.320819][ T5804] worker_thread+0x8a0/0xda0 [ 594.320871][ T5804] kthread+0x711/0x8a0 [ 594.320904][ T5804] ? __pfx_worker_thread+0x10/0x10 [ 594.320927][ T5804] ? __pfx_kthread+0x10/0x10 [ 594.320950][ T5804] ? rt_spin_unlock+0x150/0x200 [ 594.320974][ T5804] ? rt_spin_unlock+0x161/0x200 [ 594.320992][ T5804] ? __pfx_kthread+0x10/0x10 [ 594.321019][ T5804] ret_from_fork+0x4bc/0x870 [ 594.321044][ T5804] ? __pfx_ret_from_fork+0x10/0x10 [ 594.321073][ T5804] ? __switch_to_asm+0x39/0x70 [ 594.321096][ T5804] ? __switch_to_asm+0x33/0x70 [ 594.321113][ T5804] ? __pfx_kthread+0x10/0x10 [ 594.321142][ T5804] ret_from_fork_asm+0x1a/0x30 [ 594.321181][ T5804] [ 594.322540][ T5804] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 594.322586][ T5804] Bluetooth: hci3: failed to register connection device [ 595.673020][ T5804] Bluetooth: hci0: command tx timeout [ 595.820313][T11419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1735'. [ 595.820330][T11419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1735'. [ 597.896599][ T5804] Bluetooth: hci0: command tx timeout [ 598.324765][ T59] team0 (unregistering): Port device team_slave_1 removed [ 598.570611][ T59] team0 (unregistering): Port device team_slave_0 removed [ 598.815876][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 598.815910][ C0] lec:lec_tx_timeout: lec0 [ 598.816011][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 600.207153][ T59] team0 (unregistering): Port device dummy0 removed [ 601.204374][T11166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.244828][T11154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.248519][T11159] team0: Port device team_slave_1 added [ 601.376277][T11166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 601.393345][T11154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 601.766603][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 601.940685][ T9] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 601.940721][ T9] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1648, setting to 1024 [ 601.940747][ T9] usb 3-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 601.940761][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 601.942995][ T9] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0a56, bcdDevice= 0.40 [ 601.943015][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.943025][ T9] usb 3-1: Product: С [ 601.943032][ T9] usb 3-1: Manufacturer: ᠁ [ 601.943040][ T9] usb 3-1: SerialNumber: 艿畆㫆躐픍ই娮䋨샺ꯤ琨׀蹄윋숃豂㨖斛큍竢괳ⵌ༠歨覥뫿六庽繿蕫먶ᘋ뽉虬㲹琻椣ㄅЌ綑润䙓睼磥翧䫥쫾ꬢ궐꒲톸㮂Ժ쥵贿ᅫ霽 [ 601.947275][T11428] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 602.080041][T11159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.080057][T11159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 602.080078][T11159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 602.086582][T11166] team0: Port device team_slave_0 added [ 602.098587][T11154] team0: Port device team_slave_0 added [ 602.100015][T11159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 602.100028][T11159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 602.100053][T11159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 602.107257][T11166] team0: Port device team_slave_1 added [ 602.132593][T11154] team0: Port device team_slave_1 added [ 602.225285][ T9] usbhid 3-1:1.0: can't add hid device: -71 [ 602.225387][ T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 602.269345][ T9] usb 3-1: USB disconnect, device number 25 [ 602.800362][ T5804] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 602.917118][T11166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.917135][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 602.917154][T11166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 602.947599][T11154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 602.947613][T11154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 602.947631][T11154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 603.086152][T11450] trusted_key: encrypted_key: keyword 'upw' not recognized [ 603.179269][T11166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 603.179280][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 603.179294][T11166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.180259][T11154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 603.180267][T11154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 603.180286][T11154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.394997][T11159] hsr_slave_0: entered promiscuous mode [ 603.395852][T11159] hsr_slave_1: entered promiscuous mode [ 603.396427][T11159] debugfs: 'hsr0' already exists in 'hsr' [ 603.396444][T11159] Cannot create hsr debugfs directory [ 604.029454][T11166] hsr_slave_0: entered promiscuous mode [ 604.030945][T11166] hsr_slave_1: entered promiscuous mode [ 604.032008][T11166] debugfs: 'hsr0' already exists in 'hsr' [ 604.032033][T11166] Cannot create hsr debugfs directory [ 604.102053][T11154] hsr_slave_0: entered promiscuous mode [ 604.102973][T11154] hsr_slave_1: entered promiscuous mode [ 604.103646][T11154] debugfs: 'hsr0' already exists in 'hsr' [ 604.103662][T11154] Cannot create hsr debugfs directory [ 604.171934][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 604.171968][ C0] lec:lec_tx_timeout: lec0 [ 604.172067][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 605.009312][T11362] chnl_net:caif_netlink_parms(): no params data found [ 605.771472][T10449] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 606.264073][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.288845][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 606.458229][ T9] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 606.458256][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 606.458274][ T9] usb 3-1: config 0 has no interface number 0 [ 606.485518][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 606.485536][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.485547][ T9] usb 3-1: Product: syz [ 606.485554][ T9] usb 3-1: Manufacturer: syz [ 606.485561][ T9] usb 3-1: SerialNumber: syz [ 606.489482][ T9] usb 3-1: config 0 descriptor?? [ 606.530900][ T9] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22 [ 606.643818][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.721529][ T9] usb 3-1: USB disconnect, device number 26 [ 607.501996][T11498] trusted_key: encrypted_key: keyword 'upw' not recognized [ 607.590108][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.659119][T11362] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.659262][T11362] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.659488][T11362] bridge_slave_0: entered allmulticast mode [ 607.707125][T11362] bridge_slave_0: entered promiscuous mode [ 607.889128][T11362] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.889292][T11362] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.889502][T11362] bridge_slave_1: entered allmulticast mode [ 607.896965][T11362] bridge_slave_1: entered promiscuous mode [ 608.168032][T11507] openvswitch: netlink: IP tunnel dst address not specified [ 608.238735][ T5804] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 608.275878][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.521051][T11362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 608.538869][T11362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 608.949966][T11362] team0: Port device team_slave_0 added [ 608.965958][T11362] team0: Port device team_slave_1 added [ 609.295348][T11159] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 609.327512][T11362] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.327524][T11362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.327538][T11362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.344910][T11159] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 609.511687][T11362] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 609.511698][T11362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.511713][T11362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 609.512715][T11159] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 609.527919][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 609.527952][ C0] lec:lec_tx_timeout: lec0 [ 609.528047][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 609.603586][T11159] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 610.022616][T11527] trusted_key: encrypted_key: keyword 'upw' not recognized [ 610.391882][T11362] hsr_slave_0: entered promiscuous mode [ 610.396502][T11362] hsr_slave_1: entered promiscuous mode [ 610.398835][T11362] debugfs: 'hsr0' already exists in 'hsr' [ 610.398871][T11362] Cannot create hsr debugfs directory [ 610.653942][T10449] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 610.712480][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.254323][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.606545][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.081286][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.036275][T11166] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 613.097913][T11166] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 613.132708][T11166] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 613.245372][T11166] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 613.465603][T11154] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 613.517396][T11154] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 613.721700][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.769187][T11154] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 613.829614][T11154] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 614.101472][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.223419][T11159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 614.386692][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.439544][T11362] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 614.481725][T11362] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 614.660856][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.698969][T11362] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 614.741626][T11362] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 614.802593][T11159] 8021q: adding VLAN 0 to HW filter on device team0 [ 614.871197][ T1373] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.871344][ T1373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.886783][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 614.886816][ C0] lec:lec_tx_timeout: lec0 [ 614.886931][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 614.954183][ T3645] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.954437][ T3645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 615.440845][T11166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 615.449116][ T59] bridge_slave_1: left allmulticast mode [ 615.449145][ T59] bridge_slave_1: left promiscuous mode [ 615.460877][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.550188][ T59] bridge_slave_0: left allmulticast mode [ 615.550216][ T59] bridge_slave_0: left promiscuous mode [ 615.550513][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.567837][ T5804] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 615.670496][ T59] bridge_slave_1: left allmulticast mode [ 615.670526][ T59] bridge_slave_1: left promiscuous mode [ 615.670766][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.751421][ T59] bridge_slave_0: left allmulticast mode [ 615.751450][ T59] bridge_slave_0: left promiscuous mode [ 615.752474][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.783624][T11588] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1766'. [ 615.848770][ T59] bridge_slave_1: left allmulticast mode [ 615.848791][ T59] bridge_slave_1: left promiscuous mode [ 615.848944][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.932566][ T59] bridge_slave_0: left allmulticast mode [ 615.932595][ T59] bridge_slave_0: left promiscuous mode [ 615.932755][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.755026][ T59] ip6gretap0 (unregistering): left promiscuous mode [ 618.465774][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 618.551234][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 618.574324][ T59] bond0 (unregistering): Released all slaves [ 619.674447][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 619.727463][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 619.730664][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 619.733358][ T5804] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 619.735101][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 620.379883][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 620.464931][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 620.489266][ T59] bond0 (unregistering): Released all slaves [ 621.169894][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5870 ms [ 621.169928][ C0] lec:lec_tx_timeout: lec0 [ 621.170061][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 622.014595][T10449] Bluetooth: hci1: command tx timeout [ 622.303746][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 622.372256][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 622.391385][ T59] bond0 (unregistering): Released all slaves [ 623.235352][ T59] bond1 (unregistering): Released all slaves [ 623.557182][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 623.562642][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 623.563963][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 623.595444][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 623.600806][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 624.052131][ T5804] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 624.055413][ T5804] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 624.058681][ T5804] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 624.078441][ T5804] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 624.080210][ T5804] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 624.249173][T10449] Bluetooth: hci1: command tx timeout [ 624.283116][ T59] bond2 (unregistering): Released all slaves [ 624.943152][ T59] tipc: Disabling bearer [ 624.950876][ T59] tipc: Left network mode [ 625.777914][T10449] Bluetooth: hci2: command tx timeout [ 626.291074][T10449] Bluetooth: hci7: command tx timeout [ 626.463251][T10449] Bluetooth: hci1: command tx timeout [ 626.515213][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 626.515245][ C0] lec:lec_tx_timeout: lec0 [ 626.515358][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 626.576763][T10449] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 626.746016][T11623] trusted_key: encrypted_key: keyword 'upw' not recognized [ 627.423716][T11362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.015866][ T5804] Bluetooth: hci2: command tx timeout [ 628.514515][ T5804] Bluetooth: hci7: command tx timeout [ 628.689024][ T5804] Bluetooth: hci1: command tx timeout [ 628.837357][T11362] 8021q: adding VLAN 0 to HW filter on device team0 [ 630.187759][ T5804] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 630.225807][ T5804] Bluetooth: hci2: command tx timeout [ 630.231843][T11600] chnl_net:caif_netlink_parms(): no params data found [ 630.368190][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.368351][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 630.458373][T11591] chnl_net:caif_netlink_parms(): no params data found [ 630.477848][T11596] chnl_net:caif_netlink_parms(): no params data found [ 630.738673][ T5804] Bluetooth: hci7: command tx timeout [ 630.993126][ T1463] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.993256][ T1463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.871448][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 631.873985][ C0] lec:lec_tx_timeout: lec0 [ 631.879543][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 632.449056][ T5804] Bluetooth: hci2: command tx timeout [ 632.868655][T11600] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.868866][T11600] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.869367][T11600] bridge_slave_0: entered allmulticast mode [ 632.911420][T11600] bridge_slave_0: entered promiscuous mode [ 632.962850][ T5804] Bluetooth: hci7: command tx timeout [ 633.156532][T11600] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.156669][T11600] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.156878][T11600] bridge_slave_1: entered allmulticast mode [ 633.159722][T11600] bridge_slave_1: entered promiscuous mode [ 633.496418][T11591] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.496572][T11591] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.496838][T11591] bridge_slave_0: entered allmulticast mode [ 633.507678][T11591] bridge_slave_0: entered promiscuous mode [ 633.639086][T11596] bridge0: port 1(bridge_slave_0) entered blocking state [ 633.639212][T11596] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.639421][T11596] bridge_slave_0: entered allmulticast mode [ 633.642311][T11596] bridge_slave_0: entered promiscuous mode [ 633.653648][T11591] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.653788][T11591] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.654032][T11591] bridge_slave_1: entered allmulticast mode [ 633.658143][T11591] bridge_slave_1: entered promiscuous mode [ 633.936609][T11596] bridge0: port 2(bridge_slave_1) entered blocking state [ 633.936758][T11596] bridge0: port 2(bridge_slave_1) entered disabled state [ 633.936992][T11596] bridge_slave_1: entered allmulticast mode [ 633.942685][T11596] bridge_slave_1: entered promiscuous mode [ 634.191253][ T5892] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 634.272643][T11600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.358059][ T5892] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 634.358095][ T5892] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 634.358113][ T5892] usb 3-1: config 0 has no interface number 0 [ 634.361170][ T5892] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 634.361198][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.361217][ T5892] usb 3-1: Product: syz [ 634.361230][ T5892] usb 3-1: Manufacturer: syz [ 634.361243][ T5892] usb 3-1: SerialNumber: syz [ 634.383841][ T5892] usb 3-1: config 0 descriptor?? [ 634.391703][ T5892] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22 [ 634.573847][T11600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.617185][ T5805] usb 3-1: USB disconnect, device number 27 [ 634.668049][T11591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.773457][T11596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.782055][T11591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.893268][T11596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.135318][T11600] team0: Port device team_slave_0 added [ 635.353349][T11600] team0: Port device team_slave_1 added [ 636.444709][T11591] team0: Port device team_slave_0 added [ 636.684620][T11596] team0: Port device team_slave_0 added [ 636.688425][T11591] team0: Port device team_slave_1 added [ 637.227602][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 637.230123][ C0] lec:lec_tx_timeout: lec0 [ 637.232129][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 637.634429][T11596] team0: Port device team_slave_1 added [ 637.752468][ T59] hsr_slave_0: left promiscuous mode [ 637.793937][ T59] hsr_slave_1: left promiscuous mode [ 637.794592][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 637.826908][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 637.826937][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 638.531862][ T59] hsr_slave_0: left promiscuous mode [ 638.575876][ T59] hsr_slave_1: left promiscuous mode [ 638.576852][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 638.576876][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 638.628816][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 638.628845][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 638.798937][ T59] hsr_slave_0: left promiscuous mode [ 638.820453][ T59] hsr_slave_1: left promiscuous mode [ 638.821218][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 638.821235][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 638.875125][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 638.875153][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 639.024467][ T59] veth1_macvtap: left promiscuous mode [ 639.024540][ T59] veth0_macvtap: left promiscuous mode [ 639.162634][ T59] veth1_macvtap: left promiscuous mode [ 639.162709][ T59] veth0_macvtap: left promiscuous mode [ 639.162854][ T59] veth1_vlan: left promiscuous mode [ 639.162952][ T59] veth0_vlan: left promiscuous mode [ 639.290858][ T59] veth1_macvtap: left promiscuous mode [ 639.290923][ T59] veth0_macvtap: left promiscuous mode [ 639.291035][ T59] veth1_vlan: left promiscuous mode [ 639.291146][ T59] veth0_vlan: left promiscuous mode [ 642.359937][ T59] team0 (unregistering): Port device team_slave_1 removed [ 642.594139][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5020 ms [ 642.594172][ C0] lec:lec_tx_timeout: lec0 [ 642.594283][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 642.617772][ T59] team0 (unregistering): Port device team_slave_0 removed [ 645.114342][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 645.114414][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 647.502147][ T59] team0 (unregistering): Port device team_slave_1 removed [ 647.769091][ T59] team0 (unregistering): Port device team_slave_0 removed [ 647.949930][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 647.949963][ C0] lec:lec_tx_timeout: lec0 [ 647.950069][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 652.708293][ T59] team0 (unregistering): Port device team_slave_1 removed [ 652.954109][ T59] team0 (unregistering): Port device team_slave_0 removed [ 653.305955][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 653.305993][ C0] lec:lec_tx_timeout: lec0 [ 653.306094][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 653.599633][T10449] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 653.601578][T10449] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 653.603041][T10449] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 653.604214][T10449] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 653.605021][T10449] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 654.764252][ T5811] ------------[ cut here ]------------ [ 654.764275][ T5811] WARNING: CPU: 1 PID: 5811 at kernel/kcov.c:477 kcov_task_exit+0x13c/0x150 [ 654.764326][ T5811] Modules linked in: [ 654.764346][ T5811] CPU: 1 UID: 0 PID: 5811 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 654.764369][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 654.764382][ T5811] RIP: 0010:kcov_task_exit+0x13c/0x150 [ 654.764409][ T5811] Code: c7 c7 50 45 c5 8e 48 c7 c6 1e 27 da 8c 48 c7 c2 e4 fc d8 8c 4c 89 f9 e8 42 61 f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90 [ 654.764426][ T5811] RSP: 0018:ffffc90004ae7ac0 EFLAGS: 00010206 [ 654.764443][ T5811] RAX: 23bd912bc5e95e00 RBX: ffff888026c65e00 RCX: 0000000000000000 [ 654.764458][ T5811] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff [ 654.764470][ T5811] RBP: ffffc90004ae7c28 R08: 0000000000000000 R09: ffffffff8ac2eb41 [ 654.764483][ T5811] R10: dffffc0000000000 R11: fffffbfff1dac82f R12: 1ffff11004dfc01d [ 654.764496][ T5811] R13: 0000000000000009 R14: ffff888026c65e08 R15: ffff88803315da00 [ 654.764508][ T5811] FS: 0000555577068500(0000) GS:ffff888126ef6000(0000) knlGS:0000000000000000 [ 654.764523][ T5811] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 654.764535][ T5811] CR2: 00007f8c7dfe5000 CR3: 0000000031932000 CR4: 00000000003526f0 [ 654.764553][ T5811] Call Trace: [ 654.764562][ T5811] [ 654.764571][ T5811] do_exit+0x105/0x2300 [ 654.764598][ T5811] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 654.764627][ T5811] ? __lock_acquire+0xab9/0xd20 [ 654.764659][ T5811] ? __pfx_do_exit+0x10/0x10 [ 654.764685][ T5811] ? rt_mutex_slowunlock+0x493/0x8a0 [ 654.764706][ T5811] ? rt_spin_lock+0x1c1/0x3e0 [ 654.764730][ T5811] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 654.764758][ T5811] do_group_exit+0x21c/0x2d0 [ 654.764775][ T5811] ? rt_spin_unlock+0x161/0x200 [ 654.764798][ T5811] get_signal+0x125d/0x1310 [ 654.764843][ T5811] arch_do_signal_or_restart+0xa0/0x790 [ 654.764866][ T5811] ? __pfx___x64_sys_wait4+0x10/0x10 [ 654.764886][ T5811] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 654.764924][ T5811] ? exit_to_user_mode_loop+0x40/0x130 [ 654.764956][ T5811] exit_to_user_mode_loop+0x72/0x130 [ 654.764982][ T5811] do_syscall_64+0x2bd/0xfa0 [ 654.765011][ T5811] ? lockdep_hardirqs_on+0x9c/0x150 [ 654.765039][ T5811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.765059][ T5811] ? clear_bhb_loop+0x60/0xb0 [ 654.765084][ T5811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.765104][ T5811] RIP: 0033:0x7f71afc25897 [ 654.765123][ T5811] Code: 89 7c 24 10 48 89 4c 24 18 e8 65 1c 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 b5 1c 03 00 8b 44 [ 654.765141][ T5811] RSP: 002b:00007ffdad936880 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 654.765162][ T5811] RAX: fffffffffffffe00 RBX: 00000000000004a8 RCX: 00007f71afc25897 [ 654.765177][ T5811] RDX: 0000000040000000 RSI: 00007ffdad9368ec RDI: 00000000ffffffff [ 654.765192][ T5811] RBP: 00007ffdad9368ec R08: 0000000000000000 R09: 0000000000000000 [ 654.765205][ T5811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000185 [ 654.765219][ T5811] R13: 000055557707b590 R14: 0000000000097247 R15: 00007ffdad936940 [ 654.765254][ T5811] [ 654.765271][ T5811] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 654.765287][ T5811] CPU: 1 UID: 0 PID: 5811 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 654.765319][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 654.765331][ T5811] Call Trace: [ 654.765339][ T5811] [ 654.765347][ T5811] dump_stack_lvl+0x99/0x250 [ 654.765380][ T5811] ? __asan_memcpy+0x40/0x70 [ 654.765404][ T5811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 654.765434][ T5811] ? __pfx__printk+0x10/0x10 [ 654.765473][ T5811] vpanic+0x237/0x6d0 [ 654.765494][ T5811] ? __pfx_vpanic+0x10/0x10 [ 654.765526][ T5811] panic+0xb9/0xc0 [ 654.765545][ T5811] ? __pfx_panic+0x10/0x10 [ 654.765581][ T5811] __warn+0x31b/0x4b0 [ 654.765599][ T5811] ? kcov_task_exit+0x13c/0x150 [ 654.765629][ T5811] ? kcov_task_exit+0x13c/0x150 [ 654.765655][ T5811] report_bug+0x2be/0x4f0 [ 654.765687][ T5811] ? kcov_task_exit+0x13c/0x150 [ 654.765714][ T5811] ? kcov_task_exit+0x13c/0x150 [ 654.765744][ T5811] ? kcov_task_exit+0x13e/0x150 [ 654.765770][ T5811] handle_bug+0x84/0x160 [ 654.765792][ T5811] exc_invalid_op+0x1a/0x50 [ 654.765813][ T5811] asm_exc_invalid_op+0x1a/0x20 [ 654.765832][ T5811] RIP: 0010:kcov_task_exit+0x13c/0x150 [ 654.765858][ T5811] Code: c7 c7 50 45 c5 8e 48 c7 c6 1e 27 da 8c 48 c7 c2 e4 fc d8 8c 4c 89 f9 e8 42 61 f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90 [ 654.765876][ T5811] RSP: 0018:ffffc90004ae7ac0 EFLAGS: 00010206 [ 654.765893][ T5811] RAX: 23bd912bc5e95e00 RBX: ffff888026c65e00 RCX: 0000000000000000 [ 654.765909][ T5811] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff [ 654.765923][ T5811] RBP: ffffc90004ae7c28 R08: 0000000000000000 R09: ffffffff8ac2eb41 [ 654.765939][ T5811] R10: dffffc0000000000 R11: fffffbfff1dac82f R12: 1ffff11004dfc01d [ 654.765955][ T5811] R13: 0000000000000009 R14: ffff888026c65e08 R15: ffff88803315da00 [ 654.765978][ T5811] ? rt_spin_lock+0x1c1/0x3e0 [ 654.766012][ T5811] do_exit+0x105/0x2300 [ 654.766041][ T5811] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 654.766072][ T5811] ? __lock_acquire+0xab9/0xd20 [ 654.766107][ T5811] ? __pfx_do_exit+0x10/0x10 [ 654.766135][ T5811] ? rt_mutex_slowunlock+0x493/0x8a0 [ 654.766158][ T5811] ? rt_spin_lock+0x1c1/0x3e0 [ 654.766187][ T5811] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 654.766219][ T5811] do_group_exit+0x21c/0x2d0 [ 654.766239][ T5811] ? rt_spin_unlock+0x161/0x200 [ 654.766266][ T5811] get_signal+0x125d/0x1310 [ 654.766320][ T5811] arch_do_signal_or_restart+0xa0/0x790 [ 654.766342][ T5811] ? __pfx___x64_sys_wait4+0x10/0x10 [ 654.766364][ T5811] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 654.766405][ T5811] ? exit_to_user_mode_loop+0x40/0x130 [ 654.766435][ T5811] exit_to_user_mode_loop+0x72/0x130 [ 654.766463][ T5811] do_syscall_64+0x2bd/0xfa0 [ 654.766491][ T5811] ? lockdep_hardirqs_on+0x9c/0x150 [ 654.766520][ T5811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.766540][ T5811] ? clear_bhb_loop+0x60/0xb0 [ 654.766566][ T5811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.766586][ T5811] RIP: 0033:0x7f71afc25897 [ 654.766602][ T5811] Code: 89 7c 24 10 48 89 4c 24 18 e8 65 1c 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 b5 1c 03 00 8b 44 [ 654.766620][ T5811] RSP: 002b:00007ffdad936880 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 654.766640][ T5811] RAX: fffffffffffffe00 RBX: 00000000000004a8 RCX: 00007f71afc25897 [ 654.766655][ T5811] RDX: 0000000040000000 RSI: 00007ffdad9368ec RDI: 00000000ffffffff [ 654.766669][ T5811] RBP: 00007ffdad9368ec R08: 0000000000000000 R09: 0000000000000000 [ 654.766683][ T5811] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000185 [ 654.766697][ T5811] R13: 000055557707b590 R14: 0000000000097247 R15: 00007ffdad936940 [ 654.766731][ T5811] [ 654.767184][ T5811] Kernel Offset: disabled