last executing test programs: 28.996518389s ago: executing program 2 (id=5054): pipe(0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) syz_open_dev$video4linux(&(0x7f0000001040), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r2, 0x8b1a, &(0x7f0000000040)) 26.469129908s ago: executing program 2 (id=5060): r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x862b01) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) syz_open_procfs(0x0, 0x0) read$FUSE(r1, 0x0, 0x9) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000003c0)={0x54, 0x0, 0x1, {0x1, 0x1}, {0x4b, 0x2}, @cond=[{0x8, 0x5388, 0x8, 0x800, 0x7, 0xa}, {0x0, 0x6, 0x7ff, 0x3, 0x6, 0x400}]}) capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000200)={0x5}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1a, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002502000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe5d6405000000000075040000000d00000701000000000000b70400001000e5206a07f0ff00000000850000007d000000b70000000a00000095000000000000006458c2c62fc206000000f909a63796c113a80c19aab9d60700ffffffff483be3f0d3253730e78000000062c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766aeb39439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c013700e69274f8e9c31975e551558055dc2dc29edc33b375fa325dcf3e91e20f63d7030dbe7ff7f51fe89c3d17cf45a1616ad237682057034dfdc81f5a53cd640212c88e8b687a2446049577c75b76b775c1e301caf2465ed4b2ad56b848d046c52bfc3737127120ab17d82a294d174f240a3cdc725cfe6e839a1f80f59486578e45b008d39ab618f660e3c53ed4409aa92ae4fecd913060ca74ed8a303e22de12087a217d8d7be0ae1117cc791313b1318497dd5ebeef0d7e1795a6ff20f699870ebb137cffa79465da52ab2b3430ba0ba59152496a1ea5dd1e4dee46f6d3688603b5f25a588a31da4e481884074e211dd09a8b8039d0834507656ed7d552a990c1354d7638b2c2215dd9f606b01a92fabc6eb6fa033a86f8920e2168a80d7c86da5ad1d27c8d2a180e56046a49b989128ea736894d3eef8dca16ed63520be4654ddb14bfe4268c487c5a75c044e21021c089608c50adbc4e3f4c6a4ca86c7d2df5bc7c76e413d05e8f57b1e22d4af34f9d4d2e6e4d4f57f47aebdd5f98f67834c656b2fe09df4a1b15116fceaa404a6df278c7c629f584ba8d37c1137c2263ae02ad3718a03a886eb"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8}, 0x94) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)=0x1e) stat(&(0x7f0000000040)='.\x00', &(0x7f0000000080)) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r8, 0xae47, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 23.903717292s ago: executing program 2 (id=5066): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'macsec0\x00', 0x0}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f00000006c0)=@deltclass={0x60, 0x29, 0xa, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff1, 0x3}, {0x4, 0xfff2}, {0x5, 0xffe0}}, [@c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x3}}}, @c_atm={{0x8}, {0x4}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x4}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8010}, 0x20040054) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x8800010, 0x73667bb6, 0x3}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18) write$tun(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYBLOB="016f0800010000000000200000004b6f00b10065000086219078ac141416e0000001865b0000000102030805053895af020f4cbc9e9dfc54abedcde3d3619cdc82b9691a76eb060dc51e805f7e46884e0f725c021078009b1d635cfbc1f8a362c317a80006653c0dcc0704846406091923610208758d020e5558ffe9418be70c03df16e7830f6fac1e0001ffffffffac141432019404010086121d000000070ca6e806000000409c0389509ae3b6e4715fc356c6440c8d3164010100000000"], 0xbf) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) r3 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x6, &(0x7f0000000240)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000000803010000000000000000000179004900010073abf0cf382e3c688438797a30000000000500030006000000060002408863000004000480"], 0x34}}, 0x0) 23.298434277s ago: executing program 4 (id=5067): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x21) lsetxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)={'L-', 0x3}, 0x16, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$igmp6(0xa, 0x3, 0x2) r4 = socket(0x28, 0x1, 0x0) r5 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0xc81d, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000001c0)=@vsock={0x28, 0x0, 0xffffffff, @my=0x0}, 0x0, 0x0, 0x1}) io_uring_enter(r5, 0x47b2, 0x10f9, 0x82, 0x0, 0x48) 22.185457948s ago: executing program 4 (id=5069): fsopen(&(0x7f0000000140)='nilfs2\x00', 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x237, &(0x7f0000000280)={0x0, 0x275, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x41, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, {0x1000}, 0x1}) r7 = socket$can_bcm(0x1d, 0x2, 0x2) fcntl$getownex(r7, 0x10, &(0x7f0000006280)) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000300)={0x60, 0x2, &(0x7f0000001000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x5, &(0x7f00000000c0)=[{0x3, 0x6, 0x9}, {0x8, 0x0, 0x101}, {0x7, 0xffffffff80000001, 0xace}], 0x3, 0x100000001, 0x40, 0x41, 0x27, 0x10}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xb, &(0x7f0000001580)=ANY=[@ANYBLOB="18000000010000000000000008000000180500002020702500000000002020207b1af8ff00000000"], 0x0, 0xe, 0xff5, &(0x7f00000003c0)=""/4085}, 0x94) syz_open_procfs(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000006200)={r6, 0x37, &(0x7f0000001480)}, 0x10) 16.256070424s ago: executing program 2 (id=5081): pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000180)={0x1, 0x3fce, 0x2, 0x3}) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) setgroups(0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) preadv2(r5, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x3, 0x2b, 0x0, 0x0) setregid(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) setxattr$system_posix_acl(&(0x7f00000003c0)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000540)={{}, {}, [{0x2, 0x5}], {}, [{0x8, 0x1}, {0x8, 0x4}], {}, {0x20, 0x6}}, 0x3c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x13, r6, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_pktinfo(r7, 0x0, 0x8, 0x0, &(0x7f0000000380)) ioctl$sock_inet_SIOCGARP(r7, 0x8954, &(0x7f0000000300)={{0x2, 0x4e22, @rand_addr=0x64010102}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'nicvf0\x00'}) getpeername(r3, &(0x7f0000000180)=@in={0x2, 0x0, @remote}, &(0x7f00000000c0)=0x80) 15.125204084s ago: executing program 4 (id=5083): pipe(&(0x7f0000000040)) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) syz_open_dev$video4linux(&(0x7f0000001040), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r2, 0x8b1a, &(0x7f0000000040)) 14.179516s ago: executing program 4 (id=5085): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'dh\x00', 0x1, 0x4, 0x72}, 0x2c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r5, 0x40107446, &(0x7f0000001000)={0x1, &(0x7f0000000140)=[{0x45, 0x9, 0x0, 0x2}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffd04) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x700, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x4, 0x6, 0x79}, {@remote, 0x4e20, 0x10001, 0xc, 0x2}}, 0x44) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69"], 0x118}}, 0x0) 13.388129783s ago: executing program 2 (id=5088): r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x3}}, 0x10) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x101d0) 12.667508385s ago: executing program 4 (id=5091): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'macsec0\x00', 0x0}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f00000006c0)=@deltclass={0x60, 0x29, 0xa, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff1, 0x3}, {0x4, 0xfff2}, {0x5, 0xffe0}}, [@c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x3}}}, @c_atm={{0x8}, {0x4}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x4}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8010}, 0x20040054) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x8800010, 0x73667bb6, 0x3}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18) write$tun(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYBLOB="016f0800010000000000200000004b6f00b10065000086219078ac141416e0000001865b0000000102030805053895af020f4cbc9e9dfc54abedcde3d3619cdc82b9691a76eb060dc51e805f7e46884e0f725c021078009b1d635cfbc1f8a362c317a80006653c0dcc0704846406091923610208758d020e5558ffe9418be70c03df16e7830f6fac1e0001ffffffffac141432019404010086121d000000070ca6e806000000409c0389509ae3b6e4715fc356c6440c8d3164010100000000"], 0xbf) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) r3 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x6, &(0x7f0000000240)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="34000000000803010000000000000000000179004900010073abf0cf382e3c688438797a30000000000500030006000000060002408863000004000480"], 0x34}}, 0x0) 11.442413718s ago: executing program 0 (id=5094): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206"], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000000f14010027bd7000fcdbdf250b00450075766572627376"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_tcp(0x2, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_freezer_state(r3, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r4, &(0x7f0000000440)='FROZEN\x00', 0x7) r5 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r5, &(0x7f0000001580)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000300)=""/66, 0x42}, {&(0x7f0000000200)=""/15, 0xf}, {&(0x7f0000000140)=""/82, 0x52}, {&(0x7f00000013c0)=""/168, 0xa8}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000001700)=""/197, 0xc5}, {&(0x7f00000000c0)=""/24, 0x18}, {&(0x7f00000015c0)=""/165, 0xa5}], 0x8, &(0x7f0000001500)=""/123, 0x7b}, 0x2106) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x35e, 0x0, 0x5}]}) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r9, 0x84, 0x81, &(0x7f0000000280)="1a000000", 0x4) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r9, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="06"], 0x9) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r9, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x6}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r9, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x6}, 0x8) 10.519937257s ago: executing program 2 (id=5095): pipe(&(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) r0 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) syz_open_dev$video4linux(&(0x7f0000001040), 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r2, 0x8b1a, &(0x7f0000000040)) 8.409206976s ago: executing program 3 (id=5098): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) syz_genetlink_get_family_id$gtp(&(0x7f0000000400), 0xffffffffffffffff) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) r2 = syz_open_dev$video4linux(&(0x7f0000001040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r3, 0x8b1a, &(0x7f0000000040)) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, {0x3, 0x0, 0x200a, 0x7, 0x9, 0x7, 0x1}}) r4 = syz_create_resource$binfmt(0x0) openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xc000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2005083c) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) syz_io_uring_setup(0x895, &(0x7f0000000140)={0x0, 0x8c36, 0x1000, 0xfffffffe, 0xa6c1}, &(0x7f00000001c0), 0x0) 8.335468222s ago: executing program 1 (id=5099): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000) socket(0x2c, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r5, &(0x7f0000000580), 0x0}, 0x20) timer_settime(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) mlock2(&(0x7f0000381000/0x4000)=nil, 0x4000, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 8.177876717s ago: executing program 0 (id=5100): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$sg(0x0, 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x17) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000340)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r4, 0x3, r2}) 7.373262533s ago: executing program 1 (id=5101): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50) syz_genetlink_get_family_id$gtp(&(0x7f0000000400), 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8) r3 = syz_open_dev$video4linux(&(0x7f0000001040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r4, 0x8b1a, &(0x7f0000000040)) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, {0x3, 0x0, 0x200a, 0x7, 0x9, 0x7, 0x1}}) r5 = syz_create_resource$binfmt(0x0) openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xc000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2005083c) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) syz_io_uring_setup(0x895, &(0x7f0000000140)={0x0, 0x8c36, 0x1000, 0xfffffffe, 0xa6c1}, &(0x7f00000001c0), 0x0) 6.250754413s ago: executing program 0 (id=5102): socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) syz_open_dev$video4linux(0x0, 0x3, 0x68c42) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000005c0)={r1, &(0x7f0000000580)}, 0x20) 6.217501551s ago: executing program 3 (id=5103): pipe(0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x5) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}}) ioctl(r1, 0x8b1a, &(0x7f0000000040)) r2 = syz_create_resource$binfmt(0x0) openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2005083c) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) syz_io_uring_setup(0x895, &(0x7f0000000140)={0x0, 0x8c36, 0x1000, 0xfffffffe, 0xa6c1}, &(0x7f00000001c0), 0x0) 5.486119768s ago: executing program 1 (id=5104): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000001c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000240)="5ce185d3dab071", 0xfffffffffffffdb8, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=r0], 0x48) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0xfe, &(0x7f0000000540)=ANY=[@ANYBLOB="ffffffffffffffffffffffff81000a0088480000000042b9ccf6c76c0f7a07239f97fc280263e93952db52007948c53548e5b2e1c40307c0517f8211bc107d48ab0b07613d4504b75896b08895b9ed50bca96a745ed5293b67ea49da1965588eeb4e2b05465b4b71ad4764eb93222dde3e78e63b6bfd525d2a3db6f20861f0a2769684e4a700a71acd49b0001a7a72c8fc1ecff51b36d4ecaf63b3b9266fe41f5618c1e67b78f567a7e432694331a9143f583ddf054192e513c8d5c99e3e5b913d27242b88b1f0fc7b384a2544c84368e7cab561a51bc3827be81f52a8120206d2263f5b8d321c401febbfca9111407cf5b10f84a2047a14d2a61a99c6fda333f0e5f2681d9c4d1f07c54c37b73216f1e9c8aef12f5f9d2f471305c3df77bdc1e35e21cfbe835d23e4b34476f5515ef976853b6dfb0755dbbc8dfa99eb1e8600b41f4f21b29a631b9f"], &(0x7f0000000280)={0x0, 0x1, [0xdea, 0xd1c, 0x486, 0x3a1]}) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x8, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_int(r5, 0x1, 0x29, 0x0, &(0x7f000000d340)) 5.438571147s ago: executing program 4 (id=5105): r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x3}}, 0x10) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x101d0) 5.36834545s ago: executing program 3 (id=5106): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000) socket(0x2c, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r5, &(0x7f0000000580), 0x0}, 0x20) timer_settime(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) mlock2(&(0x7f0000381000/0x4000)=nil, 0x4000, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 3.646586737s ago: executing program 3 (id=5107): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'dh\x00', 0x1, 0x4, 0x72}, 0x2c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r5, 0x40107446, &(0x7f0000001000)={0x1, &(0x7f0000000140)=[{0x45, 0x9, 0x0, 0x2}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffd04) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x4, 0x6, 0x79}, {@remote, 0x4e20, 0x10001, 0xc, 0x2}}, 0x44) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000800)=@newtaction={0xa4, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x90, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6}, @TCA_SKBMOD_PARMS={0x24}]}, {0x4}, {0xc}, {0xc}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69"], 0x118}}, 0x0) 3.62053885s ago: executing program 1 (id=5108): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f0000001000)=[{{&(0x7f00000002c0)=@l2tp, 0x80, &(0x7f0000000240)=[{&(0x7f00000010c0)=""/266, 0x10a}, {&(0x7f0000000440)=""/162, 0xa2}, {&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f0000000500)=""/192, 0xc0}], 0x4, &(0x7f00000005c0)=""/184, 0xb8}, 0x8}, {{&(0x7f0000000680)=@pppol2tpv3, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000700)=""/63, 0x3f}, {&(0x7f0000000740)=""/233, 0xe9}, {&(0x7f0000000900)=""/160, 0xa0}, {&(0x7f0000000840)=""/87, 0x57}, {&(0x7f00000009c0)=""/106, 0x6a}, {&(0x7f0000000a40)=""/227, 0xe3}], 0x6, &(0x7f0000000bc0)=""/239, 0xef}, 0x1}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000d40)=""/143, 0x8f}, {&(0x7f0000000e00)=""/146, 0x92}, {&(0x7f0000000ec0)=""/164, 0xa4}], 0x3, &(0x7f0000000fc0)}, 0x4}], 0x3, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe2(0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000480), 0x0}}, &(0x7f0000bbdffc)) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4) getpid() r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000840) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384) r4 = syz_open_procfs(0x0, 0x0) read$FUSE(r4, 0x0, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaede, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000), &(0x7f0000000280)) 2.350391574s ago: executing program 3 (id=5109): sched_setscheduler(0x0, 0x2, 0x0) setrlimit(0x6, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, 0x0, &(0x7f0000001180)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x240, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) ioctl$TIOCSTI(r4, 0x5412, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001d40)={0x1c, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x1c}}, 0x0) syz_io_uring_setup(0x3faf, &(0x7f0000000440)={0x0, 0x9cae, 0x40, 0x400005, 0xd8}, &(0x7f0000000100), &(0x7f0000000340)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0xd, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.182198422s ago: executing program 1 (id=5110): open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = syz_io_uring_setup(0xaca, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1103, 0x21d}, &(0x7f0000000240)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x2, &(0x7f00000005c0)={0x0, 0x3938700}, 0x1, 0x8, 0x0, {0x0, r4}}) io_uring_enter(r1, 0x6efc, 0x3900, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x8, 0x7fff, 0x34524742, 0x5, 0x4, [{0x8, 0x9}, {0x7, 0x9}, {0x3}, {0xd, 0x8}, {0xd, 0xe0}, {0x200, 0x7ff}, {0x2, 0x3}, {0xfffffffc, 0xa}], 0xff, 0x28, 0x8, 0x1, 0x5}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x8001, 0x0) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e8) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000002499b8f276dc7558ecf97a4449a2e3f8367d61f49e160ba48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff) sendmsg$NFT_BATCH(r6, 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x80000, 0x182, 0x5}, 0x18) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000240)={0x24, @none={0x0, 0x3}}, 0x14) sendmmsg(0xffffffffffffffff, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x101341) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.current\x00', 0x275a, 0x0) 1.436238782s ago: executing program 0 (id=5111): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000) socket(0x2c, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r5, &(0x7f0000000580), 0x0}, 0x20) timer_settime(0x0, 0x0, 0x0, 0x0) mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) mlock2(&(0x7f0000381000/0x4000)=nil, 0x4000, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 1.239313468s ago: executing program 3 (id=5112): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$sg(0x0, 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x17) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000340)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r4, 0x3, r2}) 490.91193ms ago: executing program 0 (id=5113): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000001fc0)=[{{&(0x7f0000000a00)={0xa, 0x4e20, 0x2, @mcast1, 0x8}, 0x1c, &(0x7f0000001c80), 0x0, &(0x7f0000001cc0)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}], 0x18}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x8) getuid() listen(0xffffffffffffffff, 0x0) ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0}, 0x10) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="120000"], 0x48) sched_setscheduler(0x0, 0x2, 0x0) ptrace$getregs(0xe, 0x0, 0x101, &(0x7f0000000240)=""/43) io_submit(0x0, 0x2, &(0x7f0000000500)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa662, r2, &(0x7f0000000340)="d60b5043f059fb54857ce4de67a18a845120988b9e94a47472c1cb4ca6244ecbc99e4c5208ea5727cde19c834db7ef936c4e025896f4b0086db45266517a54bf6b8049e1d54e81d7d7e2a33865ae46f3ed350aa63b0bd24b00759465926f02736593870704b729533843c79472c34038d05afe35eb3f375f1802902c4c9ebe2faaac80e343f1b13cb5fdf37a8666ace13b1f141f3ce2d5c0f7c398f66ae4d9cfd40ee5833484126aad541dc657682882e7", 0xb1, 0x8}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x7, r3, &(0x7f0000000440)="1a728ba27ecbee53ef28fa73f570814f30f46cbddad0e4aec8e96b570edef75640", 0x21, 0x2, 0x0, 0x2}]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000005142106000000000000000008000100000000000800030002800000"], 0x20}, 0x1, 0x0, 0x0, 0xf0fff7bf}, 0x0) 76.448862ms ago: executing program 0 (id=5114): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, 0x0, 0x0) setsockopt$inet6_mtu(r3, 0x29, 0x17, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0xf21bb4d410ace81, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r6, 0xae80, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f0000000500)=0x100000001, 0x4) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000000)={0x565, 0x5, 0x8, 0x3, 0x1, "68a28c4e6bd74d28"}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000000080000000000000000000850000002000000085000000a000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0xe, 0x0, &(0x7f0000000300)="e02742e8680d85ff978276fcf294", 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 1 (id=5115): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000002580)="89000000120081ae08060cdc030000007f03e3f7000000026ee2ffca1b1f1400000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00123d000140090c0c00bdad446b9bbc7a46e39882a5dcdf12741308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20f", 0x86}, {&(0x7f0000002700)="d6f4de", 0x3}], 0x2, 0x0, 0x0, 0xff0f0000}, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0x9, &(0x7f0000000180)={0x10000, 0x1}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() read$FUSE(0xffffffffffffffff, &(0x7f0000004380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x202e) fcntl$setown(0xffffffffffffffff, 0x8, r2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsopen(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r3, &(0x7f0000032680)=""/102376, 0x18fe8) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) truncate(0x0, 0x8fff5) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1}}, 0x40) kernel console output (not intermixed with test programs): a RBX: 00007f87b7de5fa0 RCX: 00007f87b7b8e15c [ 1272.818101][T21323] RDX: 000000000000000f RSI: 00007f87b8a2a0a0 RDI: 0000000000000004 [ 1272.818113][T21323] RBP: 00007f87b8a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 1272.818121][T21323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1272.818128][T21323] R13: 00007f87b7de6038 R14: 00007f87b7de5fa0 R15: 00007ffc7db0c2d8 [ 1272.818144][T21323] [ 1273.355096][T21330] binder: 21324:21330 ioctl c0306201 0 returned -14 [ 1274.822664][T21345] binder: 21341:21345 ioctl c0306201 0 returned -14 [ 1276.431585][ T30] audit: type=1400 audit(1766387270.885:1310): avc: denied { map } for pid=21353 comm="syz.0.4461" path="socket:[79112]" dev="sockfs" ino=79112 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 1276.482072][ T30] audit: type=1400 audit(1766387270.885:1311): avc: denied { accept } for pid=21353 comm="syz.0.4461" path="socket:[79112]" dev="sockfs" ino=79112 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 1276.636344][T21361] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.4463'. [ 1276.908296][T18754] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 1277.151670][T18754] usb 1-1: Using ep0 maxpacket: 32 [ 1277.314252][T18754] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1277.329997][T18754] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1277.362590][T18754] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1278.095912][T21374] FAULT_INJECTION: forcing a failure. [ 1278.095912][T21374] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1278.109113][T21374] CPU: 1 UID: 0 PID: 21374 Comm: syz.3.4465 Tainted: G L syzkaller #0 PREEMPT(full) [ 1278.109148][T21374] Tainted: [L]=SOFTLOCKUP [ 1278.109157][T21374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1278.109170][T21374] Call Trace: [ 1278.109180][T21374] [ 1278.109190][T21374] dump_stack_lvl+0x16c/0x1f0 [ 1278.109223][T21374] should_fail_ex+0x512/0x640 [ 1278.109259][T21374] _copy_from_iter+0x2a4/0x16c0 [ 1278.109296][T21374] ? __alloc_skb+0x220/0x410 [ 1278.109326][T21374] ? __alloc_skb+0x35d/0x410 [ 1278.109358][T21374] ? __pfx__copy_from_iter+0x10/0x10 [ 1278.109403][T21374] netlink_sendmsg+0x820/0xdd0 [ 1278.109436][T21374] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1278.109474][T21374] ____sys_sendmsg+0xa5d/0xc30 [ 1278.109504][T21374] ? copy_msghdr_from_user+0x10a/0x160 [ 1278.109526][T21374] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1278.109564][T21374] ? lock_acquire+0x179/0x330 [ 1278.109593][T21374] ___sys_sendmsg+0x134/0x1d0 [ 1278.109618][T21374] ? __pfx____sys_sendmsg+0x10/0x10 [ 1278.109647][T21374] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1278.109716][T21374] __sys_sendmsg+0x16d/0x220 [ 1278.109740][T21374] ? __pfx___sys_sendmsg+0x10/0x10 [ 1278.109761][T21374] ? irqentry_exit+0x1dd/0x8c0 [ 1278.109788][T21374] ? rcu_is_watching+0x12/0xc0 [ 1278.109822][T21374] ? trace_irq_enable.constprop.0+0x2f/0x110 [ 1278.109855][T21374] do_syscall_64+0xcd/0xf80 [ 1278.109886][T21374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.109909][T21374] RIP: 0033:0x7feb5318f749 [ 1278.109927][T21374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.109949][T21374] RSP: 002b:00007feb53f5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1278.109971][T21374] RAX: ffffffffffffffda RBX: 00007feb533e6180 RCX: 00007feb5318f749 [ 1278.109987][T21374] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1278.110001][T21374] RBP: 00007feb53f5e090 R08: 0000000000000000 R09: 0000000000000000 [ 1278.110015][T21374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1278.110028][T21374] R13: 00007feb533e6218 R14: 00007feb533e6180 R15: 00007fff956b7e38 [ 1278.110060][T21374] [ 1280.038866][T18754] gspca_nw80x: reg_w err -110 [ 1280.043923][T18754] nw80x 1-1:3.0: probe with driver nw80x failed with error -110 [ 1280.075917][T18754] usb 1-1: USB disconnect, device number 112 [ 1281.830260][T21390] netlink: 'syz.4.4472': attribute type 29 has an invalid length. [ 1281.864082][T21390] netlink: 'syz.4.4472': attribute type 29 has an invalid length. [ 1282.127986][T18754] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 1282.265699][T21396] netlink: 596 bytes leftover after parsing attributes in process `syz.4.4472'. [ 1282.538716][T18754] usb 1-1: Using ep0 maxpacket: 32 [ 1282.550315][T18754] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1282.562505][T18754] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1282.576527][T18754] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1282.599482][T18754] usb 1-1: Product: syz [ 1282.609414][T18754] usb 1-1: Manufacturer: syz [ 1282.618427][T18754] usb 1-1: SerialNumber: syz [ 1282.633259][T18754] usb 1-1: config 0 descriptor?? [ 1282.657630][T21388] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1282.891607][T21388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1282.906653][T21388] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1283.624614][T21402] comedi comedi3: comedi_config --init_data is deprecated [ 1284.466593][T21415] comedi comedi3: multiq3: I/O port conflict (0xcf7,16) [ 1284.773914][ T10] usb 1-1: USB disconnect, device number 113 [ 1286.441099][T21431] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.4482'. [ 1287.201666][T18754] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1287.380455][T18754] usb 2-1: Using ep0 maxpacket: 32 [ 1287.419696][T18754] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1287.474486][T18754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1287.494892][T18754] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1289.238135][T18754] gspca_nw80x: reg_w err -110 [ 1289.242932][T18754] nw80x 2-1:3.0: probe with driver nw80x failed with error -110 [ 1289.278350][T18754] usb 2-1: USB disconnect, device number 76 [ 1289.409857][T21460] FAULT_INJECTION: forcing a failure. [ 1289.409857][T21460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.581633][T21460] CPU: 1 UID: 0 PID: 21460 Comm: syz.3.4489 Tainted: G L syzkaller #0 PREEMPT(full) [ 1289.581669][T21460] Tainted: [L]=SOFTLOCKUP [ 1289.581676][T21460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1289.581687][T21460] Call Trace: [ 1289.581694][T21460] [ 1289.581703][T21460] dump_stack_lvl+0x16c/0x1f0 [ 1289.581733][T21460] should_fail_ex+0x512/0x640 [ 1289.581769][T21460] _copy_to_user+0x32/0xd0 [ 1289.581800][T21460] simple_read_from_buffer+0xcb/0x170 [ 1289.581833][T21460] proc_fail_nth_read+0x197/0x240 [ 1289.581856][T21460] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1289.581881][T21460] ? rw_verify_area+0xcf/0x6c0 [ 1289.581904][T21460] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1289.581932][T21460] vfs_read+0x1e4/0xcf0 [ 1289.581960][T21460] ? __pfx___mutex_lock+0x10/0x10 [ 1289.581993][T21460] ? __pfx_vfs_read+0x10/0x10 [ 1289.582028][T21460] ? __fget_files+0x20e/0x3c0 [ 1289.582067][T21460] ksys_read+0x12a/0x250 [ 1289.582094][T21460] ? __pfx_ksys_read+0x10/0x10 [ 1289.582121][T21460] ? fput+0x70/0xf0 [ 1289.582145][T21460] do_syscall_64+0xcd/0xf80 [ 1289.582175][T21460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.582198][T21460] RIP: 0033:0x7feb5318e15c [ 1289.582217][T21460] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1289.582238][T21460] RSP: 002b:00007feb53fa0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1289.582260][T21460] RAX: ffffffffffffffda RBX: 00007feb533e5fa0 RCX: 00007feb5318e15c [ 1289.582275][T21460] RDX: 000000000000000f RSI: 00007feb53fa00a0 RDI: 0000000000000005 [ 1289.582289][T21460] RBP: 00007feb53fa0090 R08: 0000000000000000 R09: 0000000000000000 [ 1289.582302][T21460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1289.582315][T21460] R13: 00007feb533e6038 R14: 00007feb533e5fa0 R15: 00007fff956b7e38 [ 1289.582347][T21460] [ 1289.838134][T21466] FAULT_INJECTION: forcing a failure. [ 1289.838134][T21466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.851787][T21466] CPU: 0 UID: 0 PID: 21466 Comm: syz.0.4491 Tainted: G L syzkaller #0 PREEMPT(full) [ 1289.851824][T21466] Tainted: [L]=SOFTLOCKUP [ 1289.851832][T21466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1289.851845][T21466] Call Trace: [ 1289.851855][T21466] [ 1289.851865][T21466] dump_stack_lvl+0x16c/0x1f0 [ 1289.851898][T21466] should_fail_ex+0x512/0x640 [ 1289.851936][T21466] _copy_from_iter+0x2a4/0x16c0 [ 1289.851976][T21466] ? __pfx__copy_from_iter+0x10/0x10 [ 1289.852009][T21466] ? rcu_is_watching+0x12/0xc0 [ 1289.852031][T21466] ? kfree+0x27d/0x6e0 [ 1289.852049][T21466] ? file_tty_write.constprop.0+0x6f3/0x9b0 [ 1289.852084][T21466] file_tty_write.constprop.0+0x487/0x9b0 [ 1289.852119][T21466] vfs_write+0x7d3/0x11d0 [ 1289.852148][T21466] ? __pfx_tty_write+0x10/0x10 [ 1289.852175][T21466] ? __pfx_vfs_write+0x10/0x10 [ 1289.852199][T21466] ? find_held_lock+0x2b/0x80 [ 1289.852252][T21466] ksys_write+0x12a/0x250 [ 1289.852279][T21466] ? __pfx_ksys_write+0x10/0x10 [ 1289.852316][T21466] do_syscall_64+0xcd/0xf80 [ 1289.852345][T21466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.852368][T21466] RIP: 0033:0x7f13b538f749 [ 1289.852386][T21466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1289.852408][T21466] RSP: 002b:00007f13b624d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1289.852429][T21466] RAX: ffffffffffffffda RBX: 00007f13b55e6180 RCX: 00007f13b538f749 [ 1289.852445][T21466] RDX: 0000000000001006 RSI: 0000200000001040 RDI: 0000000000000007 [ 1289.852459][T21466] RBP: 00007f13b624d090 R08: 0000000000000000 R09: 0000000000000000 [ 1289.852472][T21466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1289.852486][T21466] R13: 00007f13b55e6218 R14: 00007f13b55e6180 R15: 00007ffc3876ba68 [ 1289.852518][T21466] [ 1293.747314][T21503] comedi comedi3: comedi_config --init_data is deprecated [ 1294.024932][T17723] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 1295.089488][T17723] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1295.146564][T17723] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.220511][T17723] usb 1-1: config 0 descriptor?? [ 1295.952136][T17723] cp210x 1-1:0.0: cp210x converter detected [ 1296.666221][T17723] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1297.365720][T18296] usb 1-1: USB disconnect, device number 114 [ 1297.395562][T18296] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1297.407554][T18296] cp210x 1-1:0.0: device disconnected [ 1297.907108][ T30] audit: type=1326 audit(1766387292.875:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1298.155883][T21545] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21545 comm=syz.2.4509 [ 1298.168773][ T30] audit: type=1326 audit(1766387292.935:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1298.194084][ T30] audit: type=1326 audit(1766387292.935:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1298.809478][ T30] audit: type=1326 audit(1766387292.935:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1298.833153][ T30] audit: type=1326 audit(1766387292.935:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1299.107940][ T30] audit: type=1326 audit(1766387292.935:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1299.218494][ T30] audit: type=1326 audit(1766387292.935:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1299.283527][ T30] audit: type=1326 audit(1766387292.935:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1299.338838][ T30] audit: type=1326 audit(1766387292.935:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1299.800775][ T30] audit: type=1326 audit(1766387292.935:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21538 comm="syz.2.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f87b7b8f749 code=0x7ffc0000 [ 1300.150086][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1303.226291][T21591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1303.259149][T21591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1303.868151][T15353] usb 3-1: new low-speed USB device number 46 using dummy_hcd [ 1304.043462][T15353] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1304.089427][T15353] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1304.144732][T15353] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 1304.173352][T18111] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1304.628451][T15353] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1304.637522][T15353] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1304.649988][T21599] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1304.663665][T15353] hub 3-1:1.0: bad descriptor, ignoring hub [ 1304.708205][T18111] usb 2-1: device descriptor read/64, error -71 [ 1304.775318][T15353] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1304.783880][T15353] cdc_wdm 3-1:1.0: skipping garbage [ 1304.791350][T15353] cdc_wdm 3-1:1.0: skipping garbage [ 1304.798611][T15353] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1304.804533][T15353] cdc_wdm 3-1:1.0: Unknown control protocol [ 1305.050067][T18111] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1305.248130][T18111] usb 2-1: device descriptor read/64, error -71 [ 1305.263755][T21617] syzkaller0: entered promiscuous mode [ 1305.269582][T21617] syzkaller0: entered allmulticast mode [ 1305.287075][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 1305.287092][ T30] audit: type=1400 audit(1766387300.255:1350): avc: denied { read write } for pid=21595 comm="syz.2.4521" name="cdc-wdm0" dev="devtmpfs" ino=4268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 1305.377192][T18111] usb usb2-port1: attempt power cycle [ 1305.511959][ T30] audit: type=1400 audit(1766387300.405:1351): avc: denied { open } for pid=21595 comm="syz.2.4521" path="/dev/cdc-wdm0" dev="devtmpfs" ino=4268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1 [ 1305.742747][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.749482][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.757560][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.764191][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.770511][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.777122][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.783429][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.790017][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.798466][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.805095][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.818218][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.824830][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.831107][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.837693][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.848273][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.854882][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.868296][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.874905][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.881146][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1305.887729][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1305.998857][T18111] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1306.019650][T18111] usb 2-1: device descriptor read/8, error -71 [ 1306.370488][T18111] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1306.428200][T18111] usb 2-1: device descriptor read/8, error -71 [ 1306.548582][T18111] usb usb2-port1: unable to enumerate USB device [ 1306.916572][ T30] audit: type=1400 audit(1766387301.885:1352): avc: denied { read } for pid=21630 comm="syz.1.4529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1306.981532][T21631] kAFS: unable to lookup cell '(,' [ 1307.211879][T18111] usb 3-1: USB disconnect, device number 46 [ 1308.089846][T18111] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1308.358300][T18111] usb 4-1: Using ep0 maxpacket: 32 [ 1308.374170][T18111] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1308.675249][T18111] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1308.700912][T18111] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1308.719568][T18111] usb 4-1: Product: syz [ 1308.723806][T18111] usb 4-1: Manufacturer: syz [ 1308.728490][T18111] usb 4-1: SerialNumber: syz [ 1308.785218][T18111] usb 4-1: config 0 descriptor?? [ 1308.806144][T21637] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1309.375226][T21637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1309.408393][T21637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1309.487984][T21637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1309.496911][T21637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1312.068700][ T5870] usb 4-1: USB disconnect, device number 91 [ 1314.337281][T21679] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1314.764533][T21681] random: crng reseeded on system resumption [ 1316.010192][T21687] netlink: 'syz.3.4544': attribute type 10 has an invalid length. [ 1316.220418][T21696] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1323.494788][T21751] random: crng reseeded on system resumption [ 1324.901578][ T30] audit: type=1400 audit(1766387319.875:1353): avc: denied { create } for pid=21763 comm="syz.0.4566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1325.049308][ T30] audit: type=1400 audit(1766387319.995:1354): avc: denied { write } for pid=21763 comm="syz.0.4566" path="socket:[80258]" dev="sockfs" ino=80258 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1325.507262][T21780] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.4570'. [ 1326.341732][ T30] audit: type=1400 audit(1766387321.315:1355): avc: denied { sys_module } for pid=21777 comm="syz.2.4553" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1327.688190][T18296] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1327.718136][T15167] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1327.958654][T15167] usb 3-1: Using ep0 maxpacket: 32 [ 1327.974858][T18296] usb 2-1: config 0 has no interfaces? [ 1327.982486][T15167] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1327.998164][T18296] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1328.007800][T15167] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1328.021827][T18296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1328.047239][T15167] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1328.059598][T18296] usb 2-1: config 0 descriptor?? [ 1328.086182][T21805] random: crng reseeded on system resumption [ 1328.168823][ T5870] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1328.334493][ T5949] usb 2-1: USB disconnect, device number 81 [ 1328.338095][ T5870] usb 4-1: Using ep0 maxpacket: 8 [ 1328.359974][ T5870] usb 4-1: config 127 has an invalid interface number: 171 but max is 1 [ 1328.368814][ T5870] usb 4-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1328.403714][ T5870] usb 4-1: config 127 has no interface number 1 [ 1328.413546][ T5870] usb 4-1: config 127 interface 171 has no altsetting 0 [ 1328.453582][ T5870] usb 4-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1328.463846][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1328.478093][ T5870] usb 4-1: Product: syz [ 1328.482318][ T5870] usb 4-1: Manufacturer: syz [ 1328.487366][ T5870] usb 4-1: SerialNumber: syz [ 1329.068803][T15167] gspca_nw80x: reg_w err -71 [ 1329.073588][T15167] nw80x 3-1:3.0: probe with driver nw80x failed with error -71 [ 1329.088145][T15167] usb 3-1: USB disconnect, device number 47 [ 1329.793850][ T30] audit: type=1326 audit(1766387324.765:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21825 comm="syz.2.4581" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87b7b8f749 code=0x0 [ 1329.958168][T15353] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1330.118118][T15353] usb 5-1: Using ep0 maxpacket: 32 [ 1330.127830][T15353] usb 5-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1330.160134][T15353] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1330.180309][T15353] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 1330.194430][T15353] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.215050][T15353] usb 5-1: config 0 descriptor?? [ 1330.595318][T21835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4583'. [ 1330.606490][T21835] netlink: 16162 bytes leftover after parsing attributes in process `syz.2.4583'. [ 1330.741985][T21824] ubi31: attaching mtd0 [ 1330.746515][T21824] ubi31 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80) [ 1330.766538][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: unknown main item tag 0x0 [ 1330.777215][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: unknown main item tag 0x0 [ 1330.817482][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: unknown main item tag 0x0 [ 1330.841212][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: unknown main item tag 0x0 [ 1330.861430][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: unknown main item tag 0x0 [ 1330.884698][T15353] aquacomputer_d5next 0003:0C70:F00E.0013: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.4-1/input0 [ 1331.308959][T15353] usb 5-1: USB disconnect, device number 91 [ 1331.812532][ T5870] xr_serial 4-1:127.171: xr_serial converter detected [ 1331.843120][ T5870] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1331.861512][ T5870] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1331.886539][T21805] Restarting kernel threads ... [ 1331.904904][T21805] Done restarting kernel threads. [ 1331.918528][ T5870] usb 4-1: USB disconnect, device number 92 [ 1332.051347][ T5870] xr_serial 4-1:127.171: device disconnected [ 1332.068544][T21858] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.4590'. [ 1332.569683][T13768] usb 3-1: new low-speed USB device number 48 using dummy_hcd [ 1332.698574][ T849] usb 1-1: new high-speed USB device number 115 using dummy_hcd [ 1332.929340][T13768] usb 3-1: config 8 has an invalid interface number: 233 but max is 0 [ 1332.955359][T13768] usb 3-1: config 8 has no interface number 0 [ 1332.966856][T13768] usb 3-1: config 8 interface 233 has no altsetting 0 [ 1332.984895][T13768] usb 3-1: string descriptor 0 read error: -22 [ 1332.993573][T13768] usb 3-1: New USB device found, idVendor=10c4, idProduct=1601, bcdDevice=10.1c [ 1333.034479][T13768] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1333.056430][T13768] cp210x 3-1:8.233: cp210x converter detected [ 1333.809794][ T849] usb 1-1: Using ep0 maxpacket: 32 [ 1333.816712][ T849] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1333.846644][ T849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.226869][ T849] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1334.249013][T21853] netlink: 'syz.2.4588': attribute type 3 has an invalid length. [ 1334.324169][T13768] cp210x 3-1:8.233: failed to get vendor val 0x370b size 1: -71 [ 1334.343331][T13768] cp210x 3-1:8.233: querying part number failed [ 1334.361549][T13768] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1334.390576][T13768] usb 3-1: USB disconnect, device number 48 [ 1334.478754][T14149] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1334.571593][T13768] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1334.602925][T13768] cp210x 3-1:8.233: device disconnected [ 1335.128225][ T849] gspca_nw80x: reg_r err -110 [ 1335.133269][ T849] nw80x 1-1:3.0: probe with driver nw80x failed with error -110 [ 1335.369488][T14149] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1335.399777][T14149] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1335.461630][T14149] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1335.526033][T14149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.590189][T14149] usb 4-1: config 0 descriptor?? [ 1335.619800][T14149] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1337.089322][T18296] usb 1-1: USB disconnect, device number 115 [ 1337.131563][T14149] usb 4-1: USB disconnect, device number 93 [ 1340.618685][T18111] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1340.817693][T21939] random: crng reseeded on system resumption [ 1340.855282][T21939] Restarting kernel threads ... [ 1340.873987][T21939] Done restarting kernel threads. [ 1340.968349][T18111] usb 4-1: Using ep0 maxpacket: 8 [ 1341.043326][T18111] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1341.613626][T18111] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.684372][T18111] usb 4-1: Product: syz [ 1341.840394][T18111] usb 4-1: Manufacturer: syz [ 1341.845018][T18111] usb 4-1: SerialNumber: syz [ 1341.868692][T18111] usb 4-1: config 0 descriptor?? [ 1342.370480][T18111] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1342.383578][T21947] comedi comedi3: comedi_config --init_data is deprecated [ 1342.700558][T18111] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1342.752981][T18111] sq905 4-1:0.0: probe with driver sq905 failed with error -71 [ 1343.525565][T18111] usb 4-1: USB disconnect, device number 94 [ 1344.852541][ T30] audit: type=1326 audit(1766387339.825:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21967 comm="syz.1.4617" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f75fdd8f749 code=0x0 [ 1346.932977][T22000] binder: 21994:22000 ioctl c0306201 0 returned -14 [ 1347.436329][T21996] binder: 21993:21996 ioctl c0306201 0 returned -14 [ 1347.873694][T22006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4629'. [ 1347.925008][T22006] lo speed is unknown, defaulting to 1000 [ 1347.953254][T22006] lo speed is unknown, defaulting to 1000 [ 1348.133934][T22006] lo speed is unknown, defaulting to 1000 [ 1348.759836][T22006] infiniband syz1: set active [ 1348.764604][T14149] lo speed is unknown, defaulting to 1000 [ 1348.771823][T22006] infiniband syz1: added lo [ 1348.784752][T22006] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 1348.800546][T22006] infiniband syz1: Couldn't open port 1 [ 1349.206498][T22006] RDS/IB: syz1: added [ 1349.216631][T22006] smc: adding ib device syz1 with port count 1 [ 1349.222418][T22011] delete_channel: no stack [ 1349.279078][T22006] smc: ib device syz1 port 1 has no pnetid [ 1349.550452][T15353] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1349.561443][ T30] audit: type=1326 audit(1766387344.495:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.0.4632" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f13b538f749 code=0x0 [ 1349.707254][T14149] lo speed is unknown, defaulting to 1000 [ 1349.717136][T22006] lo speed is unknown, defaulting to 1000 [ 1349.823168][T15353] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1349.952609][T15353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1349.986827][T15353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1350.035980][T15353] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1350.079676][T15353] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1350.104552][T15353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1350.142982][T15353] usb 4-1: config 0 descriptor?? [ 1350.246595][T22006] lo speed is unknown, defaulting to 1000 [ 1350.538214][T18296] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 1350.928252][T18296] usb 1-1: Using ep0 maxpacket: 32 [ 1350.948798][T18296] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1351.048237][T18296] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1351.130763][T18296] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1351.198866][T18296] usb 1-1: Product: syz [ 1351.203106][T18296] usb 1-1: Manufacturer: syz [ 1351.224470][T18296] usb 1-1: SerialNumber: syz [ 1351.247792][T18296] usb 1-1: config 0 descriptor?? [ 1351.270068][T22039] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1351.301757][T22006] lo speed is unknown, defaulting to 1000 [ 1352.032983][T22039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1352.043153][T22039] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1352.073164][T22039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1352.089722][T22039] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1352.850896][T15353] usbhid 4-1:0.0: can't add hid device: -71 [ 1352.885354][T22006] lo speed is unknown, defaulting to 1000 [ 1352.900067][T15353] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1352.959375][T15353] usb 4-1: USB disconnect, device number 95 [ 1353.060762][T22070] binder: 22068:22070 ioctl c0306201 0 returned -14 [ 1353.423568][T22083] binder: 22077:22083 ioctl c0306201 0 returned -14 [ 1354.175980][T22006] lo speed is unknown, defaulting to 1000 [ 1354.183522][T13770] usb 1-1: USB disconnect, device number 116 [ 1355.783015][ T30] audit: type=1326 audit(1766387350.755:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22104 comm="syz.4.4644" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa30258f749 code=0x0 [ 1356.021204][T22112] comedi comedi3: comedi_config --init_data is deprecated [ 1356.612410][T22006] lo speed is unknown, defaulting to 1000 [ 1358.022688][T22006] lo speed is unknown, defaulting to 1000 [ 1358.744320][T22151] fuse: Unknown parameter 'group_i00000000000000000000' [ 1361.687256][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.111268][ T30] audit: type=1400 audit(1766387358.085:1360): avc: denied { shutdown } for pid=22154 comm="syz.4.4654" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1364.478772][T18111] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1364.708696][T18111] usb 3-1: Using ep0 maxpacket: 32 [ 1365.054958][T18111] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1365.090600][T18111] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1365.101259][T18111] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1365.111099][T18111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.198610][T18111] usb 3-1: config 0 descriptor?? [ 1365.440043][T22242] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 1365.508923][ T9024] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1365.828457][ T9024] usb 5-1: Using ep0 maxpacket: 32 [ 1365.860320][ T9024] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1365.976473][ T9024] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1365.992296][ T9024] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1366.010727][ T9024] usb 5-1: Product: syz [ 1366.014910][ T9024] usb 5-1: Manufacturer: syz [ 1366.582122][ T9024] usb 5-1: SerialNumber: syz [ 1366.619278][ T9024] usb 5-1: config 0 descriptor?? [ 1366.642832][T22236] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1366.935728][T22251] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.4672'. [ 1367.258126][ T9024] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1367.307798][T15167] libceph: connect (1)[c::]:6789 error -101 [ 1367.315890][T22236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1367.324417][T22258] ceph: No mds server is up or the cluster is laggy [ 1367.350479][T15167] libceph: mon0 (1)[c::]:6789 connect error [ 1367.426677][T22236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1367.438232][ T9024] usb 4-1: Using ep0 maxpacket: 32 [ 1367.467948][ T9024] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1367.511180][ T9024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1367.556899][T22236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1367.573949][ T9024] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1367.640978][T22236] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1368.446271][T18111] usb 3-1: USB disconnect, device number 49 [ 1369.330675][ T9024] gspca_nw80x: reg_w err -110 [ 1369.354991][ T9024] nw80x 4-1:3.0: probe with driver nw80x failed with error -110 [ 1369.474400][T15167] usb 5-1: USB disconnect, device number 92 [ 1369.489166][ T9024] usb 4-1: USB disconnect, device number 96 [ 1369.814314][T22280] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.4676'. [ 1370.623005][T17933] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 1370.693833][ T30] audit: type=1400 audit(1766387365.665:1361): avc: denied { read } for pid=22286 comm="syz.3.4678" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1371.227363][T22287] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1371.247540][T22287] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1371.258270][T22300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22300 comm=syz.1.4683 [ 1371.272130][T22300] netlink: 'syz.1.4683': attribute type 1 has an invalid length. [ 1371.286857][T17933] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1371.327843][T17933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1371.339073][T17933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1371.349444][T17933] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1371.365994][T17933] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1371.375219][T17933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.378250][T22287] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1371.393271][T17933] usb 1-1: config 0 descriptor?? [ 1371.438218][T22287] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1371.489142][T22302] bond2: (slave bridge0): making interface the new active one [ 1371.565803][T22287] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1371.582113][T22302] bond2: (slave bridge0): Enslaving as an active interface with an up link [ 1371.591910][T22287] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1371.829203][T22287] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1371.835257][T22287] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1373.293886][T16920] Bluetooth: hci5: command 0x0406 tx timeout [ 1373.437263][T16920] Bluetooth: hci2: command 0x0406 tx timeout [ 1373.578308][T16920] Bluetooth: hci4: command 0x0406 tx timeout [ 1373.898270][T16920] Bluetooth: hci0: command 0x0406 tx timeout [ 1373.938230][T22319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4687'. [ 1374.041094][T22319] rdma_rxe: rxe_newlink: failed to add lo [ 1374.446715][T17933] usbhid 1-1:0.0: can't add hid device: -71 [ 1374.549203][T17933] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1374.560759][T17933] usb 1-1: USB disconnect, device number 117 [ 1374.568370][T22323] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4689'. [ 1374.638124][T22327] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.4690'. [ 1375.169776][T22343] binder: 22336:22343 ioctl c0306201 0 returned -14 [ 1375.358263][T16920] Bluetooth: hci5: command 0x0406 tx timeout [ 1375.508181][T16920] Bluetooth: hci2: command 0x0406 tx timeout [ 1375.692458][T16920] Bluetooth: hci4: command 0x0406 tx timeout [ 1376.114758][T16920] Bluetooth: hci0: command 0x0406 tx timeout [ 1376.320939][ T849] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1376.740813][T22359] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.4701'. [ 1376.768498][ T849] usb 5-1: Using ep0 maxpacket: 32 [ 1376.780440][ T849] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1376.823943][ T849] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1376.828853][T22361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4702'. [ 1376.864776][T22361] rdma_rxe: rxe_newlink: failed to add lo [ 1376.913023][ T849] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1376.943908][ T849] usb 5-1: Product: syz [ 1376.963568][ T849] usb 5-1: Manufacturer: syz [ 1376.972784][T22365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4704'. [ 1376.982034][ T849] usb 5-1: SerialNumber: syz [ 1377.041348][T22365] netlink: 16162 bytes leftover after parsing attributes in process `syz.0.4704'. [ 1377.139058][ T849] usb 5-1: config 0 descriptor?? [ 1377.168259][T18296] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1377.174407][T22349] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1377.738985][T18296] usb 3-1: Using ep0 maxpacket: 32 [ 1377.747092][T18296] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1377.844697][T18296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1377.998503][ T849] usb 4-1: new low-speed USB device number 97 using dummy_hcd [ 1378.080636][T18296] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1378.140586][T22349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1378.167527][T22349] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1378.229749][ T849] usb 4-1: Invalid ep0 maxpacket: 64 [ 1378.511112][ T849] usb 4-1: new low-speed USB device number 98 using dummy_hcd [ 1380.018488][T22382] fuse: Unknown parameter 'group_id00000000000000000000' [ 1380.248450][T18296] gspca_nw80x: reg_r err -110 [ 1380.255020][T18296] nw80x 3-1:3.0: probe with driver nw80x failed with error -110 [ 1380.288122][ T849] usb 4-1: Invalid ep0 maxpacket: 64 [ 1380.321657][ T849] usb usb4-port1: attempt power cycle [ 1380.364252][T18296] usb 3-1: USB disconnect, device number 50 [ 1380.818377][ T849] usb 4-1: new low-speed USB device number 99 using dummy_hcd [ 1381.903125][T22395] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.4714'. [ 1381.909536][T13770] usb 5-1: USB disconnect, device number 93 [ 1381.938373][ T849] usb 4-1: device descriptor read/8, error -71 [ 1382.244778][T22403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4716'. [ 1382.256081][T22403] netlink: 16162 bytes leftover after parsing attributes in process `syz.1.4716'. [ 1382.293316][T22406] binder: 22401:22406 ioctl c0306201 0 returned -14 [ 1382.399604][ T849] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1382.644857][ T849] usb 4-1: Using ep0 maxpacket: 32 [ 1382.651769][ T849] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1382.661056][ T849] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1382.678443][ T849] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1382.698291][T13770] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1382.816117][T22412] comedi comedi3: comedi_config --init_data is deprecated [ 1382.848150][T13770] usb 3-1: Using ep0 maxpacket: 8 [ 1382.856380][T13770] usb 3-1: config 127 has an invalid interface number: 171 but max is 1 [ 1382.876943][T13770] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1382.890871][T13770] usb 3-1: config 127 has no interface number 1 [ 1382.898504][T13770] usb 3-1: config 127 interface 171 has no altsetting 0 [ 1382.911002][T13770] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1382.922636][T13770] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1382.931097][T13770] usb 3-1: Product: syz [ 1382.935476][T13770] usb 3-1: Manufacturer: syz [ 1382.948663][T13770] usb 3-1: SerialNumber: syz [ 1384.233634][ T849] gspca_nw80x: reg_w err -110 [ 1384.239579][ T849] nw80x 4-1:3.0: probe with driver nw80x failed with error -110 [ 1385.176205][T22427] fuse: Bad value for 'user_id' [ 1385.181872][T22427] fuse: Bad value for 'user_id' [ 1386.069800][T13770] xr_serial 3-1:127.171: xr_serial converter detected [ 1386.128175][T13770] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1386.134595][T13770] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1387.259846][T18754] usb 4-1: USB disconnect, device number 100 [ 1387.271069][T13770] usb 3-1: USB disconnect, device number 51 [ 1387.309622][T13770] xr_serial 3-1:127.171: device disconnected [ 1389.134558][T22459] binder: 22455:22459 ioctl c0306201 0 returned -14 [ 1389.348259][ T849] usb 2-1: new low-speed USB device number 82 using dummy_hcd [ 1390.638219][ T849] usb 2-1: Invalid ep0 maxpacket: 64 [ 1391.242669][T22472] fuse: Bad value for 'user_id' [ 1391.247626][T22472] fuse: Bad value for 'user_id' [ 1391.808402][ T849] usb 2-1: new low-speed USB device number 83 using dummy_hcd [ 1392.016492][ T849] usb 2-1: Invalid ep0 maxpacket: 64 [ 1393.000189][ T849] usb usb2-port1: attempt power cycle [ 1393.511788][T22483] affs: No valid root block on device nullb0 [ 1394.380071][ T30] audit: type=1400 audit(1766387388.465:1362): avc: denied { getopt } for pid=22480 comm="syz.1.4737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1395.765170][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1395.776725][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1395.786348][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1395.803028][T22500] comedi comedi3: comedi_config --init_data is deprecated [ 1395.832480][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1395.841055][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1395.919819][T22504] binder: 22502:22504 ioctl c0306201 0 returned -14 [ 1395.975491][T14124] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.128920][T22497] lo speed is unknown, defaulting to 1000 [ 1396.273940][T14124] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.729574][T14124] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1397.271863][T22520] fuse: Bad value for 'user_id' [ 1397.276819][T22520] fuse: Bad value for 'user_id' [ 1397.898625][T16920] Bluetooth: hci1: command tx timeout [ 1398.373788][T14124] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1398.528774][T13770] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1398.718207][T13770] usb 3-1: Using ep0 maxpacket: 32 [ 1398.725065][T22497] chnl_net:caif_netlink_parms(): no params data found [ 1398.739898][T13770] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1398.776570][T13770] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1398.818192][T13770] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1398.838171][T13770] usb 3-1: Product: syz [ 1398.842343][T13770] usb 3-1: Manufacturer: syz [ 1398.853608][T13770] usb 3-1: SerialNumber: syz [ 1398.865523][T13770] usb 3-1: config 0 descriptor?? [ 1398.888771][T22525] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1400.077401][T16920] Bluetooth: hci1: command tx timeout [ 1400.110543][T22525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1400.168345][T22525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1400.201607][T22525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1400.238617][T22525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1401.019259][T14124] gretap0: left allmulticast mode [ 1401.024421][T14124] gretap0: left promiscuous mode [ 1401.041380][T14124] bridge0: port 3(gretap0) entered disabled state [ 1401.075417][T14124] bridge_slave_1: left allmulticast mode [ 1401.090316][T14124] bridge_slave_1: left promiscuous mode [ 1401.108285][T14124] bridge0: port 2(bridge_slave_1) entered disabled state [ 1401.109321][T22549] netlink: 'syz.1.4746': attribute type 2 has an invalid length. [ 1401.127474][T14124] bridge_slave_0: left allmulticast mode [ 1401.150581][T14124] bridge_slave_0: left promiscuous mode [ 1401.167459][T14124] bridge0: port 1(bridge_slave_0) entered disabled state [ 1401.637775][T14124] bond1 (unregistering): (slave erspan1): Releasing active interface [ 1401.661392][T14124] erspan1 (unregistering): left promiscuous mode [ 1402.138478][T16920] Bluetooth: hci1: command tx timeout [ 1402.210312][T22386] usb 3-1: USB disconnect, device number 52 [ 1402.250769][T14124] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1402.413136][T22571] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 1402.643395][T14124] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1402.672452][T14124] bond0 (unregistering): (slave bond7): Releasing backup interface [ 1402.693813][T14124] bond0 (unregistering): (slave bond8): Releasing backup interface [ 1402.711565][T14124] bond0 (unregistering): Released all slaves [ 1404.218188][T16920] Bluetooth: hci1: command tx timeout [ 1404.356814][T14124] bond1 (unregistering): Released all slaves [ 1404.377314][T14124] bond2 (unregistering): Released all slaves [ 1404.403408][T14124] bond3 (unregistering): Released all slaves [ 1404.424569][T14124] bond4 (unregistering): Released all slaves [ 1404.444973][T14124] bond5 (unregistering): Released all slaves [ 1404.460791][T14124] bond6 (unregistering): Released all slaves [ 1404.631058][T22386] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1404.728558][T14124] bond7 (unregistering): Released all slaves [ 1404.798202][T22386] usb 4-1: Using ep0 maxpacket: 32 [ 1404.827853][T22386] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1404.838289][T22386] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1404.857237][T22386] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1404.878267][T22386] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1404.909545][T22386] usb 4-1: config 0 descriptor?? [ 1405.029596][T14124] bond8 (unregistering): Released all slaves [ 1405.091182][T22549] !9: entered promiscuous mode [ 1405.297334][T22497] bridge0: port 1(bridge_slave_0) entered blocking state [ 1405.309743][T22497] bridge0: port 1(bridge_slave_0) entered disabled state [ 1405.317220][T22497] bridge_slave_0: entered allmulticast mode [ 1405.344842][T22497] bridge_slave_0: entered promiscuous mode [ 1405.365634][T14124] tipc: Left network mode [ 1405.393625][T22497] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.518337][T22497] bridge0: port 2(bridge_slave_1) entered disabled state [ 1405.525586][T22497] bridge_slave_1: entered allmulticast mode [ 1405.555879][T22497] bridge_slave_1: entered promiscuous mode [ 1406.642767][T22595] fuse: Bad value for 'fd' [ 1407.251013][T22497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1407.310946][T22591] mkiss: ax0: crc mode is auto. [ 1407.397736][T22497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1407.939135][T22497] team0: Port device team_slave_0 added [ 1407.994104][T22497] team0: Port device team_slave_1 added [ 1408.189829][T22497] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1408.210050][T22497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1408.298749][T22497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1408.371770][T22497] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1408.406175][T22497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1408.934235][T22497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1408.968510][T17933] usb 4-1: USB disconnect, device number 101 [ 1409.213661][T14124] hsr_slave_0: left promiscuous mode [ 1409.285504][T14124] hsr_slave_1: left promiscuous mode [ 1409.760815][T14124] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1409.771499][T14124] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1409.782294][T14124] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1409.791132][T14124] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1409.837479][T14124] veth1_macvtap: left promiscuous mode [ 1409.852700][T14124] veth0_macvtap: left promiscuous mode [ 1409.867888][T14124] veth1_vlan: left promiscuous mode [ 1409.882125][T14124] veth0_vlan: left promiscuous mode [ 1410.138986][T17933] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1410.318209][T17933] usb 2-1: Using ep0 maxpacket: 32 [ 1410.325239][T17933] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1410.358855][T17933] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1410.376096][T17933] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1410.385588][T17933] usb 2-1: Product: syz [ 1410.400615][T17933] usb 2-1: Manufacturer: syz [ 1410.405225][T17933] usb 2-1: SerialNumber: syz [ 1410.428635][T17933] usb 2-1: config 0 descriptor?? [ 1410.448309][T22633] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1410.681021][T22633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1410.690165][T22633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1410.707759][T22633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1410.716890][T22633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1411.051354][T14124] team0 (unregistering): Port device team_slave_1 removed [ 1411.191392][T14124] team0 (unregistering): Port device team_slave_0 removed [ 1412.130363][T22650] FAULT_INJECTION: forcing a failure. [ 1412.130363][T22650] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.829484][T22650] CPU: 0 UID: 0 PID: 22650 Comm: syz.2.4765 Tainted: G L syzkaller #0 PREEMPT(full) [ 1412.829505][T22650] Tainted: [L]=SOFTLOCKUP [ 1412.829509][T22650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1412.829517][T22650] Call Trace: [ 1412.829521][T22650] [ 1412.829526][T22650] dump_stack_lvl+0x16c/0x1f0 [ 1412.829547][T22650] should_fail_ex+0x512/0x640 [ 1412.829565][T22650] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1412.829580][T22650] should_failslab+0xc2/0x120 [ 1412.829596][T22650] kmem_cache_alloc_noprof+0x83/0x770 [ 1412.829608][T22650] ? skb_clone+0x190/0x3f0 [ 1412.829623][T22650] ? skb_clone+0x190/0x3f0 [ 1412.829633][T22650] skb_clone+0x190/0x3f0 [ 1412.829646][T22650] nfnetlink_rcv_batch+0x1cf/0x2350 [ 1412.829673][T22650] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 1412.829691][T22650] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1412.829705][T22650] ? lockdep_hardirqs_on+0x7c/0x110 [ 1412.829720][T22650] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1412.829734][T22650] ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0 [ 1412.829750][T22650] ? __pfx_lock_acquire+0x1/0x10 [ 1412.829770][T22650] ? avc_has_perm_noaudit+0x149/0x3b0 [ 1412.829800][T22650] ? __asan_memset+0x23/0x50 [ 1412.829820][T22650] ? __nla_validate_parse+0x600/0x2880 [ 1412.829851][T22650] ? __pfx___nla_validate_parse+0x10/0x10 [ 1412.829874][T22650] ? rcu_is_watching+0x12/0xc0 [ 1412.829888][T22650] ? cap_capable+0x10d/0x3f0 [ 1412.829903][T22650] ? __nla_parse+0x40/0x60 [ 1412.829918][T22650] nfnetlink_rcv+0x3c1/0x430 [ 1412.829936][T22650] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1412.829957][T22650] netlink_unicast+0x5aa/0x870 [ 1412.829975][T22650] ? __pfx_netlink_unicast+0x10/0x10 [ 1412.829994][T22650] netlink_sendmsg+0x8c8/0xdd0 [ 1412.830014][T22650] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1412.830034][T22650] ____sys_sendmsg+0xa5d/0xc30 [ 1412.830050][T22650] ? copy_msghdr_from_user+0x10a/0x160 [ 1412.830063][T22650] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1412.830089][T22650] ___sys_sendmsg+0x134/0x1d0 [ 1412.830102][T22650] ? __pfx____sys_sendmsg+0x10/0x10 [ 1412.830137][T22650] __sys_sendmsg+0x16d/0x220 [ 1412.830149][T22650] ? __pfx___sys_sendmsg+0x10/0x10 [ 1412.830174][T22650] do_syscall_64+0xcd/0xf80 [ 1412.830191][T22650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1412.830203][T22650] RIP: 0033:0x7f87b7b8f749 [ 1412.830213][T22650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1412.830225][T22650] RSP: 002b:00007f87b8a2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1412.830237][T22650] RAX: ffffffffffffffda RBX: 00007f87b7de5fa0 RCX: 00007f87b7b8f749 [ 1412.830245][T22650] RDX: 0000000020000004 RSI: 0000200000000100 RDI: 0000000000000003 [ 1412.830252][T22650] RBP: 00007f87b8a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 1412.830260][T22650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1412.830266][T22650] R13: 00007f87b7de6038 R14: 00007f87b7de5fa0 R15: 00007ffc7db0c2d8 [ 1412.830282][T22650] [ 1413.347745][T22497] hsr_slave_0: entered promiscuous mode [ 1413.396170][T22497] hsr_slave_1: entered promiscuous mode [ 1413.433963][T22497] debugfs: 'hsr0' already exists in 'hsr' [ 1413.452495][T22497] Cannot create hsr debugfs directory [ 1413.458363][T22386] usb 2-1: USB disconnect, device number 85 [ 1414.033483][T22657] comedi comedi3: comedi_config --init_data is deprecated [ 1417.210054][T22694] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4774'. [ 1417.251300][T22694] rdma_rxe: rxe_newlink: failed to add lo [ 1417.480772][T22700] FAULT_INJECTION: forcing a failure. [ 1417.480772][T22700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1417.493955][T22700] CPU: 1 UID: 0 PID: 22700 Comm: syz.1.4776 Tainted: G L syzkaller #0 PREEMPT(full) [ 1417.493990][T22700] Tainted: [L]=SOFTLOCKUP [ 1417.493998][T22700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1417.494011][T22700] Call Trace: [ 1417.494019][T22700] [ 1417.494029][T22700] dump_stack_lvl+0x16c/0x1f0 [ 1417.494061][T22700] should_fail_ex+0x512/0x640 [ 1417.494098][T22700] _copy_to_user+0x32/0xd0 [ 1417.494132][T22700] vmci_host_unlocked_ioctl+0x194a/0x2040 [ 1417.494170][T22700] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 1417.494202][T22700] ? do_vfs_ioctl+0xca/0x14f0 [ 1417.494229][T22700] ? do_vfs_ioctl+0xdb7/0x14f0 [ 1417.494254][T22700] ? do_vfs_ioctl+0x128/0x14f0 [ 1417.494279][T22700] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1417.494305][T22700] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1417.494355][T22700] ? selinux_file_ioctl+0x180/0x270 [ 1417.494382][T22700] ? selinux_file_ioctl+0xb4/0x270 [ 1417.494412][T22700] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 1417.494447][T22700] __x64_sys_ioctl+0x18e/0x210 [ 1417.494475][T22700] do_syscall_64+0xcd/0xf80 [ 1417.494505][T22700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.494528][T22700] RIP: 0033:0x7f75fdd8f749 [ 1417.494546][T22700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1417.494567][T22700] RSP: 002b:00007f75fec20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.494588][T22700] RAX: ffffffffffffffda RBX: 00007f75fdfe6180 RCX: 00007f75fdd8f749 [ 1417.494604][T22700] RDX: 0000200000000040 RSI: 00000000000007a6 RDI: 0000000000000006 [ 1417.494617][T22700] RBP: 00007f75fec20090 R08: 0000000000000000 R09: 0000000000000000 [ 1417.494631][T22700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1417.494644][T22700] R13: 00007f75fdfe6218 R14: 00007f75fdfe6180 R15: 00007fff491ead08 [ 1417.494675][T22700] [ 1420.004829][T22734] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.4784'. [ 1420.301333][T18296] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1420.387024][T22497] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1420.452283][T22497] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1420.462448][T18296] usb 4-1: Using ep0 maxpacket: 32 [ 1420.479900][T18296] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1420.497377][T18296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1420.545232][T18296] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1420.564605][T22497] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1420.596635][T22750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4787'. [ 1420.612187][T22750] syz1: rxe_newlink: already configured on lo [ 1420.622331][T22497] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1421.497420][T22497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1421.523862][T22497] 8021q: adding VLAN 0 to HW filter on device team0 [ 1421.552983][ T3448] bridge0: port 1(bridge_slave_0) entered blocking state [ 1421.560236][ T3448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1421.570459][ T3448] bridge0: port 2(bridge_slave_1) entered blocking state [ 1421.577636][ T3448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1421.927271][T18296] gspca_nw80x: reg_w err -71 [ 1421.933969][T18296] nw80x 4-1:3.0: probe with driver nw80x failed with error -71 [ 1421.976225][T18296] usb 4-1: USB disconnect, device number 102 [ 1422.941570][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.713760][T22497] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1424.669331][T22497] veth0_vlan: entered promiscuous mode [ 1424.993371][T22497] veth1_vlan: entered promiscuous mode [ 1425.050343][T22497] veth0_macvtap: entered promiscuous mode [ 1425.835127][T22497] veth1_macvtap: entered promiscuous mode [ 1425.912035][T22816] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4798'. [ 1425.944220][T22497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1426.020148][T22497] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1426.255015][ T3746] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.298831][ T3746] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.326427][ T3746] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1426.345780][ T3746] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1427.001512][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1427.048651][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1427.104572][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1427.128691][T19725] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1427.152236][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1427.190893][T22833] binder: 22832:22833 ioctl c0306201 0 returned -14 [ 1427.321552][T19725] usb 3-1: Using ep0 maxpacket: 32 [ 1427.342388][T19725] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1427.373047][T19725] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1427.386185][T19725] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1427.396881][T19725] usb 3-1: Product: syz [ 1427.401434][T19725] usb 3-1: Manufacturer: syz [ 1427.406143][T19725] usb 3-1: SerialNumber: syz [ 1428.728302][T19725] usb 3-1: config 0 descriptor?? [ 1428.734114][T22827] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1428.959824][T22827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1428.998421][T22827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1429.038913][T22827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1429.077628][T22827] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1429.360486][T22859] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4809'. [ 1429.418213][T19725] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 1429.638591][T19725] usb 1-1: Using ep0 maxpacket: 8 [ 1429.700385][T19725] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 1429.970982][T19725] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1430.132304][T19725] usb 1-1: config 127 has no interface number 1 [ 1430.312541][T19725] usb 1-1: config 127 interface 171 has no altsetting 0 [ 1430.548754][T19725] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1430.558926][T19725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1430.567454][T19725] usb 1-1: Product: syz [ 1430.572150][T19725] usb 1-1: Manufacturer: syz [ 1430.576825][T19725] usb 1-1: SerialNumber: syz [ 1431.020619][T22875] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.4810'. [ 1431.043089][T21522] usb 3-1: USB disconnect, device number 53 [ 1431.388332][T18296] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1431.652139][T18296] usb 4-1: Using ep0 maxpacket: 32 [ 1431.678460][T18296] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1431.734486][T18296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1431.902743][T18296] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1432.787494][T22895] random: crng reseeded on system resumption [ 1433.759896][T18296] gspca_nw80x: reg_r err -110 [ 1433.764656][T18296] nw80x 4-1:3.0: probe with driver nw80x failed with error -110 [ 1433.930917][T19725] xr_serial 1-1:127.171: xr_serial converter detected [ 1433.991944][T19725] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1434.010970][T19725] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1434.075046][ T5940] usb 4-1: USB disconnect, device number 103 [ 1434.120432][T19725] usb 1-1: USB disconnect, device number 118 [ 1434.180994][T19725] xr_serial 1-1:127.171: device disconnected [ 1434.725654][T22911] FAULT_INJECTION: forcing a failure. [ 1434.725654][T22911] name failslab, interval 1, probability 0, space 0, times 0 [ 1435.014511][T22911] CPU: 1 UID: 0 PID: 22911 Comm: syz.3.4819 Tainted: G L syzkaller #0 PREEMPT(full) [ 1435.014534][T22911] Tainted: [L]=SOFTLOCKUP [ 1435.014538][T22911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1435.014546][T22911] Call Trace: [ 1435.014550][T22911] [ 1435.014555][T22911] dump_stack_lvl+0x16c/0x1f0 [ 1435.014575][T22911] should_fail_ex+0x512/0x640 [ 1435.014592][T22911] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1435.014605][T22911] should_failslab+0xc2/0x120 [ 1435.014621][T22911] kmem_cache_alloc_noprof+0x83/0x770 [ 1435.014634][T22911] ? skb_clone+0x190/0x3f0 [ 1435.014650][T22911] ? skb_clone+0x190/0x3f0 [ 1435.014660][T22911] skb_clone+0x190/0x3f0 [ 1435.014672][T22911] netlink_deliver_tap+0xabd/0xd30 [ 1435.014696][T22911] netlink_unicast+0x64c/0x870 [ 1435.014712][T22911] ? __pfx_netlink_unicast+0x10/0x10 [ 1435.014732][T22911] netlink_sendmsg+0x8c8/0xdd0 [ 1435.014749][T22911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1435.014769][T22911] ____sys_sendmsg+0xa5d/0xc30 [ 1435.014785][T22911] ? copy_msghdr_from_user+0x10a/0x160 [ 1435.014797][T22911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1435.014819][T22911] ___sys_sendmsg+0x134/0x1d0 [ 1435.014832][T22911] ? __pfx____sys_sendmsg+0x10/0x10 [ 1435.014863][T22911] __sys_sendmsg+0x16d/0x220 [ 1435.014875][T22911] ? __pfx___sys_sendmsg+0x10/0x10 [ 1435.014897][T22911] do_syscall_64+0xcd/0xf80 [ 1435.014914][T22911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.014927][T22911] RIP: 0033:0x7feb5318f749 [ 1435.014939][T22911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1435.014950][T22911] RSP: 002b:00007feb53fa0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1435.014962][T22911] RAX: ffffffffffffffda RBX: 00007feb533e5fa0 RCX: 00007feb5318f749 [ 1435.014970][T22911] RDX: 0000000024000000 RSI: 0000200000009b40 RDI: 0000000000000003 [ 1435.014977][T22911] RBP: 00007feb53fa0090 R08: 0000000000000000 R09: 0000000000000000 [ 1435.014985][T22911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1435.014991][T22911] R13: 00007feb533e6038 R14: 00007feb533e5fa0 R15: 00007fff956b7e38 [ 1435.015008][T22911] [ 1437.743395][ T6025] wlan0: Trigger new scan to find an IBSS to join [ 1437.909088][T22945] comedi comedi3: comedi_config --init_data is deprecated [ 1438.528319][ T10] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 1439.178449][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 1439.196602][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1439.229601][ T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1439.254129][ T10] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1439.304278][T22956] comedi comedi3: comedi_config --init_data is deprecated [ 1439.503137][T22964] Bluetooth: MGMT ver 1.23 [ 1439.512132][T22956] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 1439.532163][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1439.566872][ T10] usb 1-1: config 0 descriptor?? [ 1439.647309][T22969] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4831'. [ 1439.753026][T22967] comedi comedi3: comedi_config --init_data is deprecated [ 1440.320999][T22975] netlink: 16194 bytes leftover after parsing attributes in process `syz.4.4831'. [ 1442.255697][T22989] lo speed is unknown, defaulting to 1000 [ 1442.718714][T21522] usb 1-1: USB disconnect, device number 119 [ 1442.793645][ T6020] wlan0: Trigger new scan to find an IBSS to join [ 1444.399894][ T1938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1445.328426][T23028] comedi comedi3: comedi_config --init_data is deprecated [ 1445.706737][T23034] comedi comedi3: comedi_config --init_data is deprecated [ 1445.801356][T23035] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 1447.528250][T21522] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1447.758099][T21522] usb 1-1: Using ep0 maxpacket: 32 [ 1447.779697][T21522] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1447.842225][T21522] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1447.868103][T18754] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1447.883137][T21522] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1447.972142][T21522] usb 1-1: Product: syz [ 1448.011789][T21522] usb 1-1: Manufacturer: syz [ 1448.018074][T21522] usb 1-1: SerialNumber: syz [ 1448.062482][T18754] usb 5-1: Using ep0 maxpacket: 8 [ 1448.091166][T21522] usb 1-1: config 0 descriptor?? [ 1448.098444][T23043] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1448.136088][T18754] usb 5-1: config 127 has an invalid interface number: 171 but max is 1 [ 1448.215489][T18754] usb 5-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1448.318195][T18754] usb 5-1: config 127 has no interface number 1 [ 1448.324623][T18754] usb 5-1: config 127 interface 171 has no altsetting 0 [ 1448.391767][T18754] usb 5-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1448.411209][T18754] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1448.422855][T23043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1448.433979][T23043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1448.451320][T18754] usb 5-1: Product: syz [ 1448.461266][T18754] usb 5-1: Manufacturer: syz [ 1448.470401][T18754] usb 5-1: SerialNumber: syz [ 1448.493786][T23043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1448.512171][T23043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1449.391560][T23053] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1449.427557][T23053] netlink: 'syz.3.4850': attribute type 21 has an invalid length. [ 1449.435932][T23053] netlink: 128 bytes leftover after parsing attributes in process `syz.3.4850'. [ 1449.448934][T23053] netlink: 'syz.3.4850': attribute type 5 has an invalid length. [ 1449.460571][T23053] netlink: 'syz.3.4850': attribute type 6 has an invalid length. [ 1449.469879][T23053] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4850'. [ 1450.103476][T23065] binder: 23058:23065 ioctl c0306201 0 returned -14 [ 1450.764087][ T5870] usb 1-1: USB disconnect, device number 120 [ 1450.885738][T23069] netlink: 'syz.0.4854': attribute type 8 has an invalid length. [ 1450.894476][T23069] FAULT_INJECTION: forcing a failure. [ 1450.894476][T23069] name failslab, interval 1, probability 0, space 0, times 0 [ 1450.922695][T23069] CPU: 1 UID: 0 PID: 23069 Comm: syz.0.4854 Tainted: G L syzkaller #0 PREEMPT(full) [ 1450.922732][T23069] Tainted: [L]=SOFTLOCKUP [ 1450.922737][T23069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1450.922744][T23069] Call Trace: [ 1450.922749][T23069] [ 1450.922757][T23069] dump_stack_lvl+0x16c/0x1f0 [ 1450.922788][T23069] should_fail_ex+0x512/0x640 [ 1450.922820][T23069] ? mark_held_locks+0x49/0x80 [ 1450.922848][T23069] should_failslab+0xc2/0x120 [ 1450.922866][T23069] kmem_cache_alloc_noprof+0x83/0x770 [ 1450.922879][T23069] ? skb_clone+0x190/0x3f0 [ 1450.922894][T23069] ? skb_clone+0x190/0x3f0 [ 1450.922904][T23069] skb_clone+0x190/0x3f0 [ 1450.922922][T23069] netlink_deliver_tap+0xabd/0xd30 [ 1450.922955][T23069] netlink_dump+0x881/0xd30 [ 1450.922983][T23069] ? __pfx_netlink_dump+0x10/0x10 [ 1450.923001][T23069] ? __pfx___mutex_lock+0x10/0x10 [ 1450.923017][T23069] ? __netlink_lookup+0x65e/0x900 [ 1450.923040][T23069] __netlink_dump_start+0x6d6/0x990 [ 1450.923056][T23069] ? __pfx_neigh_dump_info+0x10/0x10 [ 1450.923080][T23069] rtnetlink_rcv_msg+0xb3e/0xe90 [ 1450.923105][T23069] ? __pfx_neigh_dump_info+0x10/0x10 [ 1450.923132][T23069] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1450.923149][T23069] ? __pfx_neigh_dump_info+0x10/0x10 [ 1450.923165][T23069] ? ref_tracker_free+0x37c/0x830 [ 1450.923186][T23069] netlink_rcv_skb+0x158/0x420 [ 1450.923200][T23069] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1450.923226][T23069] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1450.923265][T23069] ? netlink_deliver_tap+0x1ae/0xd30 [ 1450.923289][T23069] netlink_unicast+0x5aa/0x870 [ 1450.923305][T23069] ? __pfx_netlink_unicast+0x10/0x10 [ 1450.923326][T23069] netlink_sendmsg+0x8c8/0xdd0 [ 1450.923356][T23069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1450.923391][T23069] sock_write_iter+0x566/0x610 [ 1450.923417][T23069] ? __pfx_sock_write_iter+0x10/0x10 [ 1450.923453][T23069] ? __pfx_file_has_perm+0x10/0x10 [ 1450.923482][T23069] do_iter_readv_writev+0x662/0x9e0 [ 1450.923512][T23069] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1450.923537][T23069] ? selinux_file_permission+0x126/0x660 [ 1450.923572][T23069] ? bpf_lsm_file_permission+0x9/0x10 [ 1450.923594][T23069] ? security_file_permission+0x71/0x210 [ 1450.923624][T23069] ? rw_verify_area+0xcf/0x6c0 [ 1450.923652][T23069] vfs_writev+0x35f/0xde0 [ 1450.923681][T23069] ? __lock_acquire+0x436/0x2890 [ 1450.923715][T23069] ? __pfx_vfs_writev+0x10/0x10 [ 1450.923763][T23069] ? __fget_files+0x20e/0x3c0 [ 1450.923792][T23069] ? __fget_files+0x170/0x3c0 [ 1450.923828][T23069] ? do_writev+0x28c/0x340 [ 1450.923851][T23069] do_writev+0x28c/0x340 [ 1450.923877][T23069] ? __pfx_do_writev+0x10/0x10 [ 1450.923911][T23069] do_syscall_64+0xcd/0xf80 [ 1450.923942][T23069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1450.923964][T23069] RIP: 0033:0x7f8988b8f749 [ 1450.923983][T23069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1450.924004][T23069] RSP: 002b:00007f8989ab2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1450.924025][T23069] RAX: ffffffffffffffda RBX: 00007f8988de5fa0 RCX: 00007f8988b8f749 [ 1450.924039][T23069] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1450.924053][T23069] RBP: 00007f8989ab2090 R08: 0000000000000000 R09: 0000000000000000 [ 1450.924067][T23069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1450.924081][T23069] R13: 00007f8988de6038 R14: 00007f8988de5fa0 R15: 00007ffe86423448 [ 1450.924113][T23069] [ 1451.473720][T23075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4856'. [ 1451.504583][T23075] rdma_rxe: rxe_newlink: failed to add lo [ 1451.968241][T23076] netlink: 'syz.3.4855': attribute type 5 has an invalid length. [ 1451.985971][T23076] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4855'. [ 1452.497219][T18754] xr_serial 5-1:127.171: xr_serial converter detected [ 1452.555280][T18754] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1452.583279][T18754] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1452.661734][T18754] usb 5-1: USB disconnect, device number 94 [ 1452.673619][T18754] xr_serial 5-1:127.171: device disconnected [ 1452.688219][T23080] comedi comedi3: comedi_config --init_data is deprecated [ 1453.929978][T23087] x_tables: duplicate underflow at hook 1 [ 1454.208213][T21522] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1454.388226][T21522] usb 5-1: Using ep0 maxpacket: 32 [ 1454.410100][T21522] usb 5-1: config 0 has an invalid interface number: 136 but max is 0 [ 1454.424805][T21522] usb 5-1: config 0 has no interface number 0 [ 1454.438081][T21522] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32 [ 1454.458197][T21522] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1454.498249][T21522] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1454.526230][T21522] usb 5-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2 [ 1454.537569][T21522] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1454.548722][T21522] usb 5-1: Product: syz [ 1454.552983][T21522] usb 5-1: Manufacturer: syz [ 1454.557648][T21522] usb 5-1: SerialNumber: syz [ 1454.569692][T21522] usb 5-1: config 0 descriptor?? [ 1454.575595][T23089] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1454.689174][T21522] vmk80xx 5-1:0.136: driver 'vmk80xx' failed to auto-configure device. [ 1454.708328][ T5870] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1454.747144][T21522] vmk80xx 5-1:0.136: probe with driver vmk80xx failed with error -22 [ 1455.246411][T21522] usb 5-1: USB disconnect, device number 95 [ 1456.267002][T23110] binder: 23106:23110 ioctl c0306201 0 returned -14 [ 1456.579548][T13768] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1456.627008][T23113] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.4866'. [ 1456.758278][T13768] usb 4-1: device descriptor read/64, error -71 [ 1456.898229][T17933] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 1457.318075][T17933] usb 1-1: Using ep0 maxpacket: 32 [ 1457.329021][T17933] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1457.348158][T17933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1457.383130][T17933] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1458.593498][T17933] gspca_nw80x: reg_w err -110 [ 1458.598495][T17933] nw80x 1-1:3.0: probe with driver nw80x failed with error -110 [ 1459.878584][ T30] audit: type=1400 audit(1766387454.855:1363): avc: denied { connect } for pid=23145 comm="syz.4.4876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1460.171191][T23154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1460.236734][T23154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1461.463435][T23172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4883'. [ 1461.484027][T23172] netlink: 13882 bytes leftover after parsing attributes in process `syz.2.4883'. [ 1461.494649][T19725] usb 1-1: USB disconnect, device number 121 [ 1462.444609][T23187] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1462.450916][T23187] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1462.460786][T23187] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1462.466698][T23187] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1462.475505][T23187] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1462.481455][T23187] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1462.489753][T23187] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1462.495649][T23187] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1462.504036][T23187] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1462.509959][T23187] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1462.609510][T19725] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1463.068337][T23191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4887'. [ 1463.094543][T23199] FAULT_INJECTION: forcing a failure. [ 1463.094543][T23199] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1463.152760][T19725] usb 2-1: Using ep0 maxpacket: 8 [ 1463.164095][T23199] CPU: 1 UID: 0 PID: 23199 Comm: syz.2.4889 Tainted: G L syzkaller #0 PREEMPT(full) [ 1463.164120][T23199] Tainted: [L]=SOFTLOCKUP [ 1463.164124][T23199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1463.164132][T23199] Call Trace: [ 1463.164136][T23199] [ 1463.164142][T23199] dump_stack_lvl+0x16c/0x1f0 [ 1463.164164][T23199] should_fail_ex+0x512/0x640 [ 1463.164184][T23199] should_fail_alloc_page+0xe7/0x130 [ 1463.164202][T23199] prepare_alloc_pages+0x401/0x670 [ 1463.164218][T23199] ? kernel_text_address+0x8d/0x100 [ 1463.164235][T23199] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 1463.164255][T23199] ? stack_trace_save+0x8e/0xc0 [ 1463.164269][T23199] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1463.164282][T23199] ? trace_mm_page_alloc+0x11b/0x180 [ 1463.164300][T23199] ? kmem_cache_alloc_noprof+0x25e/0x770 [ 1463.164312][T23199] ? __pmd_alloc+0xbf/0x9c0 [ 1463.164331][T23199] ? __handle_mm_fault+0xbeb/0x2bb0 [ 1463.164347][T23199] ? handle_mm_fault+0x3fe/0xad0 [ 1463.164363][T23199] ? do_user_addr_fault+0x7a6/0x1370 [ 1463.164378][T23199] ? exc_page_fault+0x64/0xc0 [ 1463.164392][T23199] ? asm_exc_page_fault+0x26/0x30 [ 1463.164403][T23199] ? rep_movs_alternative+0x4a/0x90 [ 1463.164420][T23199] ? _copy_from_user+0x98/0xd0 [ 1463.164436][T23199] ? move_addr_to_kernel+0x65/0x170 [ 1463.164451][T23199] ? __sys_bind+0x11b/0x260 [ 1463.164466][T23199] ? __x64_sys_bind+0x72/0xb0 [ 1463.164480][T23199] ? do_syscall_64+0xcd/0xf80 [ 1463.164493][T23199] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1463.164508][T23199] ? policy_nodemask+0xea/0x4e0 [ 1463.164525][T23199] alloc_pages_mpol+0x1fb/0x550 [ 1463.164541][T23199] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1463.164561][T23199] alloc_pages_noprof+0x131/0x390 [ 1463.164576][T23199] pte_alloc_one+0x1e/0x3d0 [ 1463.164593][T23199] __pte_alloc+0x6d/0x3f0 [ 1463.164607][T23199] ? __pfx___pte_alloc+0x10/0x10 [ 1463.164622][T23199] ? do_raw_spin_lock+0x12c/0x2b0 [ 1463.164638][T23199] ? find_held_lock+0x2b/0x80 [ 1463.164656][T23199] do_anonymous_page+0x1092/0x2190 [ 1463.164678][T23199] ? do_raw_spin_unlock+0x172/0x230 [ 1463.164702][T23199] ? _raw_spin_unlock+0x28/0x50 [ 1463.164717][T23199] ? __pmd_alloc+0x6aa/0x9c0 [ 1463.164734][T23199] __handle_mm_fault+0x1ecf/0x2bb0 [ 1463.164756][T23199] ? __pfx___handle_mm_fault+0x10/0x10 [ 1463.164782][T23199] ? find_vma+0xbf/0x140 [ 1463.164795][T23199] ? __pfx_find_vma+0x10/0x10 [ 1463.164811][T23199] handle_mm_fault+0x3fe/0xad0 [ 1463.164831][T23199] do_user_addr_fault+0x7a6/0x1370 [ 1463.164847][T23199] ? rcu_is_watching+0x12/0xc0 [ 1463.164860][T23199] exc_page_fault+0x64/0xc0 [ 1463.164875][T23199] asm_exc_page_fault+0x26/0x30 [ 1463.164886][T23199] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1463.164904][T23199] Code: 81 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1463.164916][T23199] RSP: 0018:ffffc90004c47d78 EFLAGS: 00050202 [ 1463.164926][T23199] RAX: 0000000000000001 RBX: 0000200000000080 RCX: 0000000000000060 [ 1463.164933][T23199] RDX: fffff52000988fcc RSI: 0000200000000080 RDI: ffffc90004c47e00 [ 1463.164941][T23199] RBP: 0000000000000060 R08: 0000000000000001 R09: fffff52000988fcb [ 1463.164948][T23199] R10: ffffc90004c47e5f R11: ffff888034a38b30 R12: 0000000000000000 [ 1463.164955][T23199] R13: ffffc90004c47e00 R14: ffff888028636c40 R15: ffff8880761bb980 [ 1463.164971][T23199] _copy_from_user+0x98/0xd0 [ 1463.164988][T23199] move_addr_to_kernel+0x65/0x170 [ 1463.165005][T23199] __sys_bind+0x11b/0x260 [ 1463.165021][T23199] ? __pfx___sys_bind+0x10/0x10 [ 1463.165035][T23199] ? __fget_files+0x20e/0x3c0 [ 1463.165057][T23199] ? __pfx_ksys_write+0x10/0x10 [ 1463.165077][T23199] __x64_sys_bind+0x72/0xb0 [ 1463.165092][T23199] ? lockdep_hardirqs_on+0x7c/0x110 [ 1463.165106][T23199] do_syscall_64+0xcd/0xf80 [ 1463.165122][T23199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1463.165134][T23199] RIP: 0033:0x7f87b7b8f749 [ 1463.165143][T23199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1463.165153][T23199] RSP: 002b:00007f87b8a2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1463.165164][T23199] RAX: ffffffffffffffda RBX: 00007f87b7de5fa0 RCX: 00007f87b7b8f749 [ 1463.165171][T23199] RDX: 0000000000000060 RSI: 0000200000000080 RDI: 0000000000000004 [ 1463.165178][T23199] RBP: 00007f87b8a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 1463.165184][T23199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1463.165191][T23199] R13: 00007f87b7de6038 R14: 00007f87b7de5fa0 R15: 00007ffc7db0c2d8 [ 1463.165207][T23199] [ 1463.166105][T19725] usb 2-1: config 127 has an invalid interface number: 171 but max is 1 [ 1463.647503][T19725] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1463.668600][T19725] usb 2-1: config 127 has no interface number 1 [ 1463.674914][T19725] usb 2-1: config 127 interface 171 has no altsetting 0 [ 1463.719445][T19725] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1463.841607][T19725] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1463.879654][T19725] usb 2-1: Product: syz [ 1463.891214][T19725] usb 2-1: Manufacturer: syz [ 1463.909989][T19725] usb 2-1: SerialNumber: syz [ 1464.138261][ T5940] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1464.419005][ T5940] usb 4-1: Using ep0 maxpacket: 8 [ 1464.448704][ T5940] usb 4-1: config 127 has an invalid interface number: 171 but max is 1 [ 1464.498268][ T5940] usb 4-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1464.538808][ T5940] usb 4-1: config 127 has no interface number 1 [ 1464.545185][ T5940] usb 4-1: config 127 interface 171 has no altsetting 0 [ 1464.560432][T23216] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.4895'. [ 1464.581857][ T5940] usb 4-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1464.610937][ T5940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1464.629329][ T5940] usb 4-1: Product: syz [ 1464.641856][ T5940] usb 4-1: Manufacturer: syz [ 1464.652305][ T5940] usb 4-1: SerialNumber: syz [ 1464.840742][T13770] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1465.148176][T13770] usb 5-1: Using ep0 maxpacket: 32 [ 1465.611590][T13770] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1465.673887][T13770] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1465.773600][T23227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4899'. [ 1465.830841][T13770] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1466.141459][T23235] afs: Unknown parameter ' +` &bm?o]2LFR qTKa*s6%|$c-bwd;5l bޏqNB7lh̯07.gI3ܘ [ 1466.141459][T23235] _Ob4F\ԻHy$~B? kG${Qi^ Hx k`˂5j߶"ͽbFI2p{Ȕzy6' [ 1466.840236][T13770] gspca_nw80x: reg_w err -71 [ 1466.844961][T13770] nw80x 5-1:3.0: probe with driver nw80x failed with error -71 [ 1466.874331][T13770] usb 5-1: USB disconnect, device number 96 [ 1468.231077][ T5940] xr_serial 4-1:127.171: xr_serial converter detected [ 1468.284253][T19725] xr_serial 2-1:127.171: xr_serial converter detected [ 1468.302428][ T30] audit: type=1400 audit(1766387463.265:1364): avc: denied { read } for pid=23249 comm="syz.0.4904" path="socket:[86746]" dev="sockfs" ino=86746 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1468.329514][ T5940] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1468.335927][ T5940] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1468.374769][T19725] xr_serial ttyUSB1: Failed to set reg 0x1a: -71 [ 1468.396213][T19725] xr_serial ttyUSB1: probe with driver xr_serial failed with error -71 [ 1468.407545][ T5940] usb 4-1: USB disconnect, device number 106 [ 1468.769204][ T5940] xr_serial 4-1:127.171: device disconnected [ 1468.775483][T19725] usb 2-1: USB disconnect, device number 87 [ 1468.794604][T23251] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4904'. [ 1468.803707][T23251] openvswitch: netlink: Flow key attr not present in new flow. [ 1468.835367][T19725] xr_serial 2-1:127.171: device disconnected [ 1469.329141][T23259] netlink: 'syz.1.4906': attribute type 1 has an invalid length. [ 1469.751803][T23268] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4908'. [ 1470.056562][T23272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4910'. [ 1470.070422][T23259] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1470.148257][ T5949] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1470.223273][T23259] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pid=23259 comm=syz.1.4906 [ 1470.289485][T23274] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1470.307717][T23274] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1470.320363][T23274] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 1470.339734][ T5949] usb 5-1: device descriptor read/64, error -71 [ 1470.678833][T23286] lo speed is unknown, defaulting to 1000 [ 1470.746139][ T5949] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1470.824442][T23281] comedi comedi3: comedi_config --init_data is deprecated [ 1471.029833][ T5949] usb 5-1: device descriptor read/64, error -71 [ 1471.188598][ T5949] usb usb5-port1: attempt power cycle [ 1471.968907][ T5949] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1472.012849][ T5949] usb 5-1: device descriptor read/8, error -71 [ 1472.691685][ T5949] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1472.758105][T13768] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 1473.382663][ T5949] usb 5-1: device not accepting address 100, error -71 [ 1473.389909][ T5949] usb usb5-port1: unable to enumerate USB device [ 1473.468570][T13768] usb 1-1: Using ep0 maxpacket: 8 [ 1473.484150][T23309] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.4919'. [ 1473.499948][T13768] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 1474.208050][T13768] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1474.327603][T13768] usb 1-1: config 127 has no interface number 1 [ 1474.592101][T13768] usb 1-1: config 127 interface 171 has no altsetting 0 [ 1474.603745][T13768] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1474.614344][T13768] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1474.622909][T13768] usb 1-1: Product: syz [ 1474.627309][T13768] usb 1-1: Manufacturer: syz [ 1474.632254][T13768] usb 1-1: SerialNumber: syz [ 1474.668155][T18381] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1474.708059][ T30] audit: type=1400 audit(1766387469.655:1365): avc: denied { listen } for pid=23319 comm="syz.4.4922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1475.728068][T18381] usb 2-1: Using ep0 maxpacket: 32 [ 1475.738745][T18381] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1475.747852][T18381] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1476.232336][T13768] xr_serial 1-1:127.171: xr_serial converter detected [ 1476.243987][T13768] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1476.252494][T13768] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1476.267023][T18381] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1476.304285][T13768] usb 1-1: USB disconnect, device number 122 [ 1476.323246][T13768] xr_serial 1-1:127.171: device disconnected [ 1476.331693][T23330] comedi comedi3: comedi_config --init_data is deprecated [ 1476.766327][T18381] gspca_nw80x: reg_w err -71 [ 1476.828744][T18381] nw80x 2-1:3.0: probe with driver nw80x failed with error -71 [ 1476.888728][T18381] usb 2-1: USB disconnect, device number 88 [ 1477.515483][ T6020] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1478.751593][T23358] syz_tun: entered allmulticast mode [ 1478.760877][T23358] pimreg: entered allmulticast mode [ 1478.845195][T23357] syz_tun: left allmulticast mode [ 1479.025561][T23338] lo speed is unknown, defaulting to 1000 [ 1479.060210][T23364] FAULT_INJECTION: forcing a failure. [ 1479.060210][T23364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1479.215828][T23364] CPU: 1 UID: 0 PID: 23364 Comm: syz.2.4931 Tainted: G L syzkaller #0 PREEMPT(full) [ 1479.215861][T23364] Tainted: [L]=SOFTLOCKUP [ 1479.215869][T23364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1479.215881][T23364] Call Trace: [ 1479.215887][T23364] [ 1479.215896][T23364] dump_stack_lvl+0x16c/0x1f0 [ 1479.215915][T23364] should_fail_ex+0x512/0x640 [ 1479.215936][T23364] _copy_from_user+0x2e/0xd0 [ 1479.215954][T23364] video_usercopy+0xb5e/0x16c0 [ 1479.215969][T23364] ? __pfx___video_do_ioctl+0x10/0x10 [ 1479.215982][T23364] ? selinux_kernel_read_file+0x61/0x120 [ 1479.215998][T23364] ? __pfx_video_usercopy+0x10/0x10 [ 1479.216021][T23364] v4l2_ioctl+0x1bd/0x250 [ 1479.216034][T23364] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1479.216047][T23364] __x64_sys_ioctl+0x18e/0x210 [ 1479.216063][T23364] do_syscall_64+0xcd/0xf80 [ 1479.216080][T23364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.216093][T23364] RIP: 0033:0x7f87b7b8f749 [ 1479.216102][T23364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1479.216114][T23364] RSP: 002b:00007f87b8a2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1479.216125][T23364] RAX: ffffffffffffffda RBX: 00007f87b7de5fa0 RCX: 00007f87b7b8f749 [ 1479.216133][T23364] RDX: 0000200000000100 RSI: 00000000c0205648 RDI: 0000000000000006 [ 1479.216141][T23364] RBP: 00007f87b8a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 1479.216148][T23364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1479.216155][T23364] R13: 00007f87b7de6038 R14: 00007f87b7de5fa0 R15: 00007ffc7db0c2d8 [ 1479.216173][T23364] [ 1480.458400][T13768] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1480.708102][T13768] usb 3-1: Using ep0 maxpacket: 8 [ 1480.722838][T13768] usb 3-1: config 127 has an invalid interface number: 171 but max is 1 [ 1480.722868][T13768] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1480.722887][T13768] usb 3-1: config 127 has no interface number 1 [ 1480.722919][T13768] usb 3-1: config 127 interface 171 has no altsetting 0 [ 1480.727468][T13768] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1480.727503][T13768] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1480.727523][T13768] usb 3-1: Product: syz [ 1480.727532][T13768] usb 3-1: Manufacturer: syz [ 1480.727542][T13768] usb 3-1: SerialNumber: syz [ 1481.134590][T23385] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.4937'. [ 1481.428066][T15167] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1481.504761][T23378] lo speed is unknown, defaulting to 1000 [ 1481.618213][T15167] usb 2-1: Using ep0 maxpacket: 32 [ 1481.652532][T15167] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1481.729376][T15167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1481.777691][T15167] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1482.208396][ T5949] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1482.508465][ T5949] usb 5-1: Using ep0 maxpacket: 8 [ 1482.525694][ T5949] usb 5-1: config 127 has an invalid interface number: 171 but max is 1 [ 1482.585942][ T5949] usb 5-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1482.636617][ T5949] usb 5-1: config 127 has no interface number 1 [ 1482.751118][ T5949] usb 5-1: config 127 interface 171 has no altsetting 0 [ 1482.824459][ T5949] usb 5-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1482.837640][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1482.882003][ T5949] usb 5-1: Product: syz [ 1482.888691][T15167] gspca_nw80x: reg_w err -71 [ 1482.892494][ T5949] usb 5-1: Manufacturer: syz [ 1482.894934][T15167] nw80x 2-1:3.0: probe with driver nw80x failed with error -71 [ 1482.898259][ T5949] usb 5-1: SerialNumber: syz [ 1482.960935][T15167] usb 2-1: USB disconnect, device number 89 [ 1485.104743][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.549611][T13768] xr_serial 3-1:127.171: xr_serial converter detected [ 1486.564550][T13768] xr_serial ttyUSB0: Failed to set reg 0x1a: -32 [ 1486.571210][T13768] xr_serial ttyUSB0: probe with driver xr_serial failed with error -32 [ 1486.640721][T13768] usb 3-1: USB disconnect, device number 54 [ 1486.701892][T13768] xr_serial 3-1:127.171: device disconnected [ 1486.726003][ T5949] xr_serial 5-1:127.171: xr_serial converter detected [ 1486.766246][ T5949] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1486.787356][ T5949] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1486.930937][ T5949] usb 5-1: USB disconnect, device number 101 [ 1486.952380][ T5949] xr_serial 5-1:127.171: device disconnected [ 1486.970204][ T5870] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 1487.428076][ T5870] usb 1-1: Using ep0 maxpacket: 8 [ 1487.496139][ T5870] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1487.570913][ T5870] usb 1-1: config 0 has an invalid interface number: 104 but max is 0 [ 1487.678749][ T5870] usb 1-1: config 0 has no interface number 0 [ 1487.701610][ T5870] usb 1-1: config 0 interface 104 altsetting 129 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 1487.725059][ T5870] usb 1-1: config 0 interface 104 has no altsetting 0 [ 1488.236625][ T5870] usb 1-1: New USB device found, idVendor=2c7c, idProduct=0195, bcdDevice=2f.46 [ 1488.267490][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1488.277871][ T5870] usb 1-1: Product: syz [ 1488.294380][ T5870] usb 1-1: config 0 descriptor?? [ 1488.299934][ T5870] usb 1-1: can't set config #0, error -71 [ 1488.310451][ T5870] usb 1-1: USB disconnect, device number 123 [ 1488.320786][T23427] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1488.504842][T23439] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.4953'. [ 1488.668316][ T5870] usb 1-1: new high-speed USB device number 124 using dummy_hcd [ 1488.692548][T18381] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 1488.788283][T23111] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1488.958028][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1489.015631][ T5870] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1489.053781][T23111] usb 5-1: Using ep0 maxpacket: 32 [ 1489.059230][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.071481][T23111] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1490.140089][ T5870] usb 1-1: config 0 descriptor?? [ 1490.145368][T23111] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1490.154633][T18381] usb 3-1: Using ep0 maxpacket: 8 [ 1490.169909][T18381] usb 3-1: config 127 has an invalid interface number: 171 but max is 1 [ 1490.204229][T23111] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1490.210836][T18381] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1490.228805][T18381] usb 3-1: config 127 has no interface number 1 [ 1490.235180][T18381] usb 3-1: config 127 interface 171 has no altsetting 0 [ 1490.252375][T18381] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1490.290178][T18381] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.304797][T18381] usb 3-1: Product: syz [ 1490.318471][T18381] usb 3-1: Manufacturer: syz [ 1490.323246][T18381] usb 3-1: SerialNumber: syz [ 1491.658545][T23111] gspca_nw80x: reg_w err -110 [ 1491.663349][T23111] nw80x 5-1:3.0: probe with driver nw80x failed with error -110 [ 1491.683030][ T5870] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor [ 1491.708332][ T5870] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0014/input/input55 [ 1491.737382][ T5940] usb 5-1: USB disconnect, device number 102 [ 1491.798552][T18381] xr_serial 3-1:127.171: xr_serial converter detected [ 1491.820155][T18381] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1491.826596][T18381] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1491.897959][T18381] usb 3-1: USB disconnect, device number 55 [ 1491.936135][T18381] xr_serial 3-1:127.171: device disconnected [ 1491.959928][ T5870] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 1493.470887][T15353] usb 1-1: USB disconnect, device number 124 [ 1493.548333][ T5940] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1493.758207][ T5940] usb 5-1: Using ep0 maxpacket: 8 [ 1493.789508][ T5940] usb 5-1: config 127 has an invalid interface number: 171 but max is 1 [ 1493.797882][ T5940] usb 5-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1493.898062][ T5940] usb 5-1: config 127 has no interface number 1 [ 1493.904787][ T5940] usb 5-1: config 127 interface 171 has no altsetting 0 [ 1493.989385][ T5940] usb 5-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1494.058293][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1494.066412][ T5940] usb 5-1: Product: syz [ 1494.070664][ T5940] usb 5-1: Manufacturer: syz [ 1494.075261][ T5940] usb 5-1: SerialNumber: syz [ 1494.150001][T23470] FAULT_INJECTION: forcing a failure. [ 1494.150001][T23470] name failslab, interval 1, probability 0, space 0, times 0 [ 1494.193713][T23470] CPU: 0 UID: 0 PID: 23470 Comm: syz.2.4963 Tainted: G L syzkaller #0 PREEMPT(full) [ 1494.193743][T23470] Tainted: [L]=SOFTLOCKUP [ 1494.193748][T23470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1494.193755][T23470] Call Trace: [ 1494.193759][T23470] [ 1494.193765][T23470] dump_stack_lvl+0x16c/0x1f0 [ 1494.193785][T23470] should_fail_ex+0x512/0x640 [ 1494.193815][T23470] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1494.193839][T23470] should_failslab+0xc2/0x120 [ 1494.193869][T23470] kmem_cache_alloc_noprof+0x83/0x770 [ 1494.193883][T23470] ? skb_clone+0x190/0x3f0 [ 1494.193899][T23470] ? skb_clone+0x190/0x3f0 [ 1494.193910][T23470] skb_clone+0x190/0x3f0 [ 1494.193922][T23470] netlink_deliver_tap+0xabd/0xd30 [ 1494.193946][T23470] netlink_unicast+0x64c/0x870 [ 1494.193978][T23470] ? __pfx_netlink_unicast+0x10/0x10 [ 1494.194015][T23470] netlink_sendmsg+0x8c8/0xdd0 [ 1494.194033][T23470] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1494.194053][T23470] ____sys_sendmsg+0xa5d/0xc30 [ 1494.194069][T23470] ? copy_msghdr_from_user+0x10a/0x160 [ 1494.194086][T23470] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1494.194129][T23470] ___sys_sendmsg+0x134/0x1d0 [ 1494.194153][T23470] ? __pfx____sys_sendmsg+0x10/0x10 [ 1494.194188][T23470] __sys_sendmsg+0x16d/0x220 [ 1494.194200][T23470] ? __pfx___sys_sendmsg+0x10/0x10 [ 1494.194224][T23470] do_syscall_64+0xcd/0xf80 [ 1494.194255][T23470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1494.194277][T23470] RIP: 0033:0x7f87b7b8f749 [ 1494.194295][T23470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1494.194315][T23470] RSP: 002b:00007f87b8a2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1494.194327][T23470] RAX: ffffffffffffffda RBX: 00007f87b7de5fa0 RCX: 00007f87b7b8f749 [ 1494.194335][T23470] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 1494.194342][T23470] RBP: 00007f87b8a2a090 R08: 0000000000000000 R09: 0000000000000000 [ 1494.194349][T23470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1494.194356][T23470] R13: 00007f87b7de6038 R14: 00007f87b7de5fa0 R15: 00007ffc7db0c2d8 [ 1494.194380][T23470] [ 1494.768407][ T5949] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1495.084652][ T5949] usb 2-1: Using ep0 maxpacket: 8 [ 1495.086881][T23475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4954'. [ 1495.096716][ T5949] usb 2-1: config 127 has an invalid interface number: 171 but max is 1 [ 1495.160989][T23475] rdma_rxe: rxe_newlink: failed to add lo [ 1495.330862][ T5949] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1495.363936][ T5949] usb 2-1: config 127 has no interface number 1 [ 1496.105499][ T5949] usb 2-1: config 127 interface 171 has no altsetting 0 [ 1496.240600][ T5940] xr_serial 5-1:127.171: xr_serial converter detected [ 1496.264192][ T5940] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1496.273219][ T5949] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1496.292711][ T5949] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1496.302865][ T5940] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1496.934329][ T5949] usb 2-1: Product: syz [ 1496.963673][ T5949] usb 2-1: Manufacturer: syz [ 1497.004666][ T5949] usb 2-1: SerialNumber: syz [ 1497.140912][ T5940] usb 5-1: USB disconnect, device number 103 [ 1497.274183][ T5940] xr_serial 5-1:127.171: device disconnected [ 1497.618067][T17933] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1497.736246][ T5949] xr_serial 2-1:127.171: xr_serial converter detected [ 1497.849380][ T5949] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1497.978825][T17933] usb 3-1: Using ep0 maxpacket: 32 [ 1498.119972][T17933] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1498.158162][ T5949] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1498.183925][T17933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1498.208310][T17933] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1498.222125][ T5949] usb 2-1: USB disconnect, device number 90 [ 1498.251445][ T5949] xr_serial 2-1:127.171: device disconnected [ 1498.567471][ T5870] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1498.578067][T23529] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1498.587022][T23529] overlayfs: overlapping lowerdir path [ 1498.798410][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 1498.864648][ T5940] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 1498.865298][ T5870] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1498.980657][ T5870] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1499.083735][ T5870] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1499.153370][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1499.217846][ T5870] usb 5-1: config 0 descriptor?? [ 1499.299126][T17933] gspca_nw80x: reg_w err -71 [ 1499.304278][T17933] nw80x 3-1:3.0: probe with driver nw80x failed with error -71 [ 1499.318218][ T5940] usb 1-1: Using ep0 maxpacket: 8 [ 1499.337868][T17933] usb 3-1: USB disconnect, device number 56 [ 1499.345456][ T5940] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 1499.387079][ T5940] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1499.409870][ T5940] usb 1-1: config 127 has no interface number 1 [ 1499.416267][ T5940] usb 1-1: config 127 interface 171 has no altsetting 0 [ 1499.446816][ T5940] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1499.456957][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1499.476906][ T5940] usb 1-1: Product: syz [ 1499.481236][ T5940] usb 1-1: Manufacturer: syz [ 1499.485844][ T5940] usb 1-1: SerialNumber: syz [ 1500.018632][T13770] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1500.178572][T13770] usb 2-1: device descriptor read/64, error -71 [ 1500.788251][T13770] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1501.336257][ T5870] usb 5-1: USB disconnect, device number 104 [ 1501.448072][T13770] usb 2-1: device descriptor read/64, error -71 [ 1501.752723][T13770] usb usb2-port1: attempt power cycle [ 1503.291711][ T30] audit: type=1326 audit(1766387497.225:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23554 comm="syz.3.4984" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb5318f749 code=0x0 [ 1503.594696][ T5940] xr_serial 1-1:127.171: xr_serial converter detected [ 1503.618077][T13770] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1503.660315][ T5940] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1503.666926][ T5940] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1503.697688][ T30] audit: type=1400 audit(1766387497.595:1367): avc: denied { mounton } for pid=23554 comm="syz.3.4984" path=2F70726F632F313039392F7461736B2F31313033202864656C6574656429 dev="proc" ino=87722 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 1503.764177][T13770] usb 2-1: device descriptor read/8, error -71 [ 1503.777847][ T5940] usb 1-1: USB disconnect, device number 125 [ 1503.796722][ T5940] xr_serial 1-1:127.171: device disconnected [ 1505.278109][T21522] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1505.305761][ T30] audit: type=1326 audit(1766387500.275:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23583 comm="syz.3.4992" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb5318f749 code=0x0 [ 1505.617428][T21522] usb 3-1: Using ep0 maxpacket: 32 [ 1505.624169][T21522] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1505.633391][T21522] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1505.638146][T23111] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 1505.657940][T21522] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1505.718320][T18381] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1505.728344][ T5870] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1505.790974][T23111] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1505.801408][T23111] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1505.811950][T23111] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 0.00 [ 1505.822439][T23111] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1505.830677][T23111] usb 4-1: SerialNumber: syz [ 1505.849917][T23111] usb 4-1: 0:2 : does not exist [ 1505.868215][T18381] usb 2-1: Using ep0 maxpacket: 32 [ 1505.875169][T18381] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1505.885771][T18381] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1505.894923][T18381] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1505.904518][T18381] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1505.913463][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1505.924201][ T5870] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1505.935091][T18381] usb 2-1: config 0 descriptor?? [ 1505.940495][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1505.958489][ T5870] usb 5-1: config 0 descriptor?? [ 1506.375687][T23592] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1506.386167][T23592] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1506.697518][T21522] gspca_nw80x: reg_w err -71 [ 1506.728165][T21522] nw80x 3-1:3.0: probe with driver nw80x failed with error -71 [ 1506.746199][T21522] usb 3-1: USB disconnect, device number 57 [ 1506.825440][T23602] tipc: Started in network mode [ 1506.830435][T23602] tipc: Node identity 4, cluster identity 4711 [ 1506.836617][T23602] tipc: Node number set to 4 [ 1507.216486][ T5870] lg-g15 0003:046D:C222.0015: unbalanced delimiter at end of report description [ 1507.226491][ T5870] lg-g15 0003:046D:C222.0015: probe with driver lg-g15 failed with error -22 [ 1507.239074][ T5870] usb 5-1: USB disconnect, device number 105 [ 1507.580990][T23111] usb 4-1: USB disconnect, device number 107 [ 1507.879151][T21522] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 1508.074102][T21723] udevd[21723]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1508.202951][T21522] usb 1-1: Using ep0 maxpacket: 8 [ 1508.220354][T21522] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 1508.230171][T21522] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1508.244892][T21522] usb 1-1: config 127 has no interface number 1 [ 1508.252540][T21522] usb 1-1: config 127 interface 171 has no altsetting 0 [ 1508.262666][T21522] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1508.272962][T21522] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.282599][T21522] usb 1-1: Product: syz [ 1508.286944][T21522] usb 1-1: Manufacturer: syz [ 1508.291972][T21522] usb 1-1: SerialNumber: syz [ 1508.659749][T23111] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1508.967940][ T5940] usb 2-1: USB disconnect, device number 95 [ 1509.117340][T23111] usb 4-1: device descriptor read/64, error -71 [ 1509.368152][T23111] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1509.658212][T23111] usb 4-1: device descriptor read/64, error -71 [ 1509.798374][T23111] usb usb4-port1: attempt power cycle [ 1509.978764][T10222] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1510.718079][T23111] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1510.768946][T23111] usb 4-1: device descriptor read/8, error -71 [ 1512.061287][T21522] xr_serial 1-1:127.171: xr_serial converter detected [ 1512.142061][T23637] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.5006'. [ 1512.196206][T21522] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1512.518173][T21522] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1512.989379][T21522] usb 1-1: USB disconnect, device number 126 [ 1514.173649][T21522] xr_serial 1-1:127.171: device disconnected [ 1514.548126][T21522] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 1514.581045][T23657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5014'. [ 1514.738231][T21522] usb 1-1: Using ep0 maxpacket: 32 [ 1514.753586][T21522] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1514.786147][T21522] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1514.812659][T21522] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1514.837510][T21522] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1514.874131][T21522] usb 1-1: config 0 descriptor?? [ 1515.552633][T23664] fuse: Unknown parameter 'user_id00000000000000000000' [ 1516.367091][T23678] netlink: 'syz.3.5019': attribute type 39 has an invalid length. [ 1517.058082][ T5870] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1517.255181][ T5870] usb 4-1: Using ep0 maxpacket: 8 [ 1517.283463][ T5870] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 1517.319291][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1517.336268][ T5870] usb 4-1: Product: syz [ 1517.346401][ T5870] usb 4-1: Manufacturer: syz [ 1517.660914][T13768] usb 1-1: USB disconnect, device number 127 [ 1517.671075][ T5870] usb 4-1: SerialNumber: syz [ 1517.702106][ T5870] usb 4-1: config 0 descriptor?? [ 1517.737848][T23690] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.5021'. [ 1517.956930][ T5870] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1517.966375][ T5870] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 1517.987099][ T5870] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1517.997490][ T5870] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1518.015494][ T5870] usb 4-1: USB disconnect, device number 112 [ 1518.908068][T21522] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1518.938098][ T5870] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1519.248395][ T5870] usb 2-1: device descriptor read/64, error -71 [ 1519.408058][T21522] usb 3-1: Using ep0 maxpacket: 32 [ 1519.414712][T21522] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1519.424687][T21522] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1519.451148][T21522] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1520.587129][T23712] fuse: Bad value for 'fd' [ 1521.346330][T21522] gspca_nw80x: reg_w err -110 [ 1521.346488][ T5870] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1521.398133][T21522] nw80x 3-1:3.0: probe with driver nw80x failed with error -110 [ 1521.578970][ T5870] usb 2-1: device descriptor read/64, error -71 [ 1522.141738][ T5870] usb usb2-port1: attempt power cycle [ 1522.523927][ T5870] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1522.779441][ T5870] usb 2-1: Using ep0 maxpacket: 32 [ 1522.786331][ T5870] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1522.802924][ T5870] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1522.817857][ T5870] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1522.831542][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1522.883752][ T5870] usb 2-1: config 0 descriptor?? [ 1523.198113][T14185] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1523.258769][T21522] usb 3-1: USB disconnect, device number 58 [ 1523.349809][T14185] usb 1-1: config 0 has no interfaces? [ 1523.356354][T14185] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1523.369834][T14185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1523.380587][T14185] usb 1-1: config 0 descriptor?? [ 1523.634000][T21522] usb 1-1: USB disconnect, device number 2 [ 1523.648084][T14185] usb 4-1: new full-speed USB device number 113 using dummy_hcd [ 1524.248057][T14185] usb 4-1: device descriptor read/64, error -71 [ 1524.513377][T23756] netlink: 88 bytes leftover after parsing attributes in process `syz.0.5039'. [ 1524.848973][T14185] usb 4-1: new full-speed USB device number 114 using dummy_hcd [ 1525.498305][T14185] usb 4-1: device descriptor read/64, error -71 [ 1525.677686][T14185] usb usb4-port1: attempt power cycle [ 1526.271911][T19725] usb 2-1: USB disconnect, device number 98 [ 1526.308351][T14185] usb 4-1: new full-speed USB device number 115 using dummy_hcd [ 1526.533186][T14185] usb 4-1: device descriptor read/8, error -71 [ 1526.617502][T23773] binder_alloc: 23766: binder_alloc_buf, no vma [ 1526.994090][ T30] audit: type=1400 audit(1766387521.585:1369): avc: denied { call } for pid=23766 comm="syz.1.5043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1527.218162][T19725] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1527.938207][T19725] usb 1-1: Using ep0 maxpacket: 8 [ 1527.971370][T19725] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 1527.981808][T19725] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1528.008963][T19725] usb 1-1: config 127 has no interface number 1 [ 1528.031243][T19725] usb 1-1: config 127 interface 171 has no altsetting 0 [ 1528.365700][T19725] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 1528.388588][T23783] netlink: 'syz.4.5047': attribute type 10 has an invalid length. [ 1528.408217][T19725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.417299][T19725] usb 1-1: Product: syz [ 1528.426555][T19725] usb 1-1: Manufacturer: syz [ 1528.429935][T23783] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1528.487829][T19725] usb 1-1: SerialNumber: syz [ 1528.776422][T23786] bond0: (slave wlan1): Releasing backup interface [ 1529.022797][T23793] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5050'. [ 1530.481659][T23809] netlink: 116 bytes leftover after parsing attributes in process `syz.2.5052'. [ 1530.521774][T23809] netlink: 116 bytes leftover after parsing attributes in process `syz.2.5052'. [ 1531.084093][T19725] xr_serial 1-1:127.171: xr_serial converter detected [ 1531.108648][T19725] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 1531.238149][T19725] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 1531.255859][T19725] usb 1-1: USB disconnect, device number 3 [ 1531.269814][T19725] xr_serial 1-1:127.171: device disconnected [ 1531.945932][T23817] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5055'. [ 1533.202694][ T77] wlan0: Trigger new scan to find an IBSS to join [ 1533.941501][T23839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1534.016969][T23839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1534.788312][T23844] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.5060'. [ 1536.054033][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1536.408891][T23854] comedi comedi3: comedi_config --init_data is deprecated [ 1540.315439][T13770] IPVS: starting estimator thread 0... [ 1540.326465][T23881] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.5073'. [ 1540.470206][T23882] IPVS: using max 41 ests per chain, 98400 per kthread [ 1541.740919][T23908] lo speed is unknown, defaulting to 1000 [ 1541.873664][T23902] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5066'. [ 1545.179951][T10222] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1545.803924][ T30] audit: type=1400 audit(1766387540.775:1370): avc: denied { accept } for pid=23936 comm="syz.3.5084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1545.833196][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.001568][ T849] IPVS: starting estimator thread 0... [ 1546.098103][T23944] IPVS: using max 37 ests per chain, 88800 per kthread [ 1546.445601][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1546.454860][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1546.465162][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1546.726215][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1546.735956][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1546.745016][T23947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5085'. [ 1547.267090][T23955] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 1547.273623][T23955] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1547.307429][T23955] vhci_hcd vhci_hcd.0: Device attached [ 1547.698399][ T849] usb 35-1: new high-speed USB device number 3 using vhci_hcd [ 1549.801238][T23956] vhci_hcd: connection reset by peer [ 1549.814538][ T144] vhci_hcd vhci_hcd.1: stop threads [ 1549.828013][ T144] vhci_hcd vhci_hcd.1: release socket [ 1549.886810][ T144] vhci_hcd vhci_hcd.1: disconnect device [ 1550.794169][T23973] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5091'. [ 1553.808126][ T849] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 1554.226884][ T5870] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1554.543248][ T5870] usb 1-1: Using ep0 maxpacket: 32 [ 1554.555108][ T5870] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1554.605289][ T5870] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1554.645461][ T5870] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1554.657742][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1554.711428][ T5870] usb 1-1: config 0 descriptor?? [ 1555.346373][T24015] binder: 24010:24015 ioctl c0306201 0 returned -14 [ 1556.568869][T15353] IPVS: starting estimator thread 0... [ 1556.710101][T24022] IPVS: using max 43 ests per chain, 103200 per kthread [ 1556.971657][T24026] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5107'. [ 1556.980810][T24026] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5107'. [ 1556.990514][T24026] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5107'. [ 1558.087463][ T30] audit: type=1400 audit(1766387553.055:1371): avc: denied { override_creds } for pid=24033 comm="syz.1.5110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 1558.611619][T15353] usb 1-1: USB disconnect, device number 4 [ 1558.665100][T24037] random: crng reseeded on system resumption [ 1665.117950][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1665.124964][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P14124/1:b..l P5186/1:b..l [ 1665.134811][ C1] rcu: (detected by 1, t=10502 jiffies, g=120185, q=727 ncpus=2) [ 1665.142629][ C1] task:udevd state:R running task stack:24152 pid:5186 tgid:5186 ppid:1 task_flags:0x400140 flags:0x00080000 [ 1665.157499][ C1] Call Trace: [ 1665.160971][ C1] [ 1665.163912][ C1] ? __schedule+0x10b9/0x6150 [ 1665.168609][ C1] __schedule+0x1139/0x6150 [ 1665.173121][ C1] ? __kernel_text_address+0xd/0x40 [ 1665.178356][ C1] ? __pfx___schedule+0x10/0x10 [ 1665.183214][ C1] ? irqentry_exit+0x1dd/0x8c0 [ 1665.187997][ C1] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 1665.194074][ C1] preempt_schedule_notrace+0x62/0xe0 [ 1665.199464][ C1] preempt_schedule_notrace_thunk+0x16/0x30 [ 1665.205371][ C1] rcu_is_watching+0x8e/0xc0 [ 1665.209969][ C1] unwind_next_frame+0xa86/0x20b0 [ 1665.215010][ C1] ? arch_stack_walk+0x73/0x100 [ 1665.219883][ C1] __unwind_start+0x45f/0x7f0 [ 1665.224575][ C1] ? __kernel_text_address+0xd/0x40 [ 1665.229789][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1665.235955][ C1] arch_stack_walk+0x73/0x100 [ 1665.240657][ C1] ? arch_stack_walk+0x73/0x100 [ 1665.245530][ C1] stack_trace_save+0x8e/0xc0 [ 1665.250215][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1665.255596][ C1] ? __lock_acquire+0x436/0x2890 [ 1665.260540][ C1] kasan_save_stack+0x33/0x60 [ 1665.265279][ C1] kasan_save_track+0x14/0x30 [ 1665.269982][ C1] kasan_save_free_info+0x3b/0x60 [ 1665.275025][ C1] __kasan_slab_free+0x5f/0x80 [ 1665.279805][ C1] kmem_cache_free+0x2d8/0x770 [ 1665.284575][ C1] ? seq_release+0x4b/0x80 [ 1665.289001][ C1] ? seq_release+0x5a/0x80 [ 1665.293429][ C1] ? seq_release+0x5a/0x80 [ 1665.297847][ C1] seq_release+0x5a/0x80 [ 1665.302096][ C1] kernfs_fop_release+0xf4/0x1e0 [ 1665.307052][ C1] ? __pfx_kernfs_fop_release+0x10/0x10 [ 1665.312676][ C1] __fput+0x402/0xb70 [ 1665.316674][ C1] fput_close_sync+0x118/0x260 [ 1665.321441][ C1] ? __pfx_fput_close_sync+0x10/0x10 [ 1665.326728][ C1] ? dnotify_flush+0x79/0x4c0 [ 1665.331420][ C1] __x64_sys_close+0x8b/0x120 [ 1665.336106][ C1] do_syscall_64+0xcd/0xf80 [ 1665.340624][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1665.346522][ C1] RIP: 0033:0x7fa54e04fa67 [ 1665.350937][ C1] RSP: 002b:00007ffd0eedfd08 EFLAGS: 00000297 ORIG_RAX: 0000000000000003 [ 1665.359367][ C1] RAX: ffffffffffffffda RBX: 00005639dcebb5c0 RCX: 00007fa54e04fa67 [ 1665.367341][ C1] RDX: 00007fa54e129ea0 RSI: 00005639dcec4dd0 RDI: 000000000000000c [ 1665.375321][ C1] RBP: 00007fa54e129ff0 R08: 0000000000000000 R09: 0000000000000000 [ 1665.383299][ C1] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000000 [ 1665.391278][ C1] R13: 3d45505954564544 R14: 3d5845444e494649 R15: 3d454d414e564544 [ 1665.399365][ C1] [ 1665.402380][ C1] task:kworker/u8:21 state:R running task stack:22792 pid:14124 tgid:14124 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1665.415989][ C1] Workqueue: iou_exit io_ring_exit_work [ 1665.421564][ C1] Call Trace: [ 1665.424838][ C1] [ 1665.427767][ C1] ? __schedule+0x10b9/0x6150 [ 1665.432452][ C1] __schedule+0x1139/0x6150 [ 1665.436987][ C1] ? __pfx___schedule+0x10/0x10 [ 1665.441849][ C1] ? mark_held_locks+0x49/0x80 [ 1665.446625][ C1] preempt_schedule_irq+0x51/0x90 [ 1665.451657][ C1] irqentry_exit+0x1d8/0x8c0 [ 1665.456262][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1665.462250][ C1] RIP: 0010:lock_release+0x183/0x2d0 [ 1665.467543][ C1] Code: 0f c1 05 48 01 19 12 83 f8 01 0f 85 03 01 00 00 9c 58 f6 c4 02 0f 85 ee 00 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 dd b9 18 12 0f 85 32 01 00 00 48 83 c4 18 5b 41 5c 41 [ 1665.487155][ C1] RSP: 0018:ffffc90003e5f4e0 EFLAGS: 00000206 [ 1665.493226][ C1] RAX: a1d5f29a54f8ad00 RBX: ffffffff8e3c96a0 RCX: ffffc90003e5f4ec [ 1665.501197][ C1] RDX: 0000000000000003 RSI: ffffffff8daa7e2d RDI: ffffffff8bf2b400 [ 1665.509175][ C1] RBP: 0000000000000001 R08: ffffffff9126186e R09: 00000000f3108260 [ 1665.517146][ C1] R10: 0000000000000002 R11: 000000000000a963 R12: ffffffff816cb9a4 [ 1665.525118][ C1] R13: 0000000000000206 R14: ffff88802d618000 R15: 0000000000000004 [ 1665.533094][ C1] ? unwind_next_frame+0x3f4/0x20b0 [ 1665.538331][ C1] unwind_next_frame+0x3f9/0x20b0 [ 1665.543369][ C1] ? stack_trace_save+0x8e/0xc0 [ 1665.548236][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1665.554396][ C1] arch_stack_walk+0x94/0x100 [ 1665.559091][ C1] ? kasan_save_stack+0x33/0x60 [ 1665.563952][ C1] stack_trace_save+0x8e/0xc0 [ 1665.568648][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1665.574062][ C1] ? __lock_acquire+0x436/0x2890 [ 1665.579029][ C1] kasan_save_stack+0x33/0x60 [ 1665.583798][ C1] kasan_record_aux_stack+0xa7/0xc0 [ 1665.589045][ C1] ? __pfx_slab_free_after_rcu_debug+0x10/0x10 [ 1665.595222][ C1] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1665.601141][ C1] kmem_cache_free+0x171/0x770 [ 1665.605926][ C1] ? __io_req_caches_free+0x19e/0x5c0 [ 1665.611341][ C1] ? __io_req_caches_free+0x19e/0x5c0 [ 1665.616740][ C1] __io_req_caches_free+0x19e/0x5c0 [ 1665.621976][ C1] io_ring_exit_work+0x33c/0x1130 [ 1665.627030][ C1] ? __pfx_io_ring_exit_work+0x10/0x10 [ 1665.632505][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 1665.637716][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1665.643555][ C1] ? debug_object_deactivate+0x1ec/0x3a0 [ 1665.649321][ C1] ? rcu_is_watching+0x12/0xc0 [ 1665.654100][ C1] process_one_work+0x9ba/0x1b20 [ 1665.659072][ C1] ? __pfx_process_one_work+0x10/0x10 [ 1665.664466][ C1] ? assign_work+0x1a0/0x250 [ 1665.669067][ C1] worker_thread+0x6c8/0xf10 [ 1665.673675][ C1] ? __kthread_parkme+0x19e/0x250 [ 1665.678707][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1665.683829][ C1] kthread+0x3c5/0x780 [ 1665.687908][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.692499][ C1] ? rcu_is_watching+0x12/0xc0 [ 1665.697287][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.701909][ C1] ret_from_fork+0x983/0xb10 [ 1665.706520][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1665.711646][ C1] ? __switch_to+0x7af/0x10d0 [ 1665.716334][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.720939][ C1] ret_from_fork_asm+0x1a/0x30 [ 1665.725744][ C1] [ 1665.728759][ C1] rcu: rcu_preempt kthread starved for 10557 jiffies! g120185 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1665.740046][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1665.750011][ C1] rcu: RCU grace-period kthread stack dump: [ 1665.755891][ C1] task:rcu_preempt state:R running task stack:28056 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 1665.769416][ C1] Call Trace: [ 1665.772695][ C1] [ 1665.775626][ C1] ? __schedule+0x10b9/0x6150 [ 1665.780315][ C1] __schedule+0x1139/0x6150 [ 1665.784859][ C1] ? __pfx___schedule+0x10/0x10 [ 1665.789720][ C1] ? find_held_lock+0x2b/0x80 [ 1665.794411][ C1] ? schedule+0x2d7/0x3a0 [ 1665.798748][ C1] schedule+0xe7/0x3a0 [ 1665.802819][ C1] schedule_timeout+0x123/0x290 [ 1665.807679][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 1665.813058][ C1] ? __pfx_process_timeout+0x10/0x10 [ 1665.818358][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1665.824189][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 1665.829666][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 1665.834450][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1665.839745][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 1665.844950][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 1665.849893][ C1] ? rcu_gp_cleanup+0x7c1/0xe90 [ 1665.854768][ C1] rcu_gp_kthread+0x26d/0x380 [ 1665.859461][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1665.864668][ C1] ? rcu_is_watching+0x12/0xc0 [ 1665.869436][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 1665.874647][ C1] ? __kthread_parkme+0x19e/0x250 [ 1665.879676][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1665.884938][ C1] kthread+0x3c5/0x780 [ 1665.889063][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.893663][ C1] ? rcu_is_watching+0x12/0xc0 [ 1665.898430][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.903031][ C1] ret_from_fork+0x983/0xb10 [ 1665.907633][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1665.912751][ C1] ? __switch_to+0x7af/0x10d0 [ 1665.917438][ C1] ? __pfx_kthread+0x10/0x10 [ 1665.922042][ C1] ret_from_fork_asm+0x1a/0x30 [ 1665.926839][ C1] [ 1665.929855][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 1665.936195][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 1665.946700][ C1] Tainted: [L]=SOFTLOCKUP [ 1665.951016][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1665.961170][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1665.966833][ C1] Code: c6 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 49 12 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 1665.986448][ C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6 [ 1665.992523][ C1] RAX: 0000000006eba33d RBX: 0000000000000001 RCX: ffffffff8b7816d9 [ 1666.000503][ C1] RDX: 0000000000000000 RSI: ffffffff8dacdeaf RDI: ffffffff8bf2b400 [ 1666.008476][ C1] RBP: ffffed1003b56498 R08: 0000000000000001 R09: ffffed10170a673d [ 1666.016446][ C1] R10: ffff8880b85339eb R11: ffff88801dab2ff0 R12: 0000000000000001 [ 1666.024418][ C1] R13: ffff88801dab24c0 R14: ffffffff9088b3d0 R15: 0000000000000000 [ 1666.032386][ C1] FS: 0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000 [ 1666.041331][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1666.047914][ C1] CR2: 00002000000b3030 CR3: 000000007a5a6000 CR4: 00000000003526f0 [ 1666.055886][ C1] Call Trace: [ 1666.059163][ C1] [ 1666.062094][ C1] default_idle+0x13/0x20 [ 1666.066440][ C1] default_idle_call+0x6c/0xb0 [ 1666.071222][ C1] do_idle+0x38d/0x510 [ 1666.075308][ C1] ? __pfx_do_idle+0x10/0x10 [ 1666.079934][ C1] cpu_startup_entry+0x4f/0x60 [ 1666.084720][ C1] start_secondary+0x21d/0x2d0 [ 1666.089485][ C1] ? __pfx_start_secondary+0x10/0x10 [ 1666.094776][ C1] common_startup_64+0x13e/0x148 [ 1666.099738][ C1] [ 1667.030851][T19426] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1667.032509][ T50] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1667.067725][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 SYZFAIL: failed to send rpc fd=3 want=264 sent=0 n=-1 (errno 32: Broken pipe) [ 1668.702414][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1668.711550][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1668.724164][ T5826] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1668.735184][ T5826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1668.743109][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1668.750904][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1668.769278][T16920] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1668.789435][T16920] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1668.808618][T16920] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1668.838309][T16920] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1668.868472][T16920] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1668.989883][T24076] lo speed is unknown, defaulting to 1000 [ 1670.282569][ T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1670.449542][ T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1670.581897][ T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1670.672643][ T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1671.755024][ T50] bond2 (unregistering): (slave bridge0): Releasing active interface [ 1671.947216][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1671.957666][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1671.967809][ T50] bond0 (unregistering): Released all slaves [ 1671.979524][ T50] bond1 (unregistering): Released all slaves [ 1671.990809][ T50] bond2 (unregistering): Released all slaves [ 1672.132906][ T50] bond3 (unregistering): Released all slaves [ 1672.224079][ T50] !9: left promiscuous mode [ 1672.726762][ T50] hsr_slave_0: left promiscuous mode [ 1672.732955][ T50] hsr_slave_1: left promiscuous mode [ 1672.739475][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1672.746884][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1672.755318][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1672.764003][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1672.790075][ T50] veth1_macvtap: left promiscuous mode [ 1672.795653][ T50] veth0_macvtap: left promiscuous mode [ 1672.803482][ T50] veth1_vlan: left promiscuous mode [ 1672.812642][ T50] veth0_vlan: left promiscuous mode [ 1673.322014][ T50] team0 (unregistering): Port device team_slave_1 removed [ 1673.371412][ T50] team0 (unregistering): Port device team_slave_0 removed [ 1673.857310][T10222] smc: removing ib device syz1 [ 1673.864842][T24061] lo speed is unknown, defaulting to 1000 [ 1673.878657][T24061] syz1: Port: 1 Link DOWN [ 1674.886812][ T50] IPVS: stop unused estimator thread 0... [ 1674.989396][ T50] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1675.053083][ T50] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0