last executing test programs: 4m45.864463395s ago: executing program 1 (id=1125): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed074e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xffffff69}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800) ioctl$XFS_IOC_GET_RESBLKS(r1, 0x80105873, &(0x7f0000000200)) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x300000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r3, 0x0, 0x13, &(0x7f0000000340)=0x200, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}], 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = fsopen(&(0x7f00000002c0)='cifs\x00', 0x1) pread64(r3, &(0x7f00000000c0)=""/154, 0x9a, 0x6) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000380)='io#harset\x05\x83d,\x80?\x80V\xee\xd6\x04\x87ek\xbd5+z%\xce\xc3\x9a\x13\x93V\xb8\x03\'5\xb3B\x01=\xf4\xff4\x8b\xff\x8d\x87\xd0[\x7f\xd7\xeb?cd\xee\xf6\xe4\x1e\x8c\xb3\xaf\xcc\xb3\x1fS\xb0.\'\x95\xd7\xf3\xf0\x9ao\xc9L\fi\x04?\x95\x12!\xd7!\xdbeKs\xf7}\xd7\x7f\xc5\x85\xd5\x94%\xb5Zr\x11\x06-c\n\xef\xf36', 0x0) ioctl$DVB_DEMUX_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000000)={0x26, 0x0, r4}) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000480)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x0, 0x0, 0x0, 0x1, {0xa, 0x1, 0x3, @loopback, 0x70}}}, 0x3a) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r5, 0x1e, &(0x7f0000000180)={r6}, 0x1) move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000064000/0x1000)=nil, &(0x7f00002db000/0x2000)=nil], 0x0, 0x0, 0x0) 4m45.687739039s ago: executing program 1 (id=1128): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, 0x0, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x4}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, 0x0) syz_kvm_add_vcpu$x86(0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f00000002c0)={[{0x5, 0x4, 0x5, 0x5, 0x2, 0x12, 0x7, 0xd, 0xb9, 0x3, 0xe, 0x8, 0x201}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xfb, 0x2, 0x3, 0x1f, 0x3, 0x4, 0x7b, 0x20e}, {0x6, 0x15, 0x18, 0x34, 0x48, 0xfd, 0x3, 0x84, 0x0, 0x4, 0x4, 0x7, 0x1}], 0xfaffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000500)={[0x7f, 0x88, 0x0, 0x40, 0x0, 0x7f, 0x2004cb, 0x1, 0xfffffd, 0x20000000000068ff, 0x5, 0x745, 0x8, 0x3, 0x0, 0x9], 0x1, 0x202}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12012000f1048108cd060202d4921f01000109021b1901000000f30904150001da0900000905", @ANYRES16], 0x0) syz_usb_connect$uac1(0x0, 0x104, &(0x7f0000000bc0)=ANY=[@ANYBLOB="12010002000000084d5321004000010203010902f20003010300180904000000010100000a240100380cc7480eb583a5ea180c560002010211240604050507000a000aec05000400f911240604030504000100020000000a24040305c1efa4b6580c240204050202070900060009340802004001336d0b240806ff0f0790960e2309040100000102000009040101018c0200000b24020101046440f71f9509240201000301ebc50924020102ff9c06dc090501094000030f010725010c000000090402000001020000090402010101020000112402010b0401024f9d4773d4881e8df45891ddf15a1dba78f20c2402020b00c93302a0977e0c2402016d0397102f5ad6951371b7ce7b47c05da0b418bf1207fb96b14afb0dceb4e7586fc3233a1ad418451081e538b3f571a5cff974409a8ad122bb7cdb37383298a29cf72c5023fa9fa496e35d9884fe70fc12b534a012230c01c9292f6355723b6bc12e018976021eb2d12f3ae87500bdca0ac8e75b"], &(0x7f00000008c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x8, 0x9, 0x8, 0x20, 0x6}, 0x5, &(0x7f0000000300)={0x5, 0xf, 0x5}, 0x4, [{0x102, &(0x7f0000000a40)=@string={0x102, 0x3, "2768cda37a7b061e8159bcf6ce4b55fffc5fe4bed2437895e46e8a09d2fdbe9aa72d1b5d553efbaf75c1c11730b1c6097a604204df31459c5a1cd880f5a24ae6db0ad501dbced2caa62bd25af9a72ff8a3c36a921c036703c11a271a9d03f30d7f5d4c065effd44822f3c8400ccc0000000000000000b7d20505d1652d68f8300d814ac74171ed40389d7e52985e911d6e576b4f938588199788e9f61f4a0eb306a873bb8d80a245f8befd895164da2429369b5b2ca1c51d42f0bbe7b6f3851aa613b9d7492fd9697d57c965d8cd9021d553138f0d804943e83d1438913fbafbb458b6217a0a8658d151c5cb691c04b10a4b93fd0307fa26f09f59b8d795a2a0"}}, {0xd2, &(0x7f0000000340)=ANY=[@ANYBLOB="d20315576af37f90b538c052539252b5ee28c4c321cc39158264e3d999dc6796f7118d0f45527a2d5504eb25eb5e35dc255dde6057c5fff39cd7308629721a81d576199b4748490499f292392a0e4c951296f19df3354670f1ab92cf8e299c323ccb4102996e3bdd18e06ec50b15a2ef1370f9eadad5e8ec94dffd835692a8f739ab1d27b48e04f92f44f5c7cda3deaab9efd4efb3c19aca728e96fa369df14dbcdfab37b7847f95735df580d6620abfffdc26a63dcae61d99a303f6f25d7a85993adbaa6c1a597a7c3bef6e7d64d69395bcc8a43eaaa122e665f934de939887027d3af35fcdac46ac9f77ab4ef12539bd154ac167e0136cd5a818998379e13feeee01a192fcd5d4373c62f55f1b6cdebf1ba079353656dd9b583aab9c251d8a4cca46d3449a33af31a21897739a8764959fd63740cf00"/332]}, {0x86, &(0x7f0000000740)=@string={0x86, 0x3, "3574bf4ca00a098275c5fadc88d3d0aee89937d42f348121644c20ae7164308e13a2880b4da56f9c80c8b0cfed2b9b75a88e50b8257213378e2cea6a109b7eb1261e77c85ed852ec5718c93a6c1bcfd3752406e93bbb2ddfffc4bab3024443d54b08635d69e6f88c6edd982032ea86f4b23223bc22fc1138257ab1ad3eb8e957fe51d16c"}}, {0x74, &(0x7f0000000800)=@string={0x74, 0x3, "dc23d8887f29cb9412d6fb729a2fc43d7a19490774b2bd9e68be263c85e1c74e969d69b693f2a2b3d10884a1f8caf1b79cc8ae99fea234e90caa9f3ef01902354308d10c706cabf41a6fe1c1014ba7ccb8d12e0e3a3e9d31148b55f347c599cff5b14c11b39078faf59e8db80316bd82f830"}}]}) syz_usb_connect$cdc_ncm(0x0, 0x79, &(0x7f0000000340)=ANY=[], &(0x7f0000000700)={0x0, 0x0, 0x5d, 0x0, 0x2, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x804}}, {0x58, 0x0}]}) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x10, &(0x7f0000000940)=@ready={0x0, 0x0, 0x8, "cc00", {0x1, 0x101, 0x8, 0x0, 0x1}}) syz_usb_control_io$hid(r4, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x21, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x2, 0x0, 0xe7}}}}}}, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000240)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x2, 0x2, 0x4c, 0x67, 0x0, 0xb, 0x6, 0x0, @remote, @remote, {[@timestamp_addr={0x44, 0x4, 0x8d, 0x1, 0x1}, @generic={0x86, 0x6, "0f46e320"}, @timestamp={0x44, 0x18, 0x62, 0x0, 0x1, [0x8, 0x40, 0x100, 0x6, 0x6]}]}}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x6071, 0x0, 0xe7}}}}}}, 0x0) 4m44.339901375s ago: executing program 1 (id=1134): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004bec0220a20603008cb4010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0xc70, 0xf00b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x80, 0x10, 0x81, "", [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0x60, {0x9, 0x21, 0x8, 0x2c, 0x1, {0x22, 0x2d6}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x1, 0xf, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x4, 0x7f, 0x2}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x0, 0x5, 0x3, 0x9, 0x0, 0x9}, 0x33, &(0x7f00000000c0)={0x5, 0xf, 0x33, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x9, 0x7, 0xff, 0x204}, @ss_container_id={0x14, 0x10, 0x4, 0xb, "550517c7252b269aa6a4289c614fb1ea"}, @generic={0xd, 0x10, 0xa, "cb00aca48fe2abf98e4e"}, @ptm_cap={0x3}]}, 0x4, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x430}}, {0x5b, &(0x7f0000000140)=@string={0x5b, 0x3, "49db7d74547510f55f23da311d324d012bd141a79ac265a1cef1951fa4ce7753f5301708de53221628037c6751aeb50bf422da74bf0483285e0273e1d93e9820f7469476b47cf84519675c8fc2083934e58bc83e32f8c3a33c"}}, {0x3d, &(0x7f00000001c0)=@string={0x3d, 0x3, "ae95d9b496ce86e65a717f08bc51295328f9d0dc819c8369f269f26614afcb6357b4491ee1746e71004daddf9756e721206f4d323ab8e0353924da"}}, {0x27, &(0x7f0000000200)=@string={0x27, 0x3, "82894f99f9fe697cf8797c313dfb843807b87ccce7cbedd12a7813fd6f756a6b850358e110"}}]}) syz_usb_control_io$hid(r1, &(0x7f0000000400)={0x24, &(0x7f00000002c0)={0x20, 0xf, 0x74, {0x74, 0x11, "677cfd1178ad99f4f1e3adc4aa06825e79582cb91ce8833c56270d91f6255696dc6e8690707d77644b41697ba0c255f83651843f72eb4ddb45164539c61f916aa03bb5c49e3923c9cb99ae398ae94269e417ac822e7e99000050957d503849db50bec5665718c7681a8eb4e2a9477dc55bd6"}}, &(0x7f0000000340)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40c}}, &(0x7f0000000380)={0x0, 0x22, 0x1e, {[@global=@item_012={0x0, 0x1, 0x6}, @local=@item_012={0x2, 0x2, 0x3, "d1fc"}, @local=@item_012={0x2, 0x2, 0x5, "7e96"}, @global=@item_4={0x3, 0x1, 0x9, "c19a7911"}, @local, @main=@item_012={0x1, 0x0, 0x9, 'V'}, @global=@item_4={0x3, 0x1, 0x1, "776993b2"}, @main=@item_012={0x2, 0x0, 0xb, "f8cf"}, @global=@item_4={0x3, 0x1, 0xa, "6292fdc7"}, @main=@item_012={0x1, 0x0, 0x8, "d7"}]}}, &(0x7f00000003c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x9, 0x4, 0x1, {0x22, 0x780}}}}, &(0x7f0000000600)={0x2c, &(0x7f0000000440)={0x40, 0x14, 0x74, "bff8f75be10128b9fe4b3b272fd444896620ee3c77a4e838d3a6f154c4867e01c13465194e898512bc97452f78ff081f541cd6932b7f705dfc50d88c98fce3238c18c6e4ed594229fbb1cc1594da4712f2ea51a12829d8986ffcdfd2ae541940a529ecf6cc022258ad54541804701b9368c63344"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000540)={0x20, 0x1, 0x42, "6341d0fd665424656287bce04b3a3510aea23d9a1ed31625ddabf6012365de628705848668a13ed8c37d8de4fdbb05a379a7bb0bdd64d6d67056be0842950fb0ec6d"}, &(0x7f00000005c0)={0x20, 0x3, 0x1, 0x5}}) 4m36.94760945s ago: executing program 1 (id=1143): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f00000001c0)) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f00000004c0)={r6, 0x0, 0x0, 0x0, 0x0, [], [0xfffffffc, 0x7, 0x3]}) r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f00000004c0)={r6, 0x0, 0x0, 0x0, 0x0, [], [0xfffffffc, 0x7, 0x3], [0x0, 0x3, 0xffffffff], [0x0, 0x0, 0x3]}) r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000001380)={0x0, 0x0, r9, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f00000012c0)={r10, 0x8002, 0x7fff, 0x0, 0x0, [], [0x2], [0x0, 0x4, 0xfffffffe, 0x5e8]}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001400)=@newqdisc={0x178, 0x24, 0xd0f, 0x70bd28, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x148, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x100, 0x5, 0x400, 0x9, 0x81, 0x101, 0xe, 0xc40, 0x7fffffff, 0xfffffffd, 0x1b, 0xa, 0xd, 0x6, 0x5, 0xffff}}, @TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}, @TCA_GRED_LIMIT={0x8, 0x5, 0x8}]}}]}, 0x178}, 0x1, 0x0, 0x0, 0x4040}, 0x24000004) 4m36.359548565s ago: executing program 1 (id=1147): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(r5, 0xf, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newlink={0x74, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x42, 0x2021}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @local}, {0x18, 0x4, @local}]}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @local}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) ioctl$SIOCAX25NOUID(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)) 4m36.055892428s ago: executing program 1 (id=1148): socket$qrtr(0x2a, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019300)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15) 4m20.863303341s ago: executing program 32 (id=1148): socket$qrtr(0x2a, 0x2, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019300)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15) 10.887449916s ago: executing program 2 (id=2090): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0) r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0x4, 0x880) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f0000000640)=[{0x4, 0x2000, 0x3b, &(0x7f0000000000)="0d91c8afd83406378ef69b5e83eba4de0c210f48d8b777fb3da7cb398d22947f24dc3630fe199606278e8e448d85ccf555cf78ca4b43e1bb0ee7de"}, {0x4, 0x3210, 0x46, &(0x7f0000000040)="f4e4417716764bd9c6f8aefc62e24016d00485bd80e29d32b0d9a40d8648cc366543f0917f90e5b5fe0651b8b729ad98ba05a723f1c1bcf183a3a288f1fb05dfb7979bba685f"}, {0x4, 0x1001, 0x93, &(0x7f0000000e00)="ebd195a66cd6ec75b04591d53364d95a2294c77dc19de5222965fb17252416d8b1452d50d6cb3bbcf3c9ffb77e47340dee8061b236eb49fabbb6ec331f1921f078bfdfb8aa9cc1f6cd4ef6f11301dfbdfd3685c51b8c2080a14ccc29a4baf42666b7d3c78c32da64cefaacf77fb833585afeea5ce5e9991fcc50ecfbad5f257976a381446b00"/147}, {0x8, 0x0, 0x11, &(0x7f0000000140)="5ba6c019a36653c920214f368c6302380c"}], 0x4}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socket(0x10, 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000003c0)={0x14, &(0x7f00000002c0)={0x40, 0x6, 0xb7, {0xb7, 0x23, "7b129fe5f741bdcd9980f18800263584255a0697962f0d6a258b75a62148543c4cfce49566ee5b3e0a834234385a282d61cad50701792b76218f7845b9b2d36e95e7dc6fdeda15bbcedfe9a648e78d5fac336c8ebdecac8f15159d3da27aa49eaedb8306a2b4203ff8f60c6e9afe3cc6e5951e4024a7a6547103a9df7cfa679c1fc87eb1abdbe1bda6693b75a7dcb0f487a17ea0dec2a0c6860eaeb78e2b7f05b429f2e548b3e8ef371d12354965f870aa97d39544"}}, &(0x7f0000000380)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000005c0)={0x1c, &(0x7f0000000400)={0x0, 0xe, 0xf7, "e58b0f5093f5e656452d304821117e9697d7089962171a791d4a1cd9672e09fbdf05d8c6505ded1a1b158caa825c5cc75413da6c13c58e449d53c0e8ff0d844a0f8559990c1d047d1a9bc132636ba0efd616f55a54d4c10e7fcd8eab017a7b297f62e272ef2634735327958f6fb21073702acfc8a617317d82cc5f5fd5b66c8693337cc949f76a257aacea67d3a3d8f17eb6d3bf5733e556357f0edf3b5b0e15ada48ef1324d96f83a6f525349ab34244f3d08f810d07887f22498048e7f9cbfccd9dfac4e7762c466d0009d0a2411c3849162737d770ec877af7c8bb4b5dc001dd17c29554efe05ff2a52947bf1509188b07583726323"}, &(0x7f0000000500)={0x0, 0xa, 0x1, 0x8d}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x5}}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000007000500140008000000050005000a000000050001000600000011000300686173683a6970"], 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r4 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001b61e308d016a91052300102030109021b0001000000000904000001ff7f880009050302"], 0x0) fsmount(0xffffffffffffffff, 0x1, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x249, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x80, 0x8f, "", [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x2, 0x10, {0x9, 0x21, 0x9, 0xa, 0x1, {0x22, 0x825}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xf, 0xb5, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, &(0x7f0000000740)={0x2c, &(0x7f0000000600)={0x0, 0x22, 0x16, {0x16, 0x9, "95c7812f60fd700260b6e5d3a547ee3914b7b54d"}}, &(0x7f0000000d00)=ANY=[@ANYBLOB="000304fdffffff031d08e185f5f162b521aaa7fcbe"], &(0x7f0000000680)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000006c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xd5, 0x3, 0x3, 0x7, "3b707a91", "09c99ac7"}}, &(0x7f0000000700)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x62, 0x7a, 0x7f, 0x6, 0x8, 0x400}}}, &(0x7f0000000c40)={0x84, &(0x7f0000000780)={0x40, 0xe, 0xd3, "3e9946029412acbf4d4cc5665855a4c1450456ceddf0a87d18a46e33f10180a25fa71e415d61b5105f3ddc37e7226abd0a7e0b3f6beb3ba77acff042577557343dd1b57c69709188a5187d217a039b010c11cccf15fefdf90fed5aa76fd4c99c76de6ddad0a81cd36046f883255ba52657ef1cd6dd1ebd29065086bd4d53cf079bfa1429045222a076c205711903f541693b5ab1cd20ad42d7fa47a541ece9016c61f90b7d9ae7f7c8efdc535247cfa19b2a6d33dc84c4d3b7349260c6de1a7653570ee62123e5b053c8ca133b6d93864f154b"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000900)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000940)={0x20, 0x0, 0x4, {0x1c00, 0x80}}, &(0x7f0000000980)={0x40, 0x7, 0x2, 0x6}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0xb}, &(0x7f0000000a00)={0x40, 0xb, 0x2, "1764"}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000a80)={0x40, 0x13, 0x6}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @random="1195781ead22"}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "d83d"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0xe0}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000bc0)={0x40, 0x1e, 0x1, 0x86}, &(0x7f0000000c00)={0x40, 0x21, 0x1, 0xb}}) 7.840008827s ago: executing program 3 (id=2102): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, 0x0, 0x0) timer_create(0x3, 0x0, &(0x7f0000044000)) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xffbffffd, 0x5, 0x0, 'queue0\x00', 0xe}) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) unshare(0x2c020400) r5 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000003c0)={0xb03, 0x3000, 0x0, r5, 0x4}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x10000009, 0xffffffff) ioctl$FBIO_WAITFORVSYNC(r6, 0x40044620, 0x0) socket(0x1e, 0x1, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000300), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 7.138053762s ago: executing program 3 (id=2105): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0) 6.894687146s ago: executing program 3 (id=2106): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) fsopen(&(0x7f0000000140)='nfs\x00', 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000006c0)=0xfffffffb, 0x4) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000000c0)=0xffff) 6.467711315s ago: executing program 0 (id=2107): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff29bd7000fbdbdf250000", @ANYRES32=0x0, @ANYBLOB="137c0300230a07002c0012800e00010069703667726574617000000018000280140007000002000000000000000000000000000108001f000800000008000d"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 5.242368672s ago: executing program 5 (id=2110): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp6\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 4.929751983s ago: executing program 0 (id=2111): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000, 0x2, &(0x7f000061d000/0x4000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) (fail_nth: 3) 4.847705742s ago: executing program 2 (id=2112): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) socket$inet6_sctp(0xa, 0x1, 0x84) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) close(0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x6, 0x0, 0x6}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc084}, 0x44080) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0x0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x6, 0x7f, 0x10000}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0x4000) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000a00)={'syztnl0\x00', 0x0, 0x8000, 0x10, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x3, 0x18, 0x0, 0x3, 0x7, 0x0, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_prespec={0x44, 0x4, 0x48, 0x3, 0x9}]}}}}}) 4.62686812s ago: executing program 2 (id=2113): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000140)={0x3, 0x2, 0x236, 0x8009, &(0x7f0000000340)=[{}, {}]}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x100, 0x70bd25, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xf}, {0xffff, 0x9}, {0x2, 0x6}}}, 0x24}}, 0x0) 4.626323538s ago: executing program 3 (id=2114): openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/diskstats\x00', 0x0, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x6) socket$netlink(0x10, 0x3, 0xb) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000) 4.580676567s ago: executing program 4 (id=2115): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) timer_create(0x3, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xffbffffd, 0x5, 0x0, 'queue0\x00', 0xe}) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) unshare(0x2c020400) r5 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000003c0)={0xb03, 0x3000, 0x0, r5, 0x4}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x10000009, 0xffffffff) ioctl$FBIO_WAITFORVSYNC(r6, 0x40044620, 0x0) socket(0x1e, 0x1, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000300), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 4.415486585s ago: executing program 2 (id=2116): close(0x3) syz_open_dev$ttys(0xc, 0x2, 0x1) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x0, 0x1, 0x0, &(0x7f0000001600)=""/118, 0x0, 0x3332f000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)) dup(r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000340)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0x2c}, 0x94) r2 = socket(0x1e, 0x4, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000880)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x845}, 0x10) dup3(r2, r3, 0x0) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x323, 0x5, 0x6c, 0x39, 0xff, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10) 4.413688252s ago: executing program 3 (id=2117): r0 = socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$vbi(0x0, 0x3, 0x2) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400000000b0dbdf2500000000", @ANYRESOCT=r0, @ANYRESOCT=r0], 0x40}}, 0x4000) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000000)=[0x0, 0xc15c]) 4.231684019s ago: executing program 0 (id=2118): sendmsg$NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000100), 0x9, 0x101002) mmap$snddsp_status(&(0x7f0000002000/0x3000)=nil, 0x1000, 0x4, 0x13, r1, 0x82000000) ptrace(0x8, r0) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58) getsockopt$inet_mreqn(r2, 0x0, 0x3, &(0x7f0000000000)={@dev, @local}, &(0x7f0000000080)=0xc) ptrace$poke(0x4, r0, &(0x7f0000000040), 0x6) 3.13410353s ago: executing program 0 (id=2119): r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name, &(0x7f0000000040)=0x10, 0x800) getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = open(&(0x7f0000000100)='./file0\x00', 0x100, 0x1) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000140)=0x40000000, 0x4) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f0000000180)) r2 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r2, &(0x7f00000002c0)={0x14, &(0x7f0000000200)={0x0, 0xb, 0x64, {0x64, 0xa, "2d5b6bf56af21a35fa22d0a18708c59067cb43369ef9a6ee329bcc567b67ea23c8249b91e73257e20183d5c67dc946e6ffb34c4557005c411eeda5187e077322af45c28cbafc87fedc64b2ecc4cd211667cea3f61d36cc834895f50bc35ee746ce8c"}}, &(0x7f0000000280)={0x0, 0x3, 0xc, @string={0xc, 0x3, "4159aa37b0407c965487"}}}, &(0x7f00000004c0)={0x34, &(0x7f0000000300)={0x0, 0xc, 0x74, "f589c23ff27665b46730894c6c7be88467307cab233d48476d926b94e37c624ee25959e0d4c1525d368accefa8729ac6c2e1731c52dcd8396a1ebe3ac1172cecb0eb274eb62b9629d606c005b2e10c213f16f622ecb60ceca6d7b8a07361355febe5583d0d9bfe6c81a912360b49cda9dc8074be"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x76}, &(0x7f0000000400)={0xc0, 0xa1, 0x4, 0x1}, &(0x7f0000000440)={0x40, 0xa0, 0x4}, &(0x7f0000000480)={0xc0, 0xa2, 0x2f, "534b3ca79280c40bdb37a7d73048f3470990524b5dbc0e3dd19c9224fc126ea4eb444003740516fcb7212a7d1ca2fd"}}) syz_usb_control_io$lan78xx(r2, 0x0, &(0x7f0000000880)={0x34, &(0x7f0000000680)={0x0, 0xe, 0x96, "f0dbce82337241a9285aa381e8a4f7959bb7bb2fba60b6e85638e4a093fc299f06d6db8cfdda838c5e5657042e4f16cba54982be05d6fcceb2f10c166ac72c4a8c197f828d7873600835354732d3a07af777700adb2c000f0f913c653857544870eff54d1a93fb83c0c4fe179f6565f98abec99709008365468f1dd3cfaf11e8f6475e259e2895ca612ad7c3143194d8ae2f799f2cf0"}, 0x0, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000007c0)={0xc0, 0xa1, 0x4, 0x6}, &(0x7f0000000800)={0x40, 0xa0, 0x4, 0x1}, &(0x7f0000000840)={0xc0, 0xa2, 0x2f, "0bd74c64bae0ea326bd47002d5256b611ea3ff58c500f5008ac81ecdd1bb2bdf8dd11d902e9609357383239586f877"}}) ioctl$XFS_IOC_GETPARENTS(r0, 0xc028583e, &(0x7f0000000980)={{[0x0, 0xaa9, 0xfff, 0x3]}, 0x0, 0x3, 0x4, 0x0, 0x0}) r3 = syz_usb_connect$uac3(0x3, 0x102, &(0x7f00000009c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x582, 0x582, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xf0, 0x3, 0x1, 0x9, 0x0, 0x1, {0x8, 0xb, 0x2, 0x0, 0x1, 0x26, 0x30, 0x5}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x43, 0x3}, [@multiply_unit={0xb, 0x24, 0xd, 0x53, 0x2, 0xe7, 0x1ff}, @mixer_unit={0x5, 0x24, 0x5, 0x3, 0x9}, @source_unit={0xc, 0x24, 0xb, 0x1, 0x0, 0x9, 0x0, 0x4}, @output_terminal={0x13, 0x24, 0x3, 0x2, 0x402, 0x2, 0x1, 0x93, 0x7, 0x3, 0xcd3f, 0xff6c}, @mixer_unit={0xa, 0x24, 0x5, 0x1, 0x8, "30c92b6092"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x1f, 0x1, 0x1, 0x8, "9d3de2"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0xbe, 0x2a, 0x9c, {0xa, 0x25, 0x25, 0x3, 0x9, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x3, 0xb, 0x80, 0x5}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x4, 0xa}, @as_header={0x17, 0x24, 0x1, 0xb, 0xb, 0xfffc, 0x1001, 0x6, 0xf8, 0x3, 0xf9}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x9, 0x80, 0x6, 0xff, 0x9}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0xb0, 0x3, 0x2, 0x3, "6bf73cb7b3d8"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0xb, 0x1, 0xa0, {0xa, 0x25, 0x25, 0x0, 0x5, 0x1}}}}}}}}]}}, &(0x7f0000000e00)={0xa, &(0x7f0000000b00)={0xa, 0x6, 0x201, 0x81, 0x1, 0x1, 0x40, 0x2}, 0x69, &(0x7f0000000b40)={0x5, 0xf, 0x69, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0xe, 0x0, 0x1, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x9, 0x3, 0xff01}, @wireless={0xb, 0x10, 0x1, 0x8, 0x40, 0x1, 0xf, 0xd, 0x8}, @generic={0x4b, 0x10, 0x4, "4b157cbd36b83a496ef16bac94260df347501931e87445a5c71a37017c3bba2304188cd1dee0582b9f38d8b5cee486fa46c359bc3eac33f6a5016625285746e7686e84aabe1edf07"}]}, 0x3, [{0xe0, &(0x7f0000000bc0)=@string={0xe0, 0x3, "ba8b8c841972cb95340ea78249fad87feddd305c063de6456e952d0fbfb6a62e51b95b2dda2070b80548cbba5fc0b9294a1662d00b55d828ee1a3b16736c92fd1d53be0ea1a51d85a67a3f8d5825ddaac9db037881fe958bbc405455a2333b30adfde7209e34e6754d9cc32455394591a254fd6fc39b30b461201f0976b7ef4cf6130a2ce91008942ffc2b53c6ce46dcae7094d7cca44e0326cb8a2a12d7d78c16c5e91662b31c89c3fc2b71c72675ba92f586afd2122b8d4520d3c5a7c3dba7520acd097d01e445f23842f6c6d40ceb634456374f6f756e77fbeeb9dd74"}}, {0x4, &(0x7f0000000cc0)=@lang_id={0x4, 0x3, 0x1825}}, {0xd9, &(0x7f0000000d00)=@string={0xd9, 0x3, "00e501d3c333be0ad220e4da0574a9d1138f3ccc5b149b6a2b537e00fd401d86911d51cf71e9133f81aa7ce6172c280906c21e176921a408e4342af2ae49110424912ed2d11d54ab7dd83d2bb40d6e585d51eda4de71a5a924d2fa034b574505e315570d060f85d0a6ee996043ec820db5004e47a6edf6d2427019ff199a537180f431f86b41f4d6f4c3ea40e12a091d5cafd8fd190ce12ebb29b852970a0eb15ef9c92a5d39f2d25d704ccec5364c5df31d63e8ea1132c22b9dd04c259fcdee6fe2868e9b0086fb5422fb114f728dc0f61c8958b426e1"}}]}) syz_usb_control_io$uac3(r3, &(0x7f0000000fc0)={0x14, &(0x7f0000000e40)={0x20, 0xf, 0x22, {0x22, 0xc, "dc6f72b94697e80ee35acd908addcc4d701733eecc5d314f70b0146bf9d9b3b0"}}, &(0x7f0000000ec0)={0x0, 0x3, 0xc9, @string={0xc9, 0x3, "e8a2d187842771971d19a963c329c637a33aff856010d463ca6318f68a1fd8f22b8e5c00de747e3f91da35c69e45b95c29882fc4892ccc6ce298b60091709a717fd1a4bade4d70e35a1b6b70ebe55d54858d326467707fd8b6bfc9a52bdb210c19dbfaf91ec07d49019a545334be80e353f135cf48f7402bbe29072c051d076ad07abf984c9cfea4f3a3e01539f696e5e7809dee027ff2728060d07beb570325c38275d3981847504a95033014f48b4cf3e5da42324f406a3c11d28603d835ee2f855cf42773b5"}}}, &(0x7f0000001280)={0x44, &(0x7f0000001000)={0x0, 0x17, 0xa0, "5963350149517f79ba126ddb85321f4f6d436a24b6eada96c39d70dff2d636b3b1aeda163259532d5e3d8ce86a884479953888eabcb4115d11498273e04e0bac738a1b9986cb1a88eb24eee31c8db3c95518dc8cf39b25e9992e21c34e83b33aab4855da121471c5f35b17072dc9ac001e481de33f0b5a921125645b338810822572320afdc6752995169991622d22c7c4ee375aadf32a6d8778d25ceb315670"}, 0x0, &(0x7f0000001100)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000001140)={0x20, 0x81, 0x2, "2eeb"}, &(0x7f0000001180)={0x20, 0x82, 0x3, 'zVK'}, &(0x7f00000011c0)={0x20, 0x83, 0x2, "4191"}, &(0x7f0000001200)={0x20, 0x84, 0x3, "873d3d"}, &(0x7f0000001240)={0x20, 0x85, 0x3, "5f1b7f"}}) ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r1, 0x4068aea3, &(0x7f0000001340)={0xa3, 0x0, &(0x7f0000001300)}) write(r1, &(0x7f00000013c0)="5fe0ecf2a459d413956beaa2d8744bc3317fcd0393282157ba6473417b9cf87e3757afec35971ca817d27f321c432fa2c845bc90e55106740e3568edd5a5ad0f645ff37c6a10bca7f3d46464145cc5a37fb7df35af211858a5a02cc644f0cf5504ab4130549d20416b1613fdbe1b581c8bbe0a65e3fc69f89c3959ddf540643ef31ff3545dd17d3aa55b5035278d100af371312c5a2dbc1998d0d97799738145b2cd828428ad2b1a964cd6f351a1b9e5e99cf9", 0xb3) ioctl$NILFS_IOCTL_GET_SUINFO(0xffffffffffffffff, 0x80186e84, &(0x7f0000001540)={&(0x7f00000014c0)=[{0x8, 0x8, 0x1}, {0x0, 0x7, 0x4ff604de15611803}, {0x1aa, 0x8, 0x1}, {0x2, 0xffff, 0x1}, {0xa5f, 0x1, 0x2}, {0x8000000000000001, 0x4, 0x1}], 0x6, 0x10, 0x8, 0x9}) r4 = openat$cgroup_ro(r1, &(0x7f0000001580)='cpuset.effective_mems\x00', 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e00)={0x18, 0x13, &(0x7f0000001b00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@generic={0x8e, 0xf, 0x2, 0x8, 0x9}, @alu={0x7, 0x1, 0x7, 0x1, 0x1, 0xfffffffffffffffc, 0x4}, @generic={0x7, 0x5, 0x9, 0x7}, @map_val={0x18, 0x7, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x1}, @ldst={0x1, 0x1, 0x3, 0x5, 0x5, 0x0, 0x1}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @map_idx={0x18, 0x8, 0x5, 0x0, 0xf}]}, &(0x7f0000001c00)='GPL\x00', 0x44, 0x89, &(0x7f0000001c40)=""/137, 0x41000, 0x12, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001d00)={0x0, 0x0, 0x8, 0x2}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001d40), &(0x7f0000001d80)=[{0x5, 0x2, 0x7, 0xb}, {0x5, 0x2, 0x8, 0x5}, {0x2, 0x3, 0x1, 0xb}, {0x0, 0x2, 0xc, 0x3}, {0x5, 0x1, 0xe, 0x4}], 0x10, 0x6}, 0x94) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001ec0)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x2, '\x00', 0x0, r1, 0x1, 0x5, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000002000)={0xc, 0x0, 0x0, &(0x7f0000001600)='syzkaller\x00', 0xe213, 0x8d, &(0x7f0000001640)=""/141, 0x41000, 0x75, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5, 0x5, &(0x7f0000001f40)=[r4, r4, r1, 0xffffffffffffffff, r4, r6], &(0x7f0000001f80)=[{0x2, 0x5, 0xb, 0x5}, {0x5, 0x1, 0xd, 0x7}, {0x4, 0x4, 0xe, 0x3}, {0x4, 0x2, 0xc, 0x6}, {0x0, 0x2, 0xe, 0x1}], 0x10, 0x8000}, 0x94) ioctl$XFS_IOC_FSBULKSTAT_SINGLE(r1, 0xc0205866, &(0x7f00000022c0)={&(0x7f00000020c0)=0xb, 0x400, &(0x7f0000002100)=[{}, {}], &(0x7f0000002280)}) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000002300)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x10000}) eventfd(0x1ff) syz_usb_control_io$uac3(r3, &(0x7f0000002500)={0x14, &(0x7f00000023c0)={0x0, 0x30, 0x96, {0x96, 0x0, "660b1f0eb4ca4a4ae5bc20ccf33b7c2771988c6991a230ba24146fbaeca8f98123dcbf46f023bdfa220d31b7aecc1c4ef9f324040e6c73471b3a03f40a4d157c071e2aa565fe2695b784b2caae83e4b0fda842140febb5cb4e5c2f906a2ebc0d8e795dcb2b5232f43270bc70ab0df8109a5f35bf42ff0223a402e5395004bdc6473bc35a2309636d4aa79f33b3676a12f7dfe1dc"}}, &(0x7f00000024c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x813}}}, &(0x7f0000002740)={0x44, &(0x7f0000002540)={0x20, 0x15, 0x26, "99c41e532ca62e4cf450e97dd4d65dd845d21083cbfaeb0cfd0966e1bf03e637a3961049eab5"}, &(0x7f0000002580)={0x0, 0xa, 0x1, 0xe0}, &(0x7f00000025c0)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000002600)={0x20, 0x81, 0x3, "a4ac3f"}, &(0x7f0000002640)={0x20, 0x82, 0x3, "62d1e8"}, &(0x7f0000002680)={0x20, 0x83, 0x3, "8c86d2"}, &(0x7f00000026c0)={0x20, 0x84, 0x3, '{\ry'}, &(0x7f0000002700)={0x20, 0x85, 0x3, '|gi'}}) r7 = signalfd4(r0, &(0x7f00000027c0)={[0x7]}, 0x8, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(r7, &(0x7f00000028c0)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002880)={&(0x7f0000002840)={0x14, 0x0, 0x300, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x20008000) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000002a40)={0x0, 0xd}, 0x8) 2.637150678s ago: executing program 5 (id=2120): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="180000"], 0x0}, 0x94) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10000000) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xbf, &(0x7f00000005c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xad, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x24, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @multicast1, @broadcast, {[@cipso={0x86, 0x74, 0xffffffffffffffff, [{0x0, 0xe, "08c82ce8da6ee06cb8dd9452"}, {0x5, 0x9, "02270e000042eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x6, "00de6c83"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a8525dc91e5c6"}, {0x6, 0xa, "0000000000800000"}, {0x7, 0x11, "73bc23f9ffffffa30900a301c84600"}, {0x1, 0x11, "c8f46976e79ea788f03d9d3205927e"}]}, @cipso={0x86, 0x6, 0x20}]}}, "a8"}}}}}, 0x0) 2.589976274s ago: executing program 3 (id=2121): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000ffff29bd7000fbdbdf250000", @ANYRES32=0x0, @ANYBLOB="137c0300230a07002c0012800e00010069703667726574617000000018000280140007000002000000000000000000000000000108001f000800000008000d"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 2.578028994s ago: executing program 4 (id=2122): r0 = accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000000)) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000002380)='./file0\x00', &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002440), 0x240200, 0x0) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000002480), 0x18002, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000024c0), 0x28800, 0x0) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000002500), 0x2) r8 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r9 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002540), 0x400001) r10 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r11 = accept(0xffffffffffffffff, &(0x7f0000002580)=@l2tp6, &(0x7f0000002600)=0x80) r12 = getpgid(0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000002640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee00}}, './file0\x00'}) getgroups(0x3, &(0x7f0000002680)=[0xee00, 0xffffffffffffffff, 0xee01]) sendmmsg$unix(r0, &(0x7f0000002780)=[{{&(0x7f0000000040)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000300)=[{&(0x7f00000000c0)="4f7b0637c8f83605ea1e17e73cf493f62d8bd13be15f4f5ee4b363a35cad0e686c937f84d05fa57b4d65ee3e9b3b9ffaa3cd04ed2888bebf16ac0aef4ca63f19af1ee0e2134d43551a543efb2b3df698bc0c41e9baff90bdebb3468cc45b4a8e", 0x60}, {&(0x7f0000000140)="ebb31146b70bda6a7b146259b873196aa6403f5e142d3ae56c253b9767c2bc82cf736c72e9d2ed8f83a82d5a24b4fbc967eddb3d807781c67bfc43a0944d8c6be3d2fc9feab286560ea2f1118c53d16b61eed31d56969740fc4be60075c3f9e9fc11734dee3047b59d56570d8302f139ce491c6a043f97264c281139502f10d9131b2b03e79ba3d06a850dd10341e35913da8c67a37e82a9ecee74d79a19392dbc30de54044697f79c2a60d27e781f76de70a44db957cee49cfb177e", 0xbc}, {&(0x7f0000000200)="1303a3936caf43e2e33b0b164fee3f0a861176ca830da048abb8fd541c7f8a40458e10678d2e2d62235fb061769e45be03802d2468e37f0da7d5", 0x3a}, {&(0x7f0000000240)="efbb69923d7cd8cd87ff841952a117ee6278e43f72c1aa8627aa6445f2da388d0b603b6b2c842407d562c5033efb2deb6c25a62bfce765f719726592a7c5eb0ce01f9b3584c331a0ee6845e6012efe0719011f27960516ed9922934a802ef2669f24a56531bbb5df9f4dd251f30ba0825cd9127a8462a780a4cdd2f26db0beab0850ac716461c708445af152e8c73b8ce124556e8c634ed1af5927a8f048fc12", 0xa0}], 0x4, &(0x7f00000026c0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r1, r3}}}, @rights={{0x38, 0x1, 0x1, [r4, 0xffffffffffffffff, r5, r6, r7, 0xffffffffffffffff, r8, r9, r10, r11]}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r12, r14, r15}}}], 0x88, 0x41}}], 0x1, 0x4000000) ioctl$I2C_SLAVE(r13, 0x703, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f00000027c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff}) readv(r16, &(0x7f0000002d00)=[{&(0x7f0000002840)=""/138, 0x8a}, {&(0x7f0000002900)=""/220, 0xdc}, {&(0x7f0000002a00)=""/67, 0x43}, {&(0x7f0000002a80)=""/45, 0x2d}, {&(0x7f0000002ac0)=""/204, 0xcc}, {&(0x7f0000002bc0)=""/29, 0x1d}, {&(0x7f0000002c00)=""/10, 0xa}, {&(0x7f0000002c40)=""/31, 0x1f}, {&(0x7f0000002c80)=""/67, 0x43}], 0x9) ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x541c, &(0x7f0000002dc0)) r17 = syz_open_dev$audion(&(0x7f0000002e00), 0x3, 0x208080) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r17, 0x7f) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r16, &(0x7f0000002e40)={0x10000000}) ioctl$F2FS_IOC_COMPRESS_FILE(r7, 0xf518, 0x0) write$6lowpan_enable(r17, &(0x7f0000002e80)='0', 0x1) r18 = fanotify_init(0x40, 0x80000) fanotify_mark(r18, 0x20, 0x30, r5, &(0x7f0000002ec0)='./file0\x00') fcntl$lock(r11, 0x26, &(0x7f0000002f00)={0x0, 0x1, 0x9, 0x9, r2}) ioctl$CEC_ADAP_S_LOG_ADDRS(r13, 0xc05c6104, &(0x7f0000002f40)={"db94c2e8", 0x0, 0x6, 0x2, 0x3, 0x80, "2604e405bddf9797b97442daa7bd6d", "eee84527", "68ef4cf9", "fa2d601f", ["3eec8dc1b640da0c962ce0b2", "5c9e5dc9e7772f44c1142a9c", "ea0b8e895bff5adb90aca40c", "a2912077d44ef6d88ffc5c6a"]}) getsockopt$inet_sctp_SCTP_STATUS(r6, 0x84, 0xe, &(0x7f0000002fc0)={0x0, 0x0, 0x10001, 0xc, 0x9, 0x5, 0x1, 0x9, {0x0, @in={{0x2, 0x4e20, @local}}, 0x2, 0x2, 0xa, 0x0, 0x6}}, &(0x7f0000003080)=0xb0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000030c0)={r19, 0xf7, "a40b37ca2d8364ea473b1cc9176f0e7ef4ef46ed82e8dd701349f13dfcc04771343126af710549ad8362abf6f0b3848439ca9fb17347bcec173be7e13c58e2b682862c30e67c03d21d05f02430747db72d2a31497f9f434ef65b2efc5854312041e965c909dfdccdca9b2855b6f29d0a6505a214d7d6a9fd10fd0ee39ce609fbbb3feacb2230ac97d6a979fe33819e81238a0d4bae058403b7cbc7380d26f50405f39a6ac35bb55c21fa454a799932f16cbe4ec2000c4d08382757a8731f3763a0cef95c8715896379b2b083c0181664ecdfb150780f28bb29e55401491a6f3c28fa6c8249a3580282f274056f7cea5f0b17caefe02cbc"}, &(0x7f00000031c0)=0xff) 2.50004593s ago: executing program 5 (id=2123): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), 0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), 0x0) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001680)={0x88, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x8804) 2.412303316s ago: executing program 4 (id=2124): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x4, @link_local, 'lo\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x40047452, 0x0) (fail_nth: 3) 2.323774613s ago: executing program 2 (id=2125): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) fsopen(&(0x7f0000000140)='nfs\x00', 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000006c0)=0xfffffffb, 0x4) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) 2.178396591s ago: executing program 4 (id=2126): ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000000)={0x48, 0x2, 0x0, 0x0, 0x0}) ioctl$IOMMU_DESTROY$stdev(0xffffffffffffffff, 0x3b80, &(0x7f0000000080)={0x8, r0}) r1 = accept4$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000100)=0x10, 0x80800) lseek(r1, 0x3, 0x4) r2 = syz_io_uring_complete(0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000140)=0x6, 0x4) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r3, 0xc, 0x10, r2, 0x0) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000180)={0xfa, 0x25}, 0x2) ioctl$FIBMAP(r2, 0x1, &(0x7f00000001c0)=0xa5) mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r3, 0x1000009, 0x10, r2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2) sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r4, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x20}}, 0x4000000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r3, 0x300000a, 0x19010, r2, 0x0) io_uring_register$IORING_REGISTER_FILES2(r2, 0xd, &(0x7f00000027c0)={0x8, 0x1, 0x0, &(0x7f0000002700)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/17, 0x11}, {&(0x7f0000001380)=""/181, 0xb5}, {&(0x7f0000001440)=""/136, 0x88}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/189, 0xbd}, {&(0x7f00000025c0)=""/90, 0x5a}, {&(0x7f0000002640)=""/179, 0xb3}], &(0x7f0000002780)=[0x7]}, 0x20) ioctl$SIOCGETVIFCNT(r2, 0x89e0, &(0x7f0000002800)={0xffffffffffffffff}) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002880), r2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000028c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000002a00)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000029c0)={&(0x7f0000002900)={0x94, r5, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x0, 0x14}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x94}, 0x1, 0x0, 0x0, 0x10}, 0xc0) getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, &(0x7f0000002a40), &(0x7f0000002a80)=0x30) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xf0) read(r1, &(0x7f0000002ac0)=""/25, 0x19) sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000002fc0)={&(0x7f0000002b00)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000002f80)={&(0x7f0000002b40)={0x428, 0x3f3, 0x100, 0x70bd2b, 0x25dfdbfc, {0x6, 0x2, 0x34, [0x6, 0x800, 0x2, 0x200, 0x4c8, 0x3, 0x8, 0x0, 0x2, 0x90000, 0x44, 0x8, 0x3, 0x1, 0xfffff298, 0x9, 0x10001, 0x3, 0x5, 0x9, 0x0, 0xb, 0x246, 0x7930f54f, 0x8, 0x0, 0x400, 0x100, 0x4, 0x9, 0x5, 0x1, 0x1ad2, 0xffff, 0x9, 0x7fff, 0xe, 0x2, 0x1, 0x6000000, 0xff, 0x9, 0xfffffff4, 0xedce, 0x0, 0x74, 0xdd9, 0x7, 0x5c3, 0xc4b1, 0xc, 0x5, 0xe, 0x5, 0x80000000, 0x1, 0x3, 0x0, 0x8, 0x400, 0x2, 0xffffe5e5, 0x6, 0x3fe0000], [0xffff8cbd, 0x80000000, 0x1000, 0x1, 0x5, 0xd38f, 0xe, 0x2, 0x0, 0x6, 0x9, 0x4, 0x1000, 0x9, 0xffffffff, 0xd, 0x62db, 0x2, 0x4, 0xfffffffc, 0x7, 0x2, 0x1835072b, 0xff, 0x4, 0x1ea60e5b, 0x7, 0x10001, 0x10001, 0x58, 0x3, 0x7, 0x10, 0xffffffff, 0x3, 0x10001, 0x6, 0x4, 0x2, 0x4, 0x8, 0x3, 0x6, 0x7, 0x8, 0x0, 0x400, 0x6, 0x2, 0x3, 0xa731, 0x3, 0x4, 0x2, 0xffffff01, 0xfff, 0x0, 0x5, 0x5, 0x101, 0x8, 0x80000001, 0x1, 0x9], [0x8, 0x7, 0x9, 0x2, 0x2, 0x10, 0xff, 0x80000000, 0x0, 0x8, 0x0, 0x7, 0xffffff3c, 0x3, 0x7, 0x3, 0x2, 0x1, 0x8, 0x7239, 0x0, 0x8ebd, 0xa, 0x7fffffff, 0x2, 0x7, 0x8, 0x0, 0x1, 0x40, 0x8, 0xa, 0xe7d3, 0x1000, 0x5, 0x400, 0x8, 0x7, 0x4cd1a0e2, 0x0, 0x1, 0x7fffffff, 0x0, 0xfff, 0x6, 0x7c, 0x4, 0xf9, 0x1, 0x0, 0xffffff80, 0x7, 0x10, 0x6, 0xd, 0x216, 0xf8, 0x3, 0x10001, 0x5, 0x49a6, 0x2, 0x80], [0x8, 0x9, 0x6, 0xc2, 0x1, 0xffff0, 0xdf39, 0x400, 0x10, 0x2, 0x4, 0x7, 0x3, 0x1, 0x2, 0x2800000, 0x3, 0x6, 0x0, 0x5, 0xbf17, 0xe43, 0xffffffff, 0x7, 0x8000, 0xffff6349, 0x2, 0x10000, 0x42b, 0xa, 0x4, 0x2, 0x9, 0x40, 0x81, 0x3, 0x3, 0x1d5, 0xc, 0x101, 0x7, 0x6, 0x7, 0x1, 0x4, 0x8, 0x7, 0x200, 0x6b290ed6, 0xb, 0x8, 0x6a28, 0x2, 0x1ff, 0x8, 0x9, 0x80, 0x3, 0x7fff, 0x5, 0x6a750f17, 0x4, 0x3, 0xd], 0x6, ['wlan0\x00']}, ["", "", "", ""]}, 0x428}}, 0x85) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f00000030c0)={&(0x7f0000003000), 0xc, &(0x7f0000003080)={&(0x7f0000003040)={0x1c, r4, 0x800, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x8001) ioctl$DVB_DEMUX_DMX_EXPBUF(r2, 0xc00c6f3e, &(0x7f0000003100)={0x7, 0x80000, r2}) futimesat(r7, &(0x7f0000003140)='./file0\x00', &(0x7f0000003180)) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f00000031c0)) sendmsg$unix(r7, &(0x7f0000003980)={&(0x7f0000003200)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000003300)=[{&(0x7f0000003280)="bd97542112a20fc0f9af9e1a09326ce28e8f341062e6232a025e3594af51ac3bd268a339934d1b095da9b5f440340066e7c28848ef9a6abae395bcdd05ebe3c62211b3b9c0db9cf1e22da2555492b2213a533c0a941a79705900dde8237a", 0x5e}], 0x1, &(0x7f00000038c0)=[@rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [r7]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}], 0xa0, 0x4005}, 0x40080) 1.985999074s ago: executing program 4 (id=2127): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000002c0007012bbd7000ffdbdf2202000000080001"], 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000200)={0x0, 0x0, '\x00', {0x0, @reserved}}) fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x1, 0x80000000000036, 0xc1b2}) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20) r4 = accept(r3, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r4) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) fcntl$lock(r0, 0x6, &(0x7f0000000140)={0x1, 0x1, 0x0, 0x8000000000000}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0) fcntl$lock(r5, 0x7, &(0x7f0000000100)={0x0, 0x1, 0x2, 0xc1b0}) 1.950705696s ago: executing program 5 (id=2128): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x32) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x6c6882, 0x13d) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x8000, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x9) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0xd) landlock_restrict_self(r1, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000200)={0x1048, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', r0, &(0x7f0000000000)='./file0\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) setsockopt$sock_int(r5, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000, 0x2, &(0x7f000061d000/0x4000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) ioctl$SIOCAX25ADDUID(r7, 0x5411, &(0x7f0000000080)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r8 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r8, &(0x7f0000001a40)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) 1.831761249s ago: executing program 0 (id=2129): socket$rds(0x15, 0x5, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x3, 0x84) epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xc73, 0x4, 0xfffffffffffffffd, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffdffff, 0x7fffffff}, 0x0, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.734087853s ago: executing program 2 (id=2130): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp6\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 1.113289377s ago: executing program 5 (id=2131): r0 = socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$vbi(0x0, 0x3, 0x2) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400000000b0dbdf2500000000", @ANYRESOCT=r0, @ANYRESOCT=r0], 0x40}}, 0x4000) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000000)=[0x0, 0xc15c]) 819.680942ms ago: executing program 4 (id=2132): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) timer_create(0x3, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xffbffffd, 0x5, 0x0, 'queue0\x00', 0xe}) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) unshare(0x2c020400) r5 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000003c0)={0xb03, 0x3000, 0x0, r5, 0x4}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x10000009, 0xffffffff) ioctl$FBIO_WAITFORVSYNC(r6, 0x40044620, 0x0) socket(0x1e, 0x1, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000300), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 392.852858ms ago: executing program 0 (id=2133): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="180000"], 0x0}, 0x94) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10000000) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xbf, &(0x7f00000005c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xad, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x24, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @multicast1, @broadcast, {[@cipso={0x86, 0x74, 0xffffffffffffffff, [{0x0, 0xe, "08c82ce8da6ee06cb8dd9452"}, {0x5, 0x9, "02270e000042eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x6, "00de6c83"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a8525dc91e5c6"}, {0x6, 0xa, "0000000000800000"}, {0x7, 0x11, "73bc23f9ffffffa30900a301c84600"}, {0x1, 0x11, "c8f46976e79ea788f03d9d3205927e"}]}, @cipso={0x86, 0x6, 0x20}]}}, "a8"}}}}}, 0x0) 0s ago: executing program 5 (id=2134): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_usb_connect(0x6, 0x3f, 0x0, 0x0) r0 = memfd_create(&(0x7f00000001c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00\xc1\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9usy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3\x00'/706, 0x6) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x13, r0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={0x0, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) kernel console output (not intermixed with test programs): 94967295 subj=_ pid=12399 comm="syz.3.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 568.279206][T12401] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1566'. [ 568.279237][T12401] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1566'. [ 572.309090][ T5838] usb 4-1: new full-speed USB device number 51 using dummy_hcd [ 572.471196][ T5838] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 572.471275][ T5838] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 572.471304][ T5838] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 572.471349][ T5838] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 572.477487][ T5838] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 572.477521][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.477542][ T5838] usb 4-1: Product: syz [ 572.477558][ T5838] usb 4-1: Manufacturer: syz [ 572.477574][ T5838] usb 4-1: SerialNumber: syz [ 572.548530][T12435] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 572.573256][ T5838] cdc_mbim 4-1:1.0: skipping garbage [ 572.939222][T12461] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 572.939248][T12461] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 573.049661][ T5838] cdc_mbim 4-1:1.0: bind() failure [ 573.092704][ T5838] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 573.092763][ T5838] cdc_ncm 4-1:1.1: bind() failure [ 573.199083][ T5838] usb 4-1: USB disconnect, device number 51 [ 573.493966][ T5889] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 573.619130][ T5889] usb 6-1: device descriptor read/64, error -71 [ 573.859028][ T5889] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 573.989027][ T5889] usb 6-1: device descriptor read/64, error -71 [ 574.025651][T12509] FAULT_INJECTION: forcing a failure. [ 574.025651][T12509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.025692][T12509] CPU: 0 UID: 0 PID: 12509 Comm: syz.3.1588 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 574.025732][T12509] Tainted: [L]=SOFTLOCKUP [ 574.025739][T12509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 574.025752][T12509] Call Trace: [ 574.025761][T12509] [ 574.025771][T12509] dump_stack_lvl+0xe8/0x150 [ 574.025809][T12509] should_fail_ex+0x46b/0x600 [ 574.025847][T12509] _copy_to_user+0x31/0xb0 [ 574.025872][T12509] simple_read_from_buffer+0xe1/0x170 [ 574.025906][T12509] proc_fail_nth_read+0x1be/0x230 [ 574.025939][T12509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.025970][T12509] ? rw_verify_area+0x2ac/0x4e0 [ 574.026003][T12509] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.026032][T12509] vfs_read+0x212/0xa80 [ 574.026073][T12509] ? __pfx_vfs_read+0x10/0x10 [ 574.026110][T12509] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 574.026136][T12509] ? lockdep_hardirqs_on+0x7a/0x110 [ 574.026160][T12509] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 574.026184][T12509] ? mutex_lock_nested+0x152/0x1d0 [ 574.026213][T12509] ? fdget_pos+0x252/0x320 [ 574.026252][T12509] ksys_read+0x156/0x270 [ 574.026288][T12509] ? __pfx_ksys_read+0x10/0x10 [ 574.026317][T12509] ? __pfx_rtc_dev_ioctl+0x10/0x10 [ 574.026351][T12509] do_syscall_64+0x14d/0xf80 [ 574.026376][T12509] ? trace_irq_disable+0x3b/0x150 [ 574.026401][T12509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.026423][T12509] ? clear_bhb_loop+0x40/0x90 [ 574.026450][T12509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.026470][T12509] RIP: 0033:0x7fc41f41d04e [ 574.026491][T12509] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 574.026510][T12509] RSP: 002b:00007fc41d6b5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 574.026534][T12509] RAX: ffffffffffffffda RBX: 00007fc41d6b66c0 RCX: 00007fc41f41d04e [ 574.026551][T12509] RDX: 000000000000000f RSI: 00007fc41d6b60a0 RDI: 0000000000000004 [ 574.026565][T12509] RBP: 00007fc41d6b6090 R08: 0000000000000000 R09: 0000000000000000 [ 574.026579][T12509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.026593][T12509] R13: 00007fc41f6d6038 R14: 00007fc41f6d5fa0 R15: 00007fff897ab268 [ 574.026634][T12509] [ 574.110947][ T5889] usb usb6-port1: attempt power cycle [ 574.480994][ T5889] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 574.500642][ T5889] usb 6-1: device descriptor read/8, error -71 [ 575.052572][ T5889] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 575.071274][ T5889] usb 6-1: device descriptor read/8, error -71 [ 575.189661][ T5889] usb usb6-port1: unable to enumerate USB device [ 578.878602][ T5792] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 580.649018][ T5866] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 580.799152][ T5866] usb 3-1: Using ep0 maxpacket: 8 [ 580.801610][ T5866] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 580.801640][ T5866] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 580.801664][ T5866] usb 3-1: config 0 has no interface number 0 [ 580.801719][ T5866] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 580.801748][ T5866] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 580.801776][ T5866] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 580.804253][ T5866] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 580.804285][ T5866] usb 3-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 580.804308][ T5866] usb 3-1: Product: syz [ 580.804324][ T5866] usb 3-1: Manufacturer: syz [ 581.013908][T12605] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 581.796982][ T5866] usb 3-1: config 0 descriptor?? [ 582.017465][T12590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.028719][T12590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.050068][T12590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.050599][T12590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.165313][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 582.165334][ T37] audit: type=1326 audit(581.800:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.168197][ T37] audit: type=1326 audit(581.800:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.222510][ T37] audit: type=1326 audit(581.800:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.222628][ T37] audit: type=1326 audit(581.830:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.222819][ T37] audit: type=1326 audit(581.850:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.222945][ T37] audit: type=1326 audit(581.850:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.224460][ T37] audit: type=1326 audit(581.850:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.226090][ T37] audit: type=1326 audit(581.850:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.227835][ T37] audit: type=1326 audit(581.850:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.227899][ T37] audit: type=1326 audit(581.850:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12609 comm="syz.0.1610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 582.280206][ T10] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 582.494168][ T5866] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input28 [ 582.531578][ T10] usb 6-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 582.531614][ T10] usb 6-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 582.531636][ T10] usb 6-1: Product: syz [ 582.531651][ T10] usb 6-1: Manufacturer: syz [ 582.531667][ T10] usb 6-1: SerialNumber: syz [ 582.588560][ T10] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 582.653693][ T5866] input: failed to attach handler kbd to device input28, error: -5 [ 582.714025][ T5866] usb 3-1: USB disconnect, device number 72 [ 583.281495][T12645] FAULT_INJECTION: forcing a failure. [ 583.281495][T12645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 583.281536][T12645] CPU: 1 UID: 0 PID: 12645 Comm: syz.0.1612 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 583.281565][T12645] Tainted: [L]=SOFTLOCKUP [ 583.281573][T12645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 583.281587][T12645] Call Trace: [ 583.281595][T12645] [ 583.281603][T12645] dump_stack_lvl+0xe8/0x150 [ 583.281638][T12645] should_fail_ex+0x46b/0x600 [ 583.281667][T12645] _copy_from_user+0x2d/0xb0 [ 583.281685][T12645] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 583.281711][T12645] drm_ioctl+0x5d0/0xb80 [ 583.281740][T12645] ? smk_tskacc+0x311/0x3a0 [ 583.281773][T12645] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 583.281807][T12645] ? __pfx_drm_ioctl+0x10/0x10 [ 583.281853][T12645] ? __fget_files+0x2a/0x420 [ 583.281895][T12645] ? bpf_lsm_file_ioctl+0x9/0x20 [ 583.281920][T12645] ? __pfx_drm_ioctl+0x10/0x10 [ 583.281947][T12645] __se_sys_ioctl+0xff/0x170 [ 583.281971][T12645] do_syscall_64+0x14d/0xf80 [ 583.281995][T12645] ? trace_irq_disable+0x3b/0x150 [ 583.282020][T12645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.282042][T12645] ? clear_bhb_loop+0x40/0x90 [ 583.282069][T12645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.282091][T12645] RIP: 0033:0x7fb1e755c819 [ 583.282114][T12645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.282133][T12645] RSP: 002b:00007fb1e57b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 583.282156][T12645] RAX: ffffffffffffffda RBX: 00007fb1e77d5fa0 RCX: 00007fb1e755c819 [ 583.282172][T12645] RDX: 0000200000000440 RSI: 00000000c05064a7 RDI: 0000000000000004 [ 583.282186][T12645] RBP: 00007fb1e57b6090 R08: 0000000000000000 R09: 0000000000000000 [ 583.282198][T12645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.282218][T12645] R13: 00007fb1e77d6038 R14: 00007fb1e77d5fa0 R15: 00007ffd0d5ae588 [ 583.282252][T12645] [ 583.568261][ T10] vp7045: USB control message 'out' went wrong. [ 583.568284][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 583.568327][ T10] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 583.620907][ T10] usb 6-1: USB disconnect, device number 9 [ 585.781121][T12540] Bluetooth: hci5: command 0x0406 tx timeout [ 586.759031][ T5866] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 586.908967][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 586.933070][ T5866] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 586.933104][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.990133][ T5866] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 587.298533][T12710] FAULT_INJECTION: forcing a failure. [ 587.298533][T12710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 587.298711][T12710] CPU: 1 UID: 0 PID: 12710 Comm: syz.5.1625 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 587.298740][T12710] Tainted: [L]=SOFTLOCKUP [ 587.298748][T12710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 587.298760][T12710] Call Trace: [ 587.298770][T12710] [ 587.298780][T12710] dump_stack_lvl+0xe8/0x150 [ 587.298825][T12710] should_fail_ex+0x46b/0x600 [ 587.298861][T12710] __kvm_read_guest_page+0x18d/0x240 [ 587.298890][T12710] kvm_fetch_guest_virt+0x12b/0x170 [ 587.298925][T12710] ? __pfx_kvm_fetch_guest_virt+0x10/0x10 [ 587.298970][T12710] __do_insn_fetch_bytes+0x31c/0x700 [ 587.299004][T12710] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 587.299037][T12710] ? __lock_acquire+0x6b5/0x2cf0 [ 587.299064][T12710] x86_decode_insn+0x38e/0x5df0 [ 587.299093][T12710] ? __lock_acquire+0x6b5/0x2cf0 [ 587.299142][T12710] ? __pfx_x86_decode_insn+0x10/0x10 [ 587.299170][T12710] ? __lock_acquire+0x6b5/0x2cf0 [ 587.299197][T12710] ? vmx_read_guest_seg_ar+0x3e9/0x640 [ 587.299220][T12710] ? __asan_memset+0x22/0x50 [ 587.299237][T12710] ? init_decode_cache+0xea/0x160 [ 587.299253][T12710] ? init_emulate_ctxt+0x514/0x6c0 [ 587.299277][T12710] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 587.299312][T12710] x86_emulate_instruction+0x64a/0x21c0 [ 587.299349][T12710] ? handle_mmio_page_fault+0x13f/0x1210 [ 587.299374][T12710] ? bsearch+0x8e/0xc0 [ 587.299394][T12710] ? __pfx_x86_emulate_instruction+0x10/0x10 [ 587.299407][T12710] ? kvm_io_bus_write+0x26b/0x5f0 [ 587.299423][T12710] ? __pfx_handle_mmio_page_fault+0x10/0x10 [ 587.299448][T12710] ? __pfx_kvm_io_bus_write+0x10/0x10 [ 587.299474][T12710] ? __lock_acquire+0x6b5/0x2cf0 [ 587.299504][T12710] kvm_mmu_page_fault+0x90e/0xb90 [ 587.299547][T12710] vmx_handle_exit+0xd40/0x16c0 [ 587.299582][T12710] vcpu_run+0x5fa2/0x7b90 [ 587.299620][T12710] ? vcpu_run+0x4ca8/0x7b90 [ 587.299697][T12710] ? __pfx_vcpu_run+0x10/0x10 [ 587.299720][T12710] ? complete_emulated_mmio+0x18e/0x7a0 [ 587.299741][T12710] ? __asan_memcpy+0x40/0x70 [ 587.299758][T12710] ? complete_emulated_mmio+0x4d2/0x7a0 [ 587.299778][T12710] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 587.299802][T12710] ? __lock_acquire+0x6b5/0x2cf0 [ 587.299837][T12710] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 587.299865][T12710] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 587.299897][T12710] ? do_raw_spin_lock+0x12b/0x2f0 [ 587.299926][T12710] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 587.299949][T12710] ? lockdep_hardirqs_on+0x7a/0x110 [ 587.299969][T12710] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 587.299993][T12710] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 587.300032][T12710] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 587.300065][T12710] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 587.300087][T12710] ? lockdep_hardirqs_on+0x7a/0x110 [ 587.300117][T12710] kvm_vcpu_ioctl+0xa65/0xfe0 [ 587.300144][T12710] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 587.300174][T12710] ? __asan_memset+0x22/0x50 [ 587.300202][T12710] ? smack_file_ioctl+0x331/0x360 [ 587.300238][T12710] ? __pfx_smack_file_ioctl+0x10/0x10 [ 587.300271][T12710] ? __fget_files+0x2a/0x420 [ 587.300286][T12710] ? __fget_files+0x3a6/0x420 [ 587.300303][T12710] ? __fget_files+0x2a/0x420 [ 587.300334][T12710] ? bpf_lsm_file_ioctl+0x9/0x20 [ 587.300358][T12710] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 587.300382][T12710] __se_sys_ioctl+0xff/0x170 [ 587.300406][T12710] do_syscall_64+0x14d/0xf80 [ 587.300427][T12710] ? trace_irq_disable+0x3b/0x150 [ 587.300443][T12710] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.300456][T12710] ? clear_bhb_loop+0x40/0x90 [ 587.300471][T12710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.300490][T12710] RIP: 0033:0x7f7d56c1c819 [ 587.300512][T12710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.300531][T12710] RSP: 002b:00007f7d54e4d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 587.300557][T12710] RAX: ffffffffffffffda RBX: 00007f7d56e96090 RCX: 00007f7d56c1c819 [ 587.300572][T12710] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 587.300586][T12710] RBP: 00007f7d54e4d090 R08: 0000000000000000 R09: 0000000000000000 [ 587.300599][T12710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.300609][T12710] R13: 00007f7d56e96128 R14: 00007f7d56e96090 R15: 00007fffd2587b78 [ 587.300629][T12710] [ 587.516232][ T5866] gspca_nw80x: reg_r err -71 [ 587.516301][ T5866] nw80x 3-1:3.0: probe with driver nw80x failed with error -71 [ 587.609136][ T36] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 587.779481][ T5866] usb 3-1: USB disconnect, device number 73 [ 587.839815][ T36] usb 5-1: Using ep0 maxpacket: 8 [ 587.855995][ T36] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 587.856025][ T36] usb 5-1: config 0 has an invalid interface number: 21 but max is 0 [ 587.856045][ T36] usb 5-1: config 0 has no interface number 0 [ 587.856088][ T36] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 587.856114][ T36] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 587.856138][ T36] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 587.868228][ T36] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 587.868260][ T36] usb 5-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 587.868401][ T36] usb 5-1: Product: syz [ 587.868416][ T36] usb 5-1: Manufacturer: syz [ 587.967034][ T36] usb 5-1: config 0 descriptor?? [ 587.981955][T12729] binder: 12727:12729 ioctl c0306201 2000000003c0 returned -14 [ 588.203691][T12708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.205952][T12708] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 588.251174][T12708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.256674][T12708] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.872631][ T36] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.21/input/input29 [ 590.059060][ T36] input: failed to attach handler kbd to device input29, error: -5 [ 590.096003][ T36] usb 5-1: USB disconnect, device number 43 [ 590.784643][T12782] binder: 12777:12782 ioctl c0306201 2000000003c0 returned -14 [ 590.785155][T12782] FAULT_INJECTION: forcing a failure. [ 590.785155][T12782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 590.785177][T12782] CPU: 0 UID: 0 PID: 12782 Comm: syz.3.1633 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 590.785196][T12782] Tainted: [L]=SOFTLOCKUP [ 590.785201][T12782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 590.785208][T12782] Call Trace: [ 590.785214][T12782] [ 590.785220][T12782] dump_stack_lvl+0xe8/0x150 [ 590.785244][T12782] should_fail_ex+0x46b/0x600 [ 590.785265][T12782] _copy_from_user+0x2d/0xb0 [ 590.785278][T12782] binder_ioctl_write_read+0x167/0xa590 [ 590.785294][T12782] ? is_bpf_text_address+0x26/0x2b0 [ 590.785319][T12782] ? try_to_take_rt_mutex+0x840/0xb00 [ 590.785338][T12782] ? __kernel_text_address+0xd/0x30 [ 590.785357][T12782] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 590.785379][T12782] ? __lock_acquire+0x6b5/0x2cf0 [ 590.785392][T12782] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 590.785406][T12782] ? __lock_acquire+0x6b5/0x2cf0 [ 590.785425][T12782] ? do_raw_spin_lock+0x12b/0x2f0 [ 590.785448][T12782] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 590.785461][T12782] ? lockdep_hardirqs_on+0x7a/0x110 [ 590.785476][T12782] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 590.785489][T12782] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 590.785507][T12782] ? reacquire_held_locks+0x104/0x190 [ 590.785521][T12782] ? rt_spin_lock+0x1e0/0x400 [ 590.785539][T12782] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 590.785558][T12782] ? rt_spin_unlock+0x14f/0x200 [ 590.785581][T12782] ? binder_get_thread+0x177/0x6d0 [ 590.785596][T12782] binder_ioctl+0x426/0x1b70 [ 590.785617][T12782] ? tomoyo_path_number_perm+0x219/0x630 [ 590.785632][T12782] ? tomoyo_path_number_perm+0x219/0x630 [ 590.785646][T12782] ? do_vfs_ioctl+0x117b/0x1540 [ 590.785659][T12782] ? __pfx_binder_ioctl+0x10/0x10 [ 590.785672][T12782] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 590.785684][T12782] ? __pfx_smack_log+0x10/0x10 [ 590.785701][T12782] ? smk_access+0x14c/0x4e0 [ 590.785721][T12782] ? smk_tskacc+0x311/0x3a0 [ 590.785740][T12782] ? smack_file_ioctl+0x2c2/0x360 [ 590.785761][T12782] ? __pfx_smack_file_ioctl+0x10/0x10 [ 590.785786][T12782] ? __fget_files+0x2a/0x420 [ 590.785801][T12782] ? __fget_files+0x3a6/0x420 [ 590.785816][T12782] ? __fget_files+0x2a/0x420 [ 590.785833][T12782] ? bpf_lsm_file_ioctl+0x9/0x20 [ 590.785847][T12782] ? __pfx_binder_ioctl+0x10/0x10 [ 590.785859][T12782] __se_sys_ioctl+0xff/0x170 [ 590.785873][T12782] do_syscall_64+0x14d/0xf80 [ 590.785886][T12782] ? trace_irq_disable+0x3b/0x150 [ 590.785901][T12782] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.785914][T12782] ? clear_bhb_loop+0x40/0x90 [ 590.785928][T12782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.785941][T12782] RIP: 0033:0x7fc41f45c819 [ 590.785953][T12782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 590.785964][T12782] RSP: 002b:00007fc41d695028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 590.785979][T12782] RAX: ffffffffffffffda RBX: 00007fc41f6d6090 RCX: 00007fc41f45c819 [ 590.785989][T12782] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 590.785997][T12782] RBP: 00007fc41d695090 R08: 0000000000000000 R09: 0000000000000000 [ 590.786005][T12782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.786013][T12782] R13: 00007fc41f6d6128 R14: 00007fc41f6d6090 R15: 00007fff897ab268 [ 590.786031][T12782] [ 590.786037][T12782] binder: 12777:12782 ioctl c0306201 2000000001c0 returned -14 [ 592.499627][ T5838] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 593.004739][ T5838] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 593.004768][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.004780][ T5838] usb 4-1: Product: syz [ 593.004790][ T5838] usb 4-1: Manufacturer: syz [ 593.004800][ T5838] usb 4-1: SerialNumber: syz [ 594.009379][T12838] FAULT_INJECTION: forcing a failure. [ 594.009379][T12838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 594.009417][T12838] CPU: 0 UID: 0 PID: 12838 Comm: syz.4.1647 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 594.009443][T12838] Tainted: [L]=SOFTLOCKUP [ 594.009451][T12838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 594.009462][T12838] Call Trace: [ 594.009470][T12838] [ 594.009479][T12838] dump_stack_lvl+0xe8/0x150 [ 594.009512][T12838] should_fail_ex+0x46b/0x600 [ 594.009546][T12838] _copy_from_iter+0x1d3/0x1670 [ 594.009590][T12838] ? __pfx__copy_from_iter+0x10/0x10 [ 594.009621][T12838] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 594.009664][T12838] ? __lock_acquire+0x6b5/0x2cf0 [ 594.009688][T12838] ? skb_put+0x11b/0x210 [ 594.009715][T12838] hci_sock_sendmsg+0x426/0xf40 [ 594.009753][T12838] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 594.009787][T12838] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 594.009820][T12838] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 594.009839][T12838] sock_write_iter+0x4a1/0x4f0 [ 594.009862][T12838] ? __pfx_sock_write_iter+0x10/0x10 [ 594.009912][T12838] vfs_write+0x629/0xba0 [ 594.009955][T12838] ? __pfx_vfs_write+0x10/0x10 [ 594.009996][T12838] ? __fget_files+0x2a/0x420 [ 594.010020][T12838] ksys_write+0x156/0x270 [ 594.010041][T12838] ? __pfx_ksys_write+0x10/0x10 [ 594.010083][T12838] do_syscall_64+0x14d/0xf80 [ 594.010108][T12838] ? trace_irq_disable+0x3b/0x150 [ 594.010133][T12838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.010154][T12838] ? clear_bhb_loop+0x40/0x90 [ 594.010178][T12838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.010191][T12838] RIP: 0033:0x7f87a3e7c819 [ 594.010204][T12838] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.010216][T12838] RSP: 002b:00007f87a20d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 594.010239][T12838] RAX: ffffffffffffffda RBX: 00007f87a40f5fa0 RCX: 00007f87a3e7c819 [ 594.010256][T12838] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 594.010270][T12838] RBP: 00007f87a20d6090 R08: 0000000000000000 R09: 0000000000000000 [ 594.010284][T12838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.010297][T12838] R13: 00007f87a40f6038 R14: 00007f87a40f5fa0 R15: 00007fff62ed0c68 [ 594.010331][T12838] [ 594.227452][T12811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.228056][T12811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.288341][ T5838] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 594.288411][ T5838] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 594.315393][ T5838] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 594.315461][ T5838] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 594.316414][ T5838] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 594.424955][ T5838] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 594.465204][ T5838] usb 4-1: USB disconnect, device number 52 [ 594.529630][ T37] kauditd_printk_skb: 160 callbacks suppressed [ 594.529653][ T37] audit: type=1326 audit(594.150:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12855 comm="syz.0.1650" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb1e755c819 code=0x0 [ 595.229111][ T5866] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 595.399787][ T5866] usb 5-1: Using ep0 maxpacket: 8 [ 595.483088][ T5866] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 595.483122][ T5866] usb 5-1: config 0 has an invalid interface number: 21 but max is 0 [ 595.483142][ T5866] usb 5-1: config 0 has no interface number 0 [ 595.483190][ T5866] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 595.483220][ T5866] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 595.483247][ T5866] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 595.504083][ T5866] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 595.504113][ T5866] usb 5-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 595.504133][ T5866] usb 5-1: Product: syz [ 595.504148][ T5866] usb 5-1: Manufacturer: syz [ 595.552268][ T5866] usb 5-1: config 0 descriptor?? [ 595.769714][T12864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.777287][T12864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.829402][T12864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.831054][T12864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.960341][T12902] usb usb8: usbfs: process 12902 (syz.5.1659) did not claim interface 0 before use [ 596.119676][ T10] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 596.276333][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 596.279401][ T5866] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.21/input/input30 [ 596.302517][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 596.302558][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 596.302584][ T10] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 596.302608][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 596.302654][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 596.302677][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.366735][ T5866] input: failed to attach handler kbd to device input30, error: -5 [ 596.380176][ T10] usbtmc 4-1:16.0: bulk endpoints not found [ 596.392067][T12902] nbd0: detected capacity change from 0 to 63 [ 596.435623][ T5792] block nbd0: Receive control failed (result -32) [ 596.445315][T11590] block nbd0: Dead connection, failed to find a fallback [ 596.445336][T11590] block nbd0: shutting down sockets [ 596.445398][T11590] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445463][T11590] Buffer I/O error on dev nbd0, logical block 0, async page read [ 596.445551][T11590] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445567][T11590] Buffer I/O error on dev nbd0, logical block 1, async page read [ 596.445601][T11590] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445616][T11590] Buffer I/O error on dev nbd0, logical block 2, async page read [ 596.445648][T11590] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445662][T11590] Buffer I/O error on dev nbd0, logical block 3, async page read [ 596.445705][T11590] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445720][T11590] Buffer I/O error on dev nbd0, logical block 0, async page read [ 596.445751][T11590] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445766][T11590] Buffer I/O error on dev nbd0, logical block 1, async page read [ 596.445797][T11590] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445812][T11590] Buffer I/O error on dev nbd0, logical block 2, async page read [ 596.445842][T11590] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445857][T11590] Buffer I/O error on dev nbd0, logical block 3, async page read [ 596.445906][T11590] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445921][T11590] Buffer I/O error on dev nbd0, logical block 0, async page read [ 596.445952][T11590] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 596.445967][T11590] Buffer I/O error on dev nbd0, logical block 1, async page read [ 596.446532][T11590] ldm_validate_partition_table(): Disk read failed. [ 596.446975][T11590] Dev nbd0: unable to read RDB block 0 [ 596.447495][T11590] nbd0: unable to read partition table [ 596.469907][ T37] audit: type=1326 audit(596.090:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.469961][ T37] audit: type=1326 audit(596.090:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.479496][T11590] ldm_validate_partition_table(): Disk read failed. [ 596.480297][T11590] Dev nbd0: unable to read RDB block 0 [ 596.481331][T11590] nbd0: unable to read partition table [ 596.492093][ T37] audit: type=1326 audit(596.120:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.492155][ T37] audit: type=1326 audit(596.120:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.509250][ T37] audit: type=1326 audit(596.130:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.511552][ T37] audit: type=1326 audit(596.140:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.511641][ T37] audit: type=1326 audit(596.140:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.511949][ T37] audit: type=1326 audit(596.140:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.519608][ T37] audit: type=1326 audit(596.140:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12906 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 596.567796][ T5866] usb 5-1: USB disconnect, device number 44 [ 596.676377][T12916] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 597.656537][T12943] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1665'. [ 597.658592][T12943] netlink: 88 bytes leftover after parsing attributes in process `syz.5.1665'. [ 597.917791][T12946] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 598.242345][T12959] FAULT_INJECTION: forcing a failure. [ 598.242345][T12959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 598.242372][T12959] CPU: 0 UID: 0 PID: 12959 Comm: syz.4.1668 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 598.242391][T12959] Tainted: [L]=SOFTLOCKUP [ 598.242396][T12959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 598.242404][T12959] Call Trace: [ 598.242409][T12959] [ 598.242415][T12959] dump_stack_lvl+0xe8/0x150 [ 598.242439][T12959] should_fail_ex+0x46b/0x600 [ 598.242460][T12959] _copy_from_user+0x2d/0xb0 [ 598.242473][T12959] snd_pcm_xferi_frames_ioctl+0x14f/0x250 [ 598.242497][T12959] ? __pfx_snd_pcm_xferi_frames_ioctl+0x10/0x10 [ 598.242517][T12959] ? snd_pcm_common_ioctl+0x5b4/0xb80 [ 598.242531][T12959] ? __pfx_snd_pcm_ioctl+0x10/0x10 [ 598.242549][T12959] snd_pcm_ioctl+0x8e/0xb0 [ 598.242566][T12959] __se_sys_ioctl+0xff/0x170 [ 598.242580][T12959] do_syscall_64+0x14d/0xf80 [ 598.242594][T12959] ? trace_irq_disable+0x3b/0x150 [ 598.242610][T12959] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.242624][T12959] ? clear_bhb_loop+0x40/0x90 [ 598.242640][T12959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.242652][T12959] RIP: 0033:0x7f87a3e7c819 [ 598.242665][T12959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 598.242676][T12959] RSP: 002b:00007f87a20b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.242691][T12959] RAX: ffffffffffffffda RBX: 00007f87a40f6090 RCX: 00007f87a3e7c819 [ 598.242701][T12959] RDX: 00002000000000c0 RSI: 0000000080184151 RDI: 0000000000000005 [ 598.242709][T12959] RBP: 00007f87a20b5090 R08: 0000000000000000 R09: 0000000000000000 [ 598.242717][T12959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 598.242724][T12959] R13: 00007f87a40f6128 R14: 00007f87a40f6090 R15: 00007fff62ed0c68 [ 598.242742][T12959] [ 598.578161][T12962] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1670'. [ 598.826457][ T10] usb 4-1: USB disconnect, device number 53 [ 599.778981][ T950] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 599.932190][ T950] usb 5-1: unable to get BOS descriptor or descriptor too short [ 599.933739][ T950] usb 5-1: config 1 has an invalid descriptor of length 146, skipping remainder of the config [ 599.933777][ T950] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 599.933829][ T950] usb 5-1: too many endpoints for config 1 interface 1 altsetting 243: 111, using maximum allowed: 30 [ 599.933870][ T950] usb 5-1: config 1 interface 1 altsetting 243 has 0 endpoint descriptors, different from the interface descriptor's value: 111 [ 599.933898][ T950] usb 5-1: config 1 interface 1 has no altsetting 0 [ 600.029027][ T950] usb 5-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice= 0.40 [ 600.029060][ T950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.029081][ T950] usb 5-1: Product: syz [ 600.029098][ T950] usb 5-1: Manufacturer: syz [ 600.029114][ T950] usb 5-1: SerialNumber: syz [ 600.519128][ T5889] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 600.530077][ T950] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 600.592838][ T950] usb 5-1: USB disconnect, device number 45 [ 600.666859][T11633] udevd[11633]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 600.689151][ T5889] usb 4-1: Using ep0 maxpacket: 8 [ 600.692718][ T5889] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 600.692751][ T5889] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 600.692773][ T5889] usb 4-1: config 0 has no interface number 0 [ 600.692824][ T5889] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 600.692923][ T5889] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 600.692953][ T5889] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 600.742960][ T5889] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 600.742996][ T5889] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 600.743019][ T5889] usb 4-1: Product: syz [ 600.743035][ T5889] usb 4-1: Manufacturer: syz [ 600.807842][ T5889] usb 4-1: config 0 descriptor?? [ 601.010625][ T37] kauditd_printk_skb: 126 callbacks suppressed [ 601.010647][ T37] audit: type=1326 audit(600.640:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13025 comm="syz.5.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 601.014775][ T37] audit: type=1326 audit(600.640:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13025 comm="syz.5.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 601.030014][T12994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 601.052158][T12994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 601.219272][T12994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 601.219974][T12994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 601.256514][ T37] audit: type=1326 audit(600.880:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13025 comm="syz.5.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 601.257006][ T37] audit: type=1326 audit(600.880:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13025 comm="syz.5.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 601.257054][ T37] audit: type=1326 audit(600.880:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13025 comm="syz.5.1677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 601.316254][T13027] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 601.626346][ T5889] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input31 [ 601.697139][T13045] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1681'. [ 601.752674][ T5889] input: failed to attach handler kbd to device input31, error: -5 [ 601.829635][ T950] usb 4-1: USB disconnect, device number 54 [ 602.348135][T13079] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1685'. [ 602.564748][T13079] bond2 (unregistering): Released all slaves [ 605.263141][ T37] audit: type=1326 audit(604.890:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13169 comm="syz.5.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 605.263201][ T37] audit: type=1326 audit(604.890:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13169 comm="syz.5.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 605.322167][ T37] audit: type=1326 audit(604.940:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13169 comm="syz.5.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 605.351029][ T37] audit: type=1326 audit(604.980:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13169 comm="syz.5.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 605.352790][ T37] audit: type=1326 audit(604.980:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13169 comm="syz.5.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 605.430788][T13171] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 605.866292][T13184] random: crng reseeded on system resumption [ 606.295419][T13186] batman_adv: batadv0: Adding interface: macsec1 [ 606.295459][T13186] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.295551][T13186] batman_adv: batadv0: Interface activated: macsec1 [ 608.994437][ T10] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 609.153978][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 609.154014][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.154037][ T10] usb 5-1: Product: syz [ 609.154052][ T10] usb 5-1: Manufacturer: syz [ 609.154067][ T10] usb 5-1: SerialNumber: syz [ 609.689115][ T5889] usb 3-1: new full-speed USB device number 74 using dummy_hcd [ 609.799721][T13207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 609.800384][T13207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.837236][ T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 609.837306][ T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 609.837837][ T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 609.837897][ T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 609.838802][ T10] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 609.899742][ T5889] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 609.899776][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.950876][ T10] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 609.999468][ T5889] usb 3-1: config 0 descriptor?? [ 610.080388][ T5889] cp210x 3-1:0.0: cp210x converter detected [ 610.121601][ T10] usb 5-1: USB disconnect, device number 46 [ 610.329300][ T7410] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 610.489282][ T5889] usb 3-1: cp210x converter now attached to ttyUSB0 [ 610.509410][ T7410] usb 4-1: unable to get BOS descriptor or descriptor too short [ 610.513556][ T7410] usb 4-1: config 1 interface 0 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 610.513594][ T7410] usb 4-1: config 1 interface 0 has no altsetting 0 [ 610.531110][ T7410] usb 4-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.40 [ 610.531142][ T7410] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.531162][ T7410] usb 4-1: Product: syz [ 610.531175][ T7410] usb 4-1: Manufacturer: syz [ 610.531190][ T7410] usb 4-1: SerialNumber: syz [ 610.648985][T13218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.649673][T13218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.654470][ T5889] usb 3-1: USB disconnect, device number 74 [ 610.710440][ T5889] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 610.835308][T13229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.841193][ T5889] cp210x 3-1:0.0: device disconnected [ 610.870357][T13229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.915324][T13229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.916545][T13229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 611.148946][ T5838] usb 5-1: new full-speed USB device number 47 using dummy_hcd [ 611.156097][T13229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 611.177284][T13229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 611.239963][T13229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'. [ 611.315095][ T5838] usb 5-1: not running at top speed; connect to a high speed hub [ 611.317471][ T5838] usb 5-1: config 9 has an invalid interface number: 40 but max is 0 [ 611.317491][ T5838] usb 5-1: config 9 has no interface number 0 [ 611.317520][ T5838] usb 5-1: config 9 interface 40 altsetting 33 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 611.317538][ T5838] usb 5-1: config 9 interface 40 altsetting 33 endpoint 0x85 has invalid maxpacket 512, setting to 64 [ 611.317556][ T5838] usb 5-1: config 9 interface 40 has no altsetting 0 [ 611.362635][ T7410] usbhid 4-1:1.0: can't add hid device: -71 [ 611.362758][ T7410] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 611.388114][ T7410] usb 4-1: USB disconnect, device number 55 [ 611.414500][ T5838] usb 5-1: string descriptor 0 read error: -22 [ 611.414679][ T5838] usb 5-1: New USB device found, idVendor=1199, idProduct=6890, bcdDevice=10.21 [ 611.414705][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.527543][T13258] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 611.547329][ T5838] sierra 5-1:9.40: Sierra USB modem converter detected [ 612.273287][ T5838] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 612.310288][ T5838] usb 5-1: Sierra USB modem converter now attached to ttyUSB1 [ 612.349588][ T5838] usb 5-1: Sierra USB modem converter now attached to ttyUSB2 [ 612.412211][ T5838] usb 5-1: USB disconnect, device number 47 [ 612.473746][ T5838] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 612.499597][ T5838] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 612.526708][ T5838] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2 [ 612.538186][ T5838] sierra 5-1:9.40: device disconnected [ 612.990628][ T37] kauditd_printk_skb: 45 callbacks suppressed [ 612.990650][ T37] audit: type=1326 audit(612.610:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 612.998178][ T37] audit: type=1326 audit(612.620:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 612.998238][ T37] audit: type=1326 audit(612.620:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.205496][ T37] audit: type=1326 audit(612.830:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.205843][ T37] audit: type=1326 audit(612.830:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.206097][ T37] audit: type=1326 audit(612.830:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.624289][ T37] audit: type=1326 audit(613.250:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.624348][ T37] audit: type=1326 audit(613.250:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.624395][ T37] audit: type=1326 audit(613.250:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.624440][ T37] audit: type=1326 audit(613.250:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13325 comm="syz.5.1704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d56c1c819 code=0x7ffc0000 [ 613.736885][T13327] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 614.301996][T13365] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1709'. [ 614.460889][T13374] FAULT_INJECTION: forcing a failure. [ 614.460889][T13374] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.460915][T13374] CPU: 1 UID: 0 PID: 13374 Comm: syz.4.1716 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 614.460933][T13374] Tainted: [L]=SOFTLOCKUP [ 614.460938][T13374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 614.460946][T13374] Call Trace: [ 614.460951][T13374] [ 614.460957][T13374] dump_stack_lvl+0xe8/0x150 [ 614.460986][T13374] should_fail_ex+0x46b/0x600 [ 614.461007][T13374] _copy_from_user+0x2d/0xb0 [ 614.461021][T13374] ctrl_cdev_ioctl+0xf3/0x480 [ 614.461040][T13374] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 614.461055][T13374] ? __fget_files+0x2a/0x420 [ 614.461072][T13374] ? __fget_files+0x2a/0x420 [ 614.461089][T13374] ? bpf_lsm_file_ioctl+0x9/0x20 [ 614.461104][T13374] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 614.461120][T13374] __se_sys_ioctl+0xff/0x170 [ 614.461134][T13374] do_syscall_64+0x14d/0xf80 [ 614.461148][T13374] ? trace_irq_disable+0x3b/0x150 [ 614.461163][T13374] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.461175][T13374] ? clear_bhb_loop+0x40/0x90 [ 614.461190][T13374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.461203][T13374] RIP: 0033:0x7f87a3e7c819 [ 614.461215][T13374] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 614.461226][T13374] RSP: 002b:00007f87a20d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 614.461241][T13374] RAX: ffffffffffffffda RBX: 00007f87a40f5fa0 RCX: 00007f87a3e7c819 [ 614.461251][T13374] RDX: 0000200000000000 RSI: 0000000040186f40 RDI: 0000000000000003 [ 614.461259][T13374] RBP: 00007f87a20d6090 R08: 0000000000000000 R09: 0000000000000000 [ 614.461267][T13374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.461274][T13374] R13: 00007f87a40f6038 R14: 00007f87a40f5fa0 R15: 00007fff62ed0c68 [ 614.461293][T13374] [ 615.066961][T13382] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1715'. [ 615.089236][T13382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1715'. [ 616.289577][T13387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1715'. [ 617.851811][T13415] netlink: 'syz.2.1724': attribute type 30 has an invalid length. [ 617.851836][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1724'. [ 617.851865][T13415] bond0: option arp_missed_max: invalid value (0) [ 617.851884][T13415] bond0: option arp_missed_max: allowed values 1 - 255 [ 617.892951][T13416] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1725'. [ 619.210339][ T37] kauditd_printk_skb: 37 callbacks suppressed [ 619.210360][ T37] audit: type=1326 audit(618.840:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.210412][ T37] audit: type=1326 audit(618.840:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.214654][ T37] audit: type=1326 audit(618.840:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.215072][ T37] audit: type=1326 audit(618.840:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254402][ T37] audit: type=1326 audit(618.870:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254464][ T37] audit: type=1326 audit(618.870:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254511][ T37] audit: type=1326 audit(618.870:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254558][ T37] audit: type=1326 audit(618.870:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254605][ T37] audit: type=1326 audit(618.870:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.254650][ T37] audit: type=1326 audit(618.870:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.4.1731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 619.819361][T13442] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1734'. [ 619.865650][T13442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1734'. [ 620.874682][T13456] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 621.228973][ T6382] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 621.392619][ T6382] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 621.392654][ T6382] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.392678][ T6382] usb 5-1: Product: syz [ 621.392694][ T6382] usb 5-1: Manufacturer: syz [ 621.392710][ T6382] usb 5-1: SerialNumber: syz [ 622.760394][T13463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 622.764794][T13463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 622.806359][ T6382] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 622.806434][ T6382] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 622.840639][ T6382] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 622.840712][ T6382] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 622.841655][ T6382] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 622.891664][ T6382] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 622.931689][ T6382] usb 5-1: USB disconnect, device number 48 [ 623.508369][T13508] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1a [ 624.667335][T13525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1747'. [ 624.669797][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.669873][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.686246][T13525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1747'. [ 624.743527][T13525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1747'. [ 624.995363][ T37] kauditd_printk_skb: 85 callbacks suppressed [ 624.995386][ T37] audit: type=1326 audit(624.620:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13535 comm="syz.4.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 624.995441][ T37] audit: type=1326 audit(624.620:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13535 comm="syz.4.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 625.075983][T13536] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 625.098108][ T37] audit: type=1326 audit(624.700:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13535 comm="syz.4.1750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 625.108606][ T5792] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 627.566301][T13594] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1763'. [ 627.760894][ T37] audit: type=1326 audit(627.390:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.761056][ T37] audit: type=1326 audit(627.390:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.761592][ T37] audit: type=1326 audit(627.390:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.794661][ T37] audit: type=1326 audit(627.410:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.794716][ T37] audit: type=1326 audit(627.420:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.794759][ T37] audit: type=1326 audit(627.420:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.794806][ T37] audit: type=1326 audit(627.420:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13600 comm="syz.0.1764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 627.873490][T13604] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 627.986202][ T5874] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 628.062529][T13620] FAULT_INJECTION: forcing a failure. [ 628.062529][T13620] name failslab, interval 1, probability 0, space 0, times 0 [ 628.062555][T13620] CPU: 1 UID: 0 PID: 13620 Comm: syz.5.1769 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 628.062573][T13620] Tainted: [L]=SOFTLOCKUP [ 628.062578][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 628.062586][T13620] Call Trace: [ 628.062592][T13620] [ 628.062598][T13620] dump_stack_lvl+0xe8/0x150 [ 628.062621][T13620] should_fail_ex+0x46b/0x600 [ 628.062642][T13620] should_failslab+0xa8/0x100 [ 628.062657][T13620] __kmalloc_noprof+0xdf/0x7b0 [ 628.062669][T13620] ? tomoyo_encode+0x28b/0x550 [ 628.062697][T13620] tomoyo_encode+0x28b/0x550 [ 628.062716][T13620] tomoyo_realpath_from_path+0x58d/0x5d0 [ 628.062739][T13620] ? tomoyo_path_number_perm+0x219/0x630 [ 628.062752][T13620] tomoyo_path_number_perm+0x246/0x630 [ 628.062767][T13620] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 628.062782][T13620] ? sb_end_write+0xe9/0x1c0 [ 628.062798][T13620] ? vfs_write+0x9ce/0xba0 [ 628.062836][T13620] ? ksys_write+0x202/0x270 [ 628.062858][T13620] security_file_ioctl+0xc3/0x2a0 [ 628.062875][T13620] __se_sys_ioctl+0x47/0x170 [ 628.062889][T13620] do_syscall_64+0x14d/0xf80 [ 628.062903][T13620] ? trace_irq_disable+0x3b/0x150 [ 628.062918][T13620] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.062930][T13620] ? clear_bhb_loop+0x40/0x90 [ 628.062946][T13620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.062958][T13620] RIP: 0033:0x7f7d56c1c819 [ 628.062971][T13620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.062982][T13620] RSP: 002b:00007f7d54e6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 628.062996][T13620] RAX: ffffffffffffffda RBX: 00007f7d56e95fa0 RCX: 00007f7d56c1c819 [ 628.063006][T13620] RDX: 0000000000000000 RSI: 00000000c0185502 RDI: 0000000000000003 [ 628.063014][T13620] RBP: 00007f7d54e6e090 R08: 0000000000000000 R09: 0000000000000000 [ 628.063022][T13620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.063029][T13620] R13: 00007f7d56e96038 R14: 00007f7d56e95fa0 R15: 00007fffd2587b78 [ 628.063048][T13620] [ 628.063061][T13620] ERROR: Out of memory at tomoyo_realpath_from_path. [ 628.148945][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 628.156609][ T5874] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 628.156639][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.156665][ T5874] usb 4-1: Product: syz [ 628.156679][ T5874] usb 4-1: Manufacturer: syz [ 628.156693][ T5874] usb 4-1: SerialNumber: syz [ 628.176447][ T5874] usb 4-1: config 0 descriptor?? [ 628.194281][ T5874] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 628.622338][T13629] FAULT_INJECTION: forcing a failure. [ 628.622338][T13629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 628.622379][T13629] CPU: 0 UID: 0 PID: 13629 Comm: syz.2.1771 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 628.622409][T13629] Tainted: [L]=SOFTLOCKUP [ 628.622417][T13629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 628.622434][T13629] Call Trace: [ 628.622442][T13629] [ 628.622451][T13629] dump_stack_lvl+0xe8/0x150 [ 628.622486][T13629] should_fail_ex+0x46b/0x600 [ 628.622523][T13629] _copy_from_user+0x2d/0xb0 [ 628.622546][T13629] sctp_getsockopt_local_addrs+0x114/0xca0 [ 628.622583][T13629] ? ___migrate_enable+0x19c/0x1f0 [ 628.622615][T13629] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 628.622643][T13629] ? __pfx____migrate_enable+0x10/0x10 [ 628.622676][T13629] ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10 [ 628.622708][T13629] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 628.622753][T13629] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 628.622785][T13629] ? lockdep_hardirqs_on+0x7a/0x110 [ 628.622816][T13629] sctp_getsockopt+0x68f/0xb90 [ 628.622850][T13629] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 628.622886][T13629] do_sock_getsockopt+0x2d3/0x3f0 [ 628.622914][T13629] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 628.622940][T13629] ? __fget_files+0x3a6/0x420 [ 628.622969][T13629] ? __fget_files+0x2a/0x420 [ 628.623005][T13629] __x64_sys_getsockopt+0x1aa/0x250 [ 628.623041][T13629] do_syscall_64+0x14d/0xf80 [ 628.623064][T13629] ? trace_irq_disable+0x3b/0x150 [ 628.623090][T13629] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.623113][T13629] ? clear_bhb_loop+0x40/0x90 [ 628.623141][T13629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.623163][T13629] RIP: 0033:0x7f8cb204c819 [ 628.623184][T13629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.623203][T13629] RSP: 002b:00007f8cb029e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 628.623228][T13629] RAX: ffffffffffffffda RBX: 00007f8cb22c5fa0 RCX: 00007f8cb204c819 [ 628.623244][T13629] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 628.623257][T13629] RBP: 00007f8cb029e090 R08: 00002000000000c0 R09: 0000000000000000 [ 628.623272][T13629] R10: 00002000000005c0 R11: 0000000000000246 R12: 0000000000000001 [ 628.623286][T13629] R13: 00007f8cb22c6038 R14: 00007f8cb22c5fa0 R15: 00007ffd514d4df8 [ 628.623321][T13629] [ 628.937598][T13638] batman_adv: batadv0: Adding interface: macsec1 [ 628.937617][T13638] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 628.937652][T13638] batman_adv: batadv0: Interface activated: macsec1 [ 629.144967][ T5792] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 629.147329][ T5792] Bluetooth: hci3: Injecting HCI hardware error event [ 629.152623][T12540] Bluetooth: hci3: hardware error 0x00 [ 629.259557][ T5866] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 629.429546][ T5866] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 629.429862][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 629.429888][ T5866] usb 3-1: Product: syz [ 629.429904][ T5866] usb 3-1: Manufacturer: syz [ 629.429920][ T5866] usb 3-1: SerialNumber: syz [ 629.507329][ T5866] usb 3-1: config 0 descriptor?? [ 629.640544][ T5874] gspca_topro: reg_r err -71 [ 629.640567][ T5874] gspca_topro: Sensor soi763a [ 629.666608][ T5866] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 629.701316][ T5866] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 629.711426][ T5874] usb 4-1: USB disconnect, device number 56 [ 629.714251][ T5866] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 629.714309][ T5866] usb 3-1: media controller created [ 629.804121][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 629.902508][T13678] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1781'. [ 629.902548][T13678] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1781'. [ 629.916562][T13654] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 630.588305][ T5866] DVB: Unable to find symbol mt352_attach() [ 631.379067][T12540] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 631.651760][T13688] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1783'. [ 631.714942][T13688] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1783'. [ 631.894536][ T5866] DVB: Unable to find symbol nxt6000_attach() [ 631.894557][ T5866] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 631.923585][ T5866] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input32 [ 632.114291][T13710] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1788'. [ 632.173096][ T5866] dvb-usb: schedule remote query interval to 1000 msecs. [ 632.173125][ T5866] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 632.173144][ T5866] dvb-usb: bulk message failed: -22 (7/0) [ 632.173163][ T5866] dvb-usb: bulk message failed: -22 (7/0) [ 632.274632][ T5866] usb 3-1: USB disconnect, device number 75 [ 633.118061][ T5866] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 633.215231][T13745] 9p: Unknown Cache mode or invalid value fs [ 633.608960][ T5866] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 633.715748][T13770] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1800'. [ 633.732393][T13770] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1800'. [ 633.764747][ T5866] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 633.764781][ T5866] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 633.766322][ T5866] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 633.766352][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 633.766375][ T5866] usb 3-1: SerialNumber: syz [ 635.442196][T13787] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1802'. [ 635.848303][T13750] 9p: Bad value for 'rfdno' [ 635.865294][ T5866] usb 3-1: 0:2 : does not exist [ 636.808443][ T5866] usb 3-1: USB disconnect, device number 76 [ 637.413342][T13812] FAULT_INJECTION: forcing a failure. [ 637.413342][T13812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 637.413454][T13812] CPU: 1 UID: 0 PID: 13812 Comm: syz.5.1807 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 637.413473][T13812] Tainted: [L]=SOFTLOCKUP [ 637.413478][T13812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 637.413486][T13812] Call Trace: [ 637.413491][T13812] [ 637.413498][T13812] dump_stack_lvl+0xe8/0x150 [ 637.413521][T13812] should_fail_ex+0x46b/0x600 [ 637.413541][T13812] _copy_from_user+0x2d/0xb0 [ 637.413555][T13812] ___sys_sendmsg+0x1c6/0x360 [ 637.413573][T13812] ? __pfx____sys_sendmsg+0x10/0x10 [ 637.413606][T13812] ? __fget_files+0x2a/0x420 [ 637.413622][T13812] ? __fget_files+0x3a6/0x420 [ 637.413644][T13812] __x64_sys_sendmsg+0x1c3/0x2a0 [ 637.413659][T13812] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 637.413679][T13812] ? __pfx_ksys_write+0x10/0x10 [ 637.413704][T13812] do_syscall_64+0x14d/0xf80 [ 637.413717][T13812] ? trace_irq_disable+0x3b/0x150 [ 637.413732][T13812] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.413744][T13812] ? clear_bhb_loop+0x40/0x90 [ 637.413760][T13812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.413772][T13812] RIP: 0033:0x7f7d56c1c819 [ 637.413784][T13812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 637.413796][T13812] RSP: 002b:00007f7d54e6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 637.413810][T13812] RAX: ffffffffffffffda RBX: 00007f7d56e95fa0 RCX: 00007f7d56c1c819 [ 637.413820][T13812] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 000000000000000a [ 637.413828][T13812] RBP: 00007f7d54e6e090 R08: 0000000000000000 R09: 0000000000000000 [ 637.413837][T13812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.413844][T13812] R13: 00007f7d56e96038 R14: 00007f7d56e95fa0 R15: 00007fffd2587b78 [ 637.413863][T13812] [ 637.462561][T11633] udevd[11633]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 637.838019][T13824] RDS: rds_bind could not find a transport for fc00::9, load rds_tcp or rds_rdma? [ 637.839535][T13824] 9p: Bad value for 'rfdno' [ 638.140856][T13837] FAULT_INJECTION: forcing a failure. [ 638.140856][T13837] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.140899][T13837] CPU: 1 UID: 0 PID: 13837 Comm: syz.5.1814 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 638.140929][T13837] Tainted: [L]=SOFTLOCKUP [ 638.140937][T13837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 638.140951][T13837] Call Trace: [ 638.140960][T13837] [ 638.140970][T13837] dump_stack_lvl+0xe8/0x150 [ 638.141010][T13837] should_fail_ex+0x46b/0x600 [ 638.141045][T13837] _copy_from_user+0x2d/0xb0 [ 638.141066][T13837] __x64_sys_epoll_ctl+0x128/0x1b0 [ 638.141100][T13837] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 638.141146][T13837] do_syscall_64+0x14d/0xf80 [ 638.141170][T13837] ? trace_irq_disable+0x3b/0x150 [ 638.141196][T13837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.141218][T13837] ? clear_bhb_loop+0x40/0x90 [ 638.141245][T13837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.141267][T13837] RIP: 0033:0x7f7d56c1c819 [ 638.141289][T13837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 638.141308][T13837] RSP: 002b:00007f7d54e6e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 638.141334][T13837] RAX: ffffffffffffffda RBX: 00007f7d56e95fa0 RCX: 00007f7d56c1c819 [ 638.141351][T13837] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 638.141365][T13837] RBP: 00007f7d54e6e090 R08: 0000000000000000 R09: 0000000000000000 [ 638.141381][T13837] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 638.141395][T13837] R13: 00007f7d56e96038 R14: 00007f7d56e95fa0 R15: 00007fffd2587b78 [ 638.141441][T13837] [ 638.661598][T13832] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1812'. [ 638.692127][T13832] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1812'. [ 638.916452][T13849] netlink: 'syz.0.1816': attribute type 3 has an invalid length. [ 638.972384][T13852] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1818'. [ 639.329014][ T5838] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 639.458950][ T5838] usb 4-1: device descriptor read/64, error -71 [ 639.664518][T13875] fuse: Bad value for 'user_id' [ 639.664540][T13875] fuse: Bad value for 'user_id' [ 639.709847][ T5838] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 639.849101][ T5838] usb 4-1: device descriptor read/64, error -71 [ 639.971885][ T5838] usb usb4-port1: attempt power cycle [ 640.679033][ T5838] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 640.699933][ T5838] usb 4-1: device descriptor read/8, error -71 [ 640.854280][T13897] binder: 13896:13897 unknown command 0 [ 640.854315][T13897] binder: 13896:13897 ioctl c0306201 2000000003c0 returned -22 [ 640.939424][ T5838] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 640.959668][ T5838] usb 4-1: device descriptor read/8, error -71 [ 641.069342][ T5838] usb usb4-port1: unable to enumerate USB device [ 644.816197][T13961] FAULT_INJECTION: forcing a failure. [ 644.816197][T13961] name failslab, interval 1, probability 0, space 0, times 0 [ 644.816237][T13961] CPU: 0 UID: 0 PID: 13961 Comm: syz.2.1847 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 644.816267][T13961] Tainted: [L]=SOFTLOCKUP [ 644.816275][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 644.816289][T13961] Call Trace: [ 644.816298][T13961] [ 644.816308][T13961] dump_stack_lvl+0xe8/0x150 [ 644.816357][T13961] should_fail_ex+0x46b/0x600 [ 644.816397][T13961] should_failslab+0xa8/0x100 [ 644.816423][T13961] __kmalloc_cache_noprof+0x84/0x690 [ 644.816447][T13961] ? vhost_task_create+0x123/0x380 [ 644.816479][T13961] vhost_task_create+0x123/0x380 [ 644.816504][T13961] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 644.816530][T13961] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 644.816557][T13961] ? __pfx_vhost_task_create+0x10/0x10 [ 644.816592][T13961] ? __pfx_vhost_task_fn+0x10/0x10 [ 644.816621][T13961] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 644.816650][T13961] ? lockdep_hardirqs_on+0x7a/0x110 [ 644.816687][T13961] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 644.816712][T13961] ? mutex_lock_nested+0x152/0x1d0 [ 644.816743][T13961] ? kvm_mmu_post_init_vm+0x91/0x300 [ 644.816775][T13961] kvm_mmu_post_init_vm+0x14c/0x300 [ 644.816806][T13961] kvm_arch_vcpu_ioctl_run+0x106/0x20d0 [ 644.816836][T13961] ? __lock_acquire+0x6b5/0x2cf0 [ 644.816876][T13961] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 644.816912][T13961] ? do_raw_spin_lock+0x12b/0x2f0 [ 644.816956][T13961] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 644.816982][T13961] ? lockdep_hardirqs_on+0x7a/0x110 [ 644.817006][T13961] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 644.817031][T13961] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 644.817071][T13961] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 644.817103][T13961] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 644.817129][T13961] ? lockdep_hardirqs_on+0x7a/0x110 [ 644.817153][T13961] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 644.817177][T13961] ? rt_write_unlock+0x190/0x230 [ 644.817214][T13961] kvm_vcpu_ioctl+0xa65/0xfe0 [ 644.817246][T13961] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 644.817276][T13961] ? __asan_memset+0x22/0x50 [ 644.817305][T13961] ? smack_file_ioctl+0x331/0x360 [ 644.817352][T13961] ? __pfx_smack_file_ioctl+0x10/0x10 [ 644.817399][T13961] ? __fget_files+0x2a/0x420 [ 644.817428][T13961] ? __fget_files+0x3a6/0x420 [ 644.817455][T13961] ? __fget_files+0x2a/0x420 [ 644.817488][T13961] ? bpf_lsm_file_ioctl+0x9/0x20 [ 644.817513][T13961] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 644.817538][T13961] __se_sys_ioctl+0xff/0x170 [ 644.817565][T13961] do_syscall_64+0x14d/0xf80 [ 644.817588][T13961] ? trace_irq_disable+0x3b/0x150 [ 644.817614][T13961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.817637][T13961] ? clear_bhb_loop+0x40/0x90 [ 644.817665][T13961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.817688][T13961] RIP: 0033:0x7f8cb204c819 [ 644.817708][T13961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 644.817728][T13961] RSP: 002b:00007f8cb029e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 644.817753][T13961] RAX: ffffffffffffffda RBX: 00007f8cb22c5fa0 RCX: 00007f8cb204c819 [ 644.817769][T13961] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 644.817783][T13961] RBP: 00007f8cb029e090 R08: 0000000000000000 R09: 0000000000000000 [ 644.817798][T13961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 644.817811][T13961] R13: 00007f8cb22c6038 R14: 00007f8cb22c5fa0 R15: 00007ffd514d4df8 [ 644.817849][T13961] [ 645.246724][T13964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1849'. [ 645.378337][T13970] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 645.482715][T13974] FAULT_INJECTION: forcing a failure. [ 645.482715][T13974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 645.482756][T13974] CPU: 0 UID: 0 PID: 13974 Comm: syz.2.1850 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 645.482792][T13974] Tainted: [L]=SOFTLOCKUP [ 645.482801][T13974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 645.482815][T13974] Call Trace: [ 645.482824][T13974] [ 645.482834][T13974] dump_stack_lvl+0xe8/0x150 [ 645.482873][T13974] should_fail_ex+0x46b/0x600 [ 645.482910][T13974] _copy_from_user+0x2d/0xb0 [ 645.482934][T13974] kvm_arch_vcpu_ioctl+0x11b0/0x2c70 [ 645.482969][T13974] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 645.482994][T13974] ? unwind_next_frame+0xa5/0x23c0 [ 645.483040][T13974] ? is_bpf_text_address+0x26/0x2b0 [ 645.483077][T13974] ? is_bpf_text_address+0x292/0x2b0 [ 645.483108][T13974] ? is_bpf_text_address+0x26/0x2b0 [ 645.483150][T13974] ? kernel_text_address+0xa5/0xe0 [ 645.483179][T13974] ? __kernel_text_address+0xd/0x30 [ 645.483205][T13974] ? unwind_get_return_address+0x4d/0x90 [ 645.483227][T13974] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 645.483258][T13974] ? arch_stack_walk+0xfb/0x150 [ 645.483293][T13974] ? stack_trace_save+0xa9/0x100 [ 645.483330][T13974] ? stack_depot_save_flags+0x33/0x810 [ 645.483361][T13974] ? vsnprintf+0xee0/0xee0 [ 645.483396][T13974] ? kasan_save_track+0x4f/0x80 [ 645.483426][T13974] ? kasan_save_track+0x3e/0x80 [ 645.483455][T13974] ? kasan_save_free_info+0x46/0x50 [ 645.483481][T13974] ? __kasan_slab_free+0x5c/0x80 [ 645.483512][T13974] ? kfree+0x1c1/0x6c0 [ 645.483550][T13974] ? tomoyo_path_number_perm+0x501/0x630 [ 645.483573][T13974] ? security_file_ioctl+0xc3/0x2a0 [ 645.483595][T13974] ? __se_sys_ioctl+0x47/0x170 [ 645.483615][T13974] ? do_syscall_64+0x14d/0xf80 [ 645.483639][T13974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.483689][T13974] ? __lock_acquire+0x6b5/0x2cf0 [ 645.483732][T13974] ? kasan_quarantine_put+0xbb/0x1f0 [ 645.483783][T13974] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 645.483810][T13974] ? lockdep_hardirqs_on+0x7a/0x110 [ 645.483834][T13974] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 645.483859][T13974] ? _mutex_lock_killable+0x152/0x1d0 [ 645.483892][T13974] ? kvm_vcpu_ioctl+0x283/0xfe0 [ 645.483921][T13974] kvm_vcpu_ioctl+0x7e7/0xfe0 [ 645.483953][T13974] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 645.483983][T13974] ? __asan_memset+0x22/0x50 [ 645.484013][T13974] ? smack_file_ioctl+0x331/0x360 [ 645.484051][T13974] ? __pfx_smack_file_ioctl+0x10/0x10 [ 645.484097][T13974] ? __fget_files+0x2a/0x420 [ 645.484125][T13974] ? __fget_files+0x3a6/0x420 [ 645.484153][T13974] ? __fget_files+0x2a/0x420 [ 645.484186][T13974] ? bpf_lsm_file_ioctl+0x9/0x20 [ 645.484210][T13974] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 645.484235][T13974] __se_sys_ioctl+0xff/0x170 [ 645.484261][T13974] do_syscall_64+0x14d/0xf80 [ 645.484284][T13974] ? trace_irq_disable+0x3b/0x150 [ 645.484309][T13974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.484332][T13974] ? clear_bhb_loop+0x40/0x90 [ 645.484360][T13974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.484382][T13974] RIP: 0033:0x7f8cb204c819 [ 645.484403][T13974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 645.484422][T13974] RSP: 002b:00007f8cb029e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 645.484447][T13974] RAX: ffffffffffffffda RBX: 00007f8cb22c5fa0 RCX: 00007f8cb204c819 [ 645.484463][T13974] RDX: 0000200000000000 RSI: 000000004040aea0 RDI: 0000000000000005 [ 645.484478][T13974] RBP: 00007f8cb029e090 R08: 0000000000000000 R09: 0000000000000000 [ 645.484492][T13974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 645.484506][T13974] R13: 00007f8cb22c6038 R14: 00007f8cb22c5fa0 R15: 00007ffd514d4df8 [ 645.484550][T13974] [ 645.520991][T13958] syz.5.1846 (13958) used greatest stack depth: 17384 bytes left [ 646.060196][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1851'. [ 647.871620][T14018] fuse: Bad value for 'group_id' [ 647.871644][T14018] fuse: Bad value for 'group_id' [ 648.427029][T14038] FAULT_INJECTION: forcing a failure. [ 648.427029][T14038] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.427069][T14038] CPU: 0 UID: 0 PID: 14038 Comm: syz.3.1862 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 648.427099][T14038] Tainted: [L]=SOFTLOCKUP [ 648.427107][T14038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 648.427120][T14038] Call Trace: [ 648.427129][T14038] [ 648.427139][T14038] dump_stack_lvl+0xe8/0x150 [ 648.427177][T14038] should_fail_ex+0x46b/0x600 [ 648.427214][T14038] _copy_to_user+0x31/0xb0 [ 648.427239][T14038] simple_read_from_buffer+0xe1/0x170 [ 648.427273][T14038] proc_fail_nth_read+0x1be/0x230 [ 648.427305][T14038] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.427337][T14038] ? rw_verify_area+0x2ac/0x4e0 [ 648.427380][T14038] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.427409][T14038] vfs_read+0x212/0xa80 [ 648.427451][T14038] ? __pfx_vfs_read+0x10/0x10 [ 648.427487][T14038] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 648.427512][T14038] ? lockdep_hardirqs_on+0x7a/0x110 [ 648.427537][T14038] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 648.427561][T14038] ? mutex_lock_nested+0x152/0x1d0 [ 648.427589][T14038] ? fdget_pos+0x252/0x320 [ 648.427627][T14038] ksys_read+0x156/0x270 [ 648.427664][T14038] ? __pfx_ksys_read+0x10/0x10 [ 648.427712][T14038] do_syscall_64+0x14d/0xf80 [ 648.427736][T14038] ? trace_irq_disable+0x3b/0x150 [ 648.427763][T14038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.427786][T14038] ? clear_bhb_loop+0x40/0x90 [ 648.427815][T14038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.427837][T14038] RIP: 0033:0x7fc41f41d04e [ 648.427858][T14038] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 648.427879][T14038] RSP: 002b:00007fc41d694fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 648.427910][T14038] RAX: ffffffffffffffda RBX: 00007fc41d6956c0 RCX: 00007fc41f41d04e [ 648.427927][T14038] RDX: 000000000000000f RSI: 00007fc41d6950a0 RDI: 0000000000000004 [ 648.427942][T14038] RBP: 00007fc41d695090 R08: 0000000000000000 R09: 0000000000000000 [ 648.427955][T14038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.427969][T14038] R13: 00007fc41f6d6128 R14: 00007fc41f6d6090 R15: 00007fff897ab268 [ 648.428007][T14038] [ 649.052258][T14049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1865'. [ 649.213886][T14056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1864'. [ 649.510194][T14061] random: crng reseeded on system resumption [ 650.285589][T14071] sctp: [Deprecated]: syz.3.1864 (pid 14071) Use of struct sctp_assoc_value in delayed_ack socket option. [ 650.285589][T14071] Use struct sctp_sack_info instead [ 651.029082][T14079] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1869'. [ 652.599688][T14103] FAULT_INJECTION: forcing a failure. [ 652.599688][T14103] name failslab, interval 1, probability 0, space 0, times 0 [ 652.599761][T14103] CPU: 0 UID: 0 PID: 14103 Comm: syz.0.1874 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 652.599793][T14103] Tainted: [L]=SOFTLOCKUP [ 652.599802][T14103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 652.599816][T14103] Call Trace: [ 652.599825][T14103] [ 652.599835][T14103] dump_stack_lvl+0xe8/0x150 [ 652.599875][T14103] should_fail_ex+0x46b/0x600 [ 652.599912][T14103] should_failslab+0xa8/0x100 [ 652.599938][T14103] kmem_cache_alloc_noprof+0x87/0x680 [ 652.599973][T14103] ? alloc_empty_file+0x55/0x1d0 [ 652.600007][T14103] alloc_empty_file+0x55/0x1d0 [ 652.600035][T14103] path_openat+0x11b/0x38a0 [ 652.600082][T14103] ? try_to_take_rt_mutex+0x840/0xb00 [ 652.600116][T14103] ? arch_stack_walk+0xfb/0x150 [ 652.600150][T14103] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 652.600195][T14103] ? __pfx_path_openat+0x10/0x10 [ 652.600231][T14103] ? __lock_acquire+0x6b5/0x2cf0 [ 652.600256][T14103] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 652.600298][T14103] ? do_raw_spin_lock+0x12b/0x2f0 [ 652.600340][T14103] do_file_open+0x23e/0x4a0 [ 652.600373][T14103] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 652.600403][T14103] ? __pfx_do_file_open+0x10/0x10 [ 652.600434][T14103] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 652.600492][T14103] ? alloc_fd+0x64e/0x6c0 [ 652.600554][T14103] do_sys_openat2+0x113/0x200 [ 652.600582][T14103] ? lockdep_hardirqs_on+0x7a/0x110 [ 652.600614][T14103] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.600667][T14103] __x64_sys_openat+0x138/0x170 [ 652.600700][T14103] do_syscall_64+0x14d/0xf80 [ 652.600724][T14103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.600748][T14103] ? clear_bhb_loop+0x40/0x90 [ 652.600776][T14103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.600799][T14103] RIP: 0033:0x7fb1e755c819 [ 652.600821][T14103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 652.600840][T14103] RSP: 002b:00007fb1e5795028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 652.600865][T14103] RAX: ffffffffffffffda RBX: 00007fb1e77d6090 RCX: 00007fb1e755c819 [ 652.600882][T14103] RDX: 0000000000004919 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 652.600897][T14103] RBP: 00007fb1e5795090 R08: 0000000000000000 R09: 0000000000000000 [ 652.600912][T14103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.600925][T14103] R13: 00007fb1e77d6128 R14: 00007fb1e77d6090 R15: 00007ffd0d5ae588 [ 652.600961][T14103] [ 653.617653][T14119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1877'. [ 658.621711][T14192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1893'. [ 659.542697][T12540] Bluetooth: hci2: command 0x0406 tx timeout [ 660.159009][ T7410] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 660.274232][T14221] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1902'. [ 660.309103][ T7410] usb 3-1: Using ep0 maxpacket: 16 [ 660.312862][ T7410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.312900][ T7410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.312945][ T7410] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 660.312972][ T7410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.377465][ T7410] usb 3-1: config 0 descriptor?? [ 661.474163][ T7410] usbhid 3-1:0.0: can't add hid device: -71 [ 661.474322][ T7410] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 661.513735][ T7410] usb 3-1: USB disconnect, device number 77 [ 664.302856][T14281] bond3: entered promiscuous mode [ 664.302893][T14281] bond3: entered allmulticast mode [ 664.307492][T14281] 8021q: adding VLAN 0 to HW filter on device bond3 [ 664.823302][T12540] Bluetooth: hci4: ISO packet for unknown connection handle 1039 [ 665.277206][T14335] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 667.485372][T14361] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1931'. [ 668.169030][ T5798] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 668.190473][ T37] kauditd_printk_skb: 63 callbacks suppressed [ 668.190495][ T37] audit: type=1326 audit(667.820:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.191036][ T37] audit: type=1326 audit(667.820:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.232426][ T37] audit: type=1326 audit(667.860:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.232487][ T37] audit: type=1326 audit(667.860:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.232535][ T37] audit: type=1326 audit(667.860:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.232585][ T37] audit: type=1326 audit(667.860:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.232633][ T37] audit: type=1326 audit(667.860:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.253099][ T37] audit: type=1326 audit(667.880:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.258381][ T37] audit: type=1326 audit(667.880:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.258438][ T37] audit: type=1326 audit(667.880:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14383 comm="syz.3.1938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc41f45c819 code=0x7ffc0000 [ 668.300647][T14384] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 668.339082][ T5798] usb 6-1: Using ep0 maxpacket: 32 [ 668.360677][ T5798] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 668.360708][ T5798] usb 6-1: config 0 has no interface number 0 [ 668.372138][ T5798] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 668.372169][ T5798] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.372189][ T5798] usb 6-1: Product: syz [ 668.372202][ T5798] usb 6-1: Manufacturer: syz [ 668.372216][ T5798] usb 6-1: SerialNumber: syz [ 668.418625][ T5798] usb 6-1: config 0 descriptor?? [ 669.040644][T14399] Bluetooth: hci6: Frame reassembly failed (-90) [ 669.066358][ T5798] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 669.066394][ T5798] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 669.067028][ T5798] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 669.067370][ T5798] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 669.114169][ T5798] usb 6-1: USB disconnect, device number 10 [ 669.275444][ T104] Bluetooth: hci6: Frame reassembly failed (-84) [ 669.533330][T14393] FAULT_INJECTION: forcing a failure. [ 669.533330][T14393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 669.533375][T14393] CPU: 1 UID: 0 PID: 14393 Comm: syz.3.1940 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 669.533406][T14393] Tainted: [L]=SOFTLOCKUP [ 669.533415][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 669.533428][T14393] Call Trace: [ 669.533438][T14393] [ 669.533448][T14393] dump_stack_lvl+0xe8/0x150 [ 669.533495][T14393] should_fail_ex+0x46b/0x600 [ 669.533534][T14393] core_sys_select+0x8df/0xc30 [ 669.533581][T14393] ? __pfx_core_sys_select+0x10/0x10 [ 669.533636][T14393] ? __pfx_set_user_sigmask+0x10/0x10 [ 669.533667][T14393] ? rt_mutex_slowunlock+0x1cb/0x300 [ 669.533700][T14393] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 669.533741][T14393] __se_sys_pselect6+0x267/0x320 [ 669.533775][T14393] ? __pfx___se_sys_pselect6+0x10/0x10 [ 669.533802][T14393] ? __pfx_ksys_write+0x10/0x10 [ 669.533843][T14393] ? __x64_sys_pselect6+0x21/0xf0 [ 669.533873][T14393] do_syscall_64+0x14d/0xf80 [ 669.533898][T14393] ? trace_irq_disable+0x3b/0x150 [ 669.533925][T14393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.533948][T14393] ? clear_bhb_loop+0x40/0x90 [ 669.533976][T14393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.533998][T14393] RIP: 0033:0x7fc41f45c819 [ 669.534019][T14393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 669.534038][T14393] RSP: 002b:00007fc41d6b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 669.534063][T14393] RAX: ffffffffffffffda RBX: 00007fc41f6d5fa0 RCX: 00007fc41f45c819 [ 669.534080][T14393] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 669.534095][T14393] RBP: 00007fc41d6b6090 R08: 0000000000000000 R09: 0000000000000000 [ 669.534108][T14393] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 669.534122][T14393] R13: 00007fc41f6d6038 R14: 00007fc41f6d5fa0 R15: 00007fff897ab268 [ 669.534158][T14393] [ 671.302308][ T5792] Bluetooth: hci6: command 0x1003 tx timeout [ 671.302589][T12540] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 671.446892][T14430] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 671.902002][T14449] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 673.159190][ T1787] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 673.319011][ T1787] usb 4-1: Using ep0 maxpacket: 32 [ 673.320986][ T1787] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 673.324315][ T1787] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 673.324347][ T1787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.324366][ T1787] usb 4-1: Product: syz [ 673.324382][ T1787] usb 4-1: Manufacturer: syz [ 673.324396][ T1787] usb 4-1: SerialNumber: syz [ 673.346128][ T1787] usb 4-1: config 0 descriptor?? [ 673.679017][ T1787] smsc95xx 4-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 673.679348][ T1787] smsc95xx 4-1:0.0: probe with driver smsc95xx failed with error -22 [ 673.686243][ T5866] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 673.769012][ T7410] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 673.914275][ T5866] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 673.937291][ T37] kauditd_printk_skb: 171 callbacks suppressed [ 673.937316][ T37] audit: type=1326 audit(673.560:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.937370][ T37] audit: type=1326 audit(673.560:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.946402][ T37] audit: type=1326 audit(673.570:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.967317][ T37] audit: type=1326 audit(673.590:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.984371][ T37] audit: type=1326 audit(673.610:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.988289][ T37] audit: type=1326 audit(673.610:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.988349][ T37] audit: type=1326 audit(673.610:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.988397][ T37] audit: type=1326 audit(673.610:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.988443][ T37] audit: type=1326 audit(673.610:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 673.988499][ T37] audit: type=1326 audit(673.610:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14490 comm="syz.4.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a3e7c819 code=0x7ffc0000 [ 674.009134][ T7410] usb 3-1: config 0 has no interfaces? [ 674.021381][T14494] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 674.058049][ T7410] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 674.058088][ T7410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 674.058111][ T7410] usb 3-1: SerialNumber: syz [ 674.116395][ T808] usb 4-1: USB disconnect, device number 61 [ 674.261455][ T7410] usb 3-1: config 0 descriptor?? [ 675.993108][ T5866] usb 3-1: USB disconnect, device number 78 [ 675.996933][T14542] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 676.129804][ T808] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 676.282958][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 676.282997][ T808] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 676.284558][ T808] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 676.284590][ T808] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 676.284612][ T808] usb 5-1: Manufacturer: syz [ 676.308133][ T808] usb 5-1: config 0 descriptor?? [ 676.862995][T14546] FAULT_INJECTION: forcing a failure. [ 676.862995][T14546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 676.863023][T14546] CPU: 1 UID: 0 PID: 14546 Comm: syz.4.1978 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 676.863041][T14546] Tainted: [L]=SOFTLOCKUP [ 676.863045][T14546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 676.863053][T14546] Call Trace: [ 676.863059][T14546] [ 676.863075][T14546] dump_stack_lvl+0xe8/0x150 [ 676.863100][T14546] should_fail_ex+0x46b/0x600 [ 676.863129][T14546] _copy_from_user+0x2d/0xb0 [ 676.863142][T14546] __se_sys_sendfile64+0xac/0x1a0 [ 676.863160][T14546] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 676.863186][T14546] do_syscall_64+0x14d/0xf80 [ 676.863201][T14546] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.863213][T14546] ? clear_bhb_loop+0x40/0x90 [ 676.863228][T14546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.863241][T14546] RIP: 0033:0x7f87a3e7c819 [ 676.863254][T14546] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.863265][T14546] RSP: 002b:00007f87a20d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 676.863280][T14546] RAX: ffffffffffffffda RBX: 00007f87a40f5fa0 RCX: 00007f87a3e7c819 [ 676.863289][T14546] RDX: 0000200000000080 RSI: 0000000000000005 RDI: 0000000000000006 [ 676.863298][T14546] RBP: 00007f87a20d6090 R08: 0000000000000000 R09: 0000000000000000 [ 676.863305][T14546] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 676.863313][T14546] R13: 00007f87a40f6038 R14: 00007f87a40f5fa0 R15: 00007fff62ed0c68 [ 676.863331][T14546] [ 677.129047][ T808] usbhid 5-1:0.0: can't add hid device: -71 [ 677.129186][ T808] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 677.176039][ T808] usb 5-1: USB disconnect, device number 49 [ 678.049100][T14606] FAULT_INJECTION: forcing a failure. [ 678.049100][T14606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 678.049126][T14606] CPU: 1 UID: 0 PID: 14606 Comm: syz.4.1990 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 678.049145][T14606] Tainted: [L]=SOFTLOCKUP [ 678.049150][T14606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 678.049158][T14606] Call Trace: [ 678.049163][T14606] [ 678.049169][T14606] dump_stack_lvl+0xe8/0x150 [ 678.049192][T14606] should_fail_ex+0x46b/0x600 [ 678.049222][T14606] _copy_from_user+0x2d/0xb0 [ 678.049236][T14606] vt_ioctl+0x1249/0x20c0 [ 678.049255][T14606] ? __pfx_vt_ioctl+0x10/0x10 [ 678.049269][T14606] ? __asan_memset+0x22/0x50 [ 678.049286][T14606] ? smack_file_ioctl+0x263/0x360 [ 678.049307][T14606] ? __pfx_smack_file_ioctl+0x10/0x10 [ 678.049333][T14606] ? __fget_files+0x3a6/0x420 [ 678.049348][T14606] ? __fget_files+0x2a/0x420 [ 678.049365][T14606] tty_ioctl+0x92e/0xde0 [ 678.049384][T14606] ? __pfx_tty_ioctl+0x10/0x10 [ 678.049401][T14606] __se_sys_ioctl+0xff/0x170 [ 678.049415][T14606] do_syscall_64+0x14d/0xf80 [ 678.049429][T14606] ? trace_irq_disable+0x3b/0x150 [ 678.049445][T14606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.049457][T14606] ? clear_bhb_loop+0x40/0x90 [ 678.049472][T14606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.049483][T14606] RIP: 0033:0x7f87a3e7c819 [ 678.049496][T14606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.049508][T14606] RSP: 002b:00007f87a20d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 678.049522][T14606] RAX: ffffffffffffffda RBX: 00007f87a40f5fa0 RCX: 00007f87a3e7c819 [ 678.049532][T14606] RDX: 0000200000000100 RSI: 0000000000004b67 RDI: 0000000000000003 [ 678.049540][T14606] RBP: 00007f87a20d6090 R08: 0000000000000000 R09: 0000000000000000 [ 678.049548][T14606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 678.049555][T14606] R13: 00007f87a40f6038 R14: 00007f87a40f5fa0 R15: 00007fff62ed0c68 [ 678.049574][T14606] [ 678.411286][T14614] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 678.411305][T14614] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 678.740438][T14616] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 679.369594][ T1787] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 679.546274][ T1787] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 679.546311][ T1787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.546334][ T1787] usb 6-1: Product: syz [ 679.546351][ T1787] usb 6-1: Manufacturer: syz [ 679.546367][ T1787] usb 6-1: SerialNumber: syz [ 680.746225][T14628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 680.746721][T14628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 680.803145][ T1787] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 680.803226][ T1787] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 680.803738][ T1787] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 680.803798][ T1787] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 680.806080][ T1787] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 680.886174][ T1787] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 680.906266][ T1787] usb 6-1: USB disconnect, device number 11 [ 681.676887][T14669] random: crng reseeded on system resumption [ 682.702612][ T37] kauditd_printk_skb: 188 callbacks suppressed [ 682.702637][ T37] audit: type=1326 audit(682.330:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.702695][ T37] audit: type=1326 audit(682.330:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.705454][ T37] audit: type=1326 audit(682.330:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.788477][ T37] audit: type=1326 audit(682.410:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.788605][ T37] audit: type=1326 audit(682.410:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.814686][ T37] audit: type=1326 audit(682.430:1721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.814742][ T37] audit: type=1326 audit(682.430:1722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.814784][ T37] audit: type=1326 audit(682.430:1723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.814824][ T37] audit: type=1326 audit(682.440:1724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.814866][ T37] audit: type=1326 audit(682.440:1725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14670 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1e755c819 code=0x7ffc0000 [ 682.881922][T14682] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 684.732674][T14714] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 684.742919][T14714] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 684.988470][T14722] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 686.260216][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.260295][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.836615][T14758] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2028'. [ 689.387748][T14784] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2035'. [ 690.326360][ T5889] libceph: connect (1)[c::]:6789 error -101 [ 690.326906][ T5889] libceph: mon0 (1)[c::]:6789 connect error [ 690.455456][T14783] ceph: No mds server is up or the cluster is laggy [ 692.287224][T14822] FAULT_INJECTION: forcing a failure. [ 692.287224][T14822] name failslab, interval 1, probability 0, space 0, times 0 [ 692.287250][T14822] CPU: 1 UID: 0 PID: 14822 Comm: syz.5.2044 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 692.287269][T14822] Tainted: [L]=SOFTLOCKUP [ 692.287274][T14822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 692.287281][T14822] Call Trace: [ 692.287287][T14822] [ 692.287293][T14822] dump_stack_lvl+0xe8/0x150 [ 692.287317][T14822] should_fail_ex+0x46b/0x600 [ 692.287339][T14822] should_failslab+0xa8/0x100 [ 692.287355][T14822] __kmalloc_cache_noprof+0x84/0x690 [ 692.287368][T14822] ? drm_atomic_state_alloc+0xa9/0x100 [ 692.287390][T14822] drm_atomic_state_alloc+0xa9/0x100 [ 692.287411][T14822] drm_client_modeset_commit_atomic+0x122/0x7e0 [ 692.287427][T14822] ? unwind_get_return_address+0x4d/0x90 [ 692.287440][T14822] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 692.287463][T14822] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 692.287490][T14822] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 692.287505][T14822] ? lockdep_hardirqs_on+0x7a/0x110 [ 692.287519][T14822] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 692.287533][T14822] ? mutex_lock_nested+0x152/0x1d0 [ 692.287550][T14822] ? drm_client_modeset_dpms+0xe8/0x960 [ 692.287566][T14822] drm_client_modeset_dpms+0x19b/0x960 [ 692.287584][T14822] ? __lock_acquire+0x6b5/0x2cf0 [ 692.287599][T14822] ? __pfx_drm_client_modeset_dpms+0x10/0x10 [ 692.287616][T14822] ? do_raw_spin_lock+0x12b/0x2f0 [ 692.287642][T14822] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 692.287656][T14822] ? lockdep_hardirqs_on+0x7a/0x110 [ 692.287671][T14822] ? mutex_lock_nested+0x152/0x1d0 [ 692.287687][T14822] ? drm_fb_helper_blank+0xeb/0x140 [ 692.287707][T14822] drm_fb_helper_blank+0xf5/0x140 [ 692.287724][T14822] fb_blank+0xd0/0x220 [ 692.287742][T14822] do_fb_ioctl+0x4fc/0x800 [ 692.287761][T14822] ? __pfx_do_fb_ioctl+0x10/0x10 [ 692.287791][T14822] ? __asan_memset+0x22/0x50 [ 692.287811][T14822] ? __pfx_smack_file_ioctl+0x10/0x10 [ 692.287840][T14822] ? __fget_files+0x3a6/0x420 [ 692.287856][T14822] ? __fget_files+0x2a/0x420 [ 692.287874][T14822] ? bpf_lsm_file_ioctl+0x9/0x20 [ 692.287888][T14822] ? __pfx_fb_ioctl+0x10/0x10 [ 692.287905][T14822] __se_sys_ioctl+0xff/0x170 [ 692.287920][T14822] do_syscall_64+0x14d/0xf80 [ 692.287934][T14822] ? trace_irq_disable+0x3b/0x150 [ 692.287948][T14822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.287961][T14822] ? clear_bhb_loop+0x40/0x90 [ 692.287977][T14822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.287989][T14822] RIP: 0033:0x7f7d56c1c819 [ 692.288002][T14822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 692.288013][T14822] RSP: 002b:00007f7d54e6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.288027][T14822] RAX: ffffffffffffffda RBX: 00007f7d56e95fa0 RCX: 00007f7d56c1c819 [ 692.288036][T14822] RDX: 0000000000000002 RSI: 0000000000004611 RDI: 0000000000000009 [ 692.288044][T14822] RBP: 00007f7d54e6e090 R08: 0000000000000000 R09: 0000000000000000 [ 692.288059][T14822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 692.288067][T14822] R13: 00007f7d56e96038 R14: 00007f7d56e95fa0 R15: 00007fffd2587b78 [ 692.288088][T14822] [ 692.681383][T14829] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2046'. [ 696.482607][T14874] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2060'. [ 696.699944][T14868] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 696.699993][T14868] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 700.908993][ T1787] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 701.178096][T14909] random: crng reseeded on system resumption [ 701.843258][ T1787] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 701.843302][ T1787] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 701.843323][ T1787] usb 4-1: config 0 has no interface number 0 [ 701.843427][ T1787] usb 4-1: config 0 interface 106 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 701.843498][ T1787] usb 4-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 701.843616][ T1787] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 701.843642][ T1787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.220633][ T1787] usb 4-1: config 0 descriptor?? [ 702.949804][ T1787] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 703.908027][ T104] usb 4-1: Failed to submit usb control message: -71 [ 703.908078][ T104] usb 4-1: unable to send the bmi data to the device: -71 [ 703.908098][ T104] usb 4-1: unable to get target info from device [ 703.908114][ T104] usb 4-1: could not get target info (-71) [ 703.908133][ T104] usb 4-1: could not probe fw (-71) [ 703.951729][ T1787] usb 4-1: USB disconnect, device number 62 [ 704.686165][T14945] mac80211_hwsim hwsim11 ..ãc¤±: renamed from wlan1 (while UP) [ 705.051200][T14951] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2072'. [ 705.871892][ T7410] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 706.029689][ T7410] usb 4-1: config index 0 descriptor too short (expected 2084, got 36) [ 706.029724][ T7410] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 706.029778][ T7410] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 706.029807][ T7410] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 706.029852][ T7410] usb 4-1: New USB device found, idVendor=054c, idProduct=0cc6, bcdDevice= 0.00 [ 706.029877][ T7410] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.157295][ T7410] usb 4-1: config 0 descriptor?? [ 706.172597][ T7410] usbhid 4-1:0.0: fixing wrong optional hid class descriptors count [ 706.172623][ T7410] usbhid 4-1:0.0: can't add hid device: -22 [ 706.172737][ T7410] usbhid 4-1:0.0: probe with driver usbhid failed with error -22 [ 706.312946][T14961] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2074'. [ 706.383532][ T5798] usb 4-1: USB disconnect, device number 63 [ 708.309274][ T7410] libceph: connect (1)[c::]:6789 error -101 [ 708.309495][ T7410] libceph: mon0 (1)[c::]:6789 connect error [ 708.530513][T14988] ceph: No mds server is up or the cluster is laggy [ 708.573435][ T7410] libceph: connect (1)[c::]:6789 error -101 [ 708.573653][ T7410] libceph: mon0 (1)[c::]:6789 connect error [ 709.099779][ T7410] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 709.702159][ T7410] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 709.702195][ T7410] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.702218][ T7410] usb 4-1: Product: syz [ 709.702234][ T7410] usb 4-1: Manufacturer: syz [ 709.702250][ T7410] usb 4-1: SerialNumber: syz [ 709.983928][ T7410] usb 4-1: config 0 descriptor?? [ 710.023253][ T7410] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 711.193611][ T7410] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 711.304051][ T7410] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 711.304122][ T7410] usb 4-1: media controller created [ 711.364377][ T7410] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 713.096462][ T7410] DVB: Unable to find symbol mt352_attach() [ 713.297881][ T7410] DVB: Unable to find symbol nxt6000_attach() [ 713.297899][ T7410] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 713.336020][ T7410] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input36 [ 713.351570][ T7410] dvb-usb: schedule remote query interval to 1000 msecs. [ 713.351593][ T7410] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 713.351612][ T7410] dvb-usb: bulk message failed: -22 (7/0) [ 713.351630][ T7410] dvb-usb: bulk message failed: -22 (7/0) [ 713.389528][ T7410] usb 4-1: USB disconnect, device number 64 [ 713.449511][ T5798] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 713.457635][T15055] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2092'. [ 713.577350][ T7410] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 713.608975][ T5798] usb 3-1: Using ep0 maxpacket: 32 [ 713.611364][ T5798] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 713.611397][ T5798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.630918][ T5798] usb 3-1: config 0 descriptor?? [ 713.657392][ T5798] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 714.613965][ T5798] gspca_vc032x: reg_w err -110 [ 714.614037][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614078][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614117][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614156][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614195][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614738][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614778][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614827][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614864][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614900][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614937][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.614973][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615017][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615055][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615091][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615128][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615164][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615201][ T5798] gspca_vc032x: I2c Bus Busy Wait 00 [ 714.615237][ T5798] gspca_vc032x: Unknown sensor... [ 714.616141][ T5798] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 715.991396][T15097] netlink: 'syz.4.2100': attribute type 1 has an invalid length. [ 716.346016][T15098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 716.346655][T15098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 716.355344][T15098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 716.356000][T15098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 716.364469][T15098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 716.365142][T15098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 716.892121][ T5866] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 717.038985][ T5866] usb 5-1: Using ep0 maxpacket: 16 [ 717.044824][ T5866] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 717.044858][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.044881][ T5866] usb 5-1: Product: syz [ 717.044897][ T5866] usb 5-1: Manufacturer: syz [ 717.044913][ T5866] usb 5-1: SerialNumber: syz [ 717.096185][ T5866] usb 5-1: config 0 descriptor?? [ 717.146943][T15125] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2104'. [ 717.308237][ T5866] speedtch 5-1:0.0: speedtch_bind: data interface not found! [ 717.308265][ T5866] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 717.796000][T15130] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2107'. [ 718.147951][T15136] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 718.792628][ T5866] usb 5-1: USB disconnect, device number 50 [ 719.099936][ T7410] usb 3-1: USB disconnect, device number 79 [ 719.855306][T15190] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2117'. [ 721.671438][T15204] FAULT_INJECTION: forcing a failure. [ 721.671438][T15204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.671478][T15204] CPU: 1 UID: 0 PID: 15204 Comm: syz.4.2124 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.671507][T15204] Tainted: [L]=SOFTLOCKUP [ 721.671515][T15204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 721.671529][T15204] Call Trace: [ 721.671538][T15204] [ 721.671548][T15204] dump_stack_lvl+0xe8/0x150 [ 721.671587][T15204] should_fail_ex+0x46b/0x600 [ 721.671623][T15204] _copy_to_user+0x31/0xb0 [ 721.671649][T15204] simple_read_from_buffer+0xe1/0x170 [ 721.671684][T15204] proc_fail_nth_read+0x1be/0x230 [ 721.671717][T15204] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 721.671770][T15204] ? rw_verify_area+0x2ac/0x4e0 [ 721.671801][T15204] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 721.671831][T15204] vfs_read+0x212/0xa80 [ 721.671872][T15204] ? __pfx_vfs_read+0x10/0x10 [ 721.671906][T15204] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 721.671931][T15204] ? lockdep_hardirqs_on+0x7a/0x110 [ 721.671956][T15204] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 721.671980][T15204] ? mutex_lock_nested+0x152/0x1d0 [ 721.672011][T15204] ? fdget_pos+0x252/0x320 [ 721.672051][T15204] ksys_read+0x156/0x270 [ 721.672086][T15204] ? __pfx_ksys_read+0x10/0x10 [ 721.672118][T15204] ? __pfx_sock_ioctl+0x10/0x10 [ 721.672158][T15204] do_syscall_64+0x14d/0xf80 [ 721.672190][T15204] ? trace_irq_disable+0x3b/0x150 [ 721.672215][T15204] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.672238][T15204] ? clear_bhb_loop+0x40/0x90 [ 721.672265][T15204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.672288][T15204] RIP: 0033:0x7f87a3e3d04e [ 721.672308][T15204] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 721.672326][T15204] RSP: 002b:00007f87a20d5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 721.672349][T15204] RAX: ffffffffffffffda RBX: 00007f87a20d66c0 RCX: 00007f87a3e3d04e [ 721.672365][T15204] RDX: 000000000000000f RSI: 00007f87a20d60a0 RDI: 0000000000000004 [ 721.672379][T15204] RBP: 00007f87a20d6090 R08: 0000000000000000 R09: 0000000000000000 [ 721.672392][T15204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.672404][T15204] R13: 00007f87a40f6038 R14: 00007f87a40f5fa0 R15: 00007fff62ed0c68 [ 721.672439][T15204] [ 722.157579][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2127'. [ 723.097270][T15228] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2131'. [ 724.420429][T15232] ------------[ cut here ]------------ [ 724.420446][T15232] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 724.420464][T15232] WARNING: drivers/gpu/drm/drm_vblank.c:1320 at drm_crtc_wait_one_vblank+0x357/0x500, CPU#0: syz.4.2132/15232 [ 724.420515][T15232] Modules linked in: [ 724.420539][T15232] CPU: 0 UID: 0 PID: 15232 Comm: syz.4.2132 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 724.420571][T15232] Tainted: [L]=SOFTLOCKUP [ 724.420580][T15232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 724.420593][T15232] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 724.420626][T15232] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ea b9 d3 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 724.420647][T15232] RSP: 0018:ffffc90025657ae0 EFLAGS: 00010246 [ 724.420667][T15232] RAX: 1ffff11004a8a800 RBX: ffffffff8f7558b0 RCX: 0000000000000000 [ 724.420685][T15232] RDX: ffffffff8bbf6340 RSI: ffffffff8bc121e0 RDI: ffffffff8f7558b0 [ 724.420703][T15232] RBP: ffffc90025657bc8 R08: 0000000000000000 R09: 0000000000000000 [ 724.420719][T15232] R10: dffffc0000000000 R11: fffffbfff1ed4e37 R12: ffffffff8bc121e0 [ 724.420736][T15232] R13: ffff888025454000 R14: 0000000000000000 R15: ffffffff8bbf6340 [ 724.420753][T15232] FS: 00007f87a20b56c0(0000) GS:ffff888126335000(0000) knlGS:0000000000000000 [ 724.420774][T15232] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 724.420791][T15232] CR2: 0000200000247030 CR3: 000000003420e000 CR4: 00000000003526f0 [ 724.420813][T15232] Call Trace: [ 724.420822][T15232] [ 724.420838][T15232] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 724.420869][T15232] ? rt_spin_unlock+0x14f/0x200 [ 724.420902][T15232] ? __pfx_autoremove_wake_function+0x10/0x10 [ 724.420942][T15232] ? rt_spin_unlock+0x160/0x200 [ 724.420980][T15232] ? drm_vblank_get+0x147/0x260 [ 724.421014][T15232] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 724.421044][T15232] drm_fb_helper_ioctl+0x6f/0xc0 [ 724.421078][T15232] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 724.421110][T15232] do_fb_ioctl+0x4cc/0x800 [ 724.421156][T15232] ? __pfx_do_fb_ioctl+0x10/0x10 [ 724.421208][T15232] ? smk_tskacc+0x311/0x3a0 [ 724.421255][T15232] ? __pfx_smack_file_ioctl+0x10/0x10 [ 724.421312][T15232] ? rcu_is_watching+0x15/0xb0 [ 724.421343][T15232] ? bpf_lsm_file_ioctl+0x9/0x20 [ 724.421368][T15232] ? __pfx_fb_ioctl+0x10/0x10 [ 724.421400][T15232] __se_sys_ioctl+0xff/0x170 [ 724.421430][T15232] do_syscall_64+0x14d/0xf80 [ 724.421456][T15232] ? trace_irq_disable+0x3b/0x150 [ 724.421510][T15232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.421536][T15232] ? clear_bhb_loop+0x40/0x90 [ 724.421566][T15232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.421590][T15232] RIP: 0033:0x7f87a3e7c819 [ 724.421613][T15232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 724.421634][T15232] RSP: 002b:00007f87a20b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 724.421658][T15232] RAX: ffffffffffffffda RBX: 00007f87a40f6090 RCX: 00007f87a3e7c819 [ 724.421675][T15232] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 000000000000000a [ 724.421690][T15232] RBP: 00007f87a3f12c91 R08: 0000000000000000 R09: 0000000000000000 [ 724.421705][T15232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.421719][T15232] R13: 00007f87a40f6128 R14: 00007f87a40f6090 R15: 00007fff62ed0c68 [ 724.421757][T15232] [ 724.421770][T15232] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 724.421790][T15232] CPU: 0 UID: 0 PID: 15232 Comm: syz.4.2132 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 724.421821][T15232] Tainted: [L]=SOFTLOCKUP [ 724.421830][T15232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 724.421844][T15232] Call Trace: [ 724.421854][T15232] [ 724.421863][T15232] vpanic+0x56c/0xa60 [ 724.421898][T15232] ? __pfx__printk+0x10/0x10 [ 724.421925][T15232] ? __pfx_vpanic+0x10/0x10 [ 724.421957][T15232] ? is_bpf_text_address+0x292/0x2b0 [ 724.421990][T15232] ? is_bpf_text_address+0x26/0x2b0 [ 724.422034][T15232] panic+0xc5/0xd0 [ 724.422068][T15232] ? __pfx_panic+0x10/0x10 [ 724.422122][T15232] __warn+0x315/0x4f0 [ 724.422162][T15232] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 724.422197][T15232] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 724.422231][T15232] __report_bug+0x29a/0x540 [ 724.422265][T15232] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 724.422298][T15232] ? __pfx___report_bug+0x10/0x10 [ 724.422349][T15232] report_bug_entry+0x19a/0x290 [ 724.422377][T15232] ? drm_crtc_wait_one_vblank+0x4b6/0x500 [ 724.422407][T15232] ? drm_crtc_wait_one_vblank+0x4bb/0x500 [ 724.422439][T15232] handle_bug+0xce/0x200 [ 724.422472][T15232] exc_invalid_op+0x1a/0x50 [ 724.422502][T15232] asm_exc_invalid_op+0x1a/0x20 [ 724.422525][T15232] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 724.422557][T15232] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ea b9 d3 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 724.422576][T15232] RSP: 0018:ffffc90025657ae0 EFLAGS: 00010246 [ 724.422596][T15232] RAX: 1ffff11004a8a800 RBX: ffffffff8f7558b0 RCX: 0000000000000000 [ 724.422611][T15232] RDX: ffffffff8bbf6340 RSI: ffffffff8bc121e0 RDI: ffffffff8f7558b0 [ 724.422628][T15232] RBP: ffffc90025657bc8 R08: 0000000000000000 R09: 0000000000000000 [ 724.422643][T15232] R10: dffffc0000000000 R11: fffffbfff1ed4e37 R12: ffffffff8bc121e0 [ 724.422661][T15232] R13: ffff888025454000 R14: 0000000000000000 R15: ffffffff8bbf6340 [ 724.422704][T15232] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 724.422734][T15232] ? rt_spin_unlock+0x14f/0x200 [ 724.422768][T15232] ? __pfx_autoremove_wake_function+0x10/0x10 [ 724.422807][T15232] ? rt_spin_unlock+0x160/0x200 [ 724.422844][T15232] ? drm_vblank_get+0x147/0x260 [ 724.422877][T15232] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 724.422907][T15232] drm_fb_helper_ioctl+0x6f/0xc0 [ 724.422939][T15232] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 724.422970][T15232] do_fb_ioctl+0x4cc/0x800 [ 724.423007][T15232] ? __pfx_do_fb_ioctl+0x10/0x10 [ 724.423056][T15232] ? smk_tskacc+0x311/0x3a0 [ 724.423101][T15232] ? __pfx_smack_file_ioctl+0x10/0x10 [ 724.423165][T15232] ? rcu_is_watching+0x15/0xb0 [ 724.423194][T15232] ? bpf_lsm_file_ioctl+0x9/0x20 [ 724.423219][T15232] ? __pfx_fb_ioctl+0x10/0x10 [ 724.423251][T15232] __se_sys_ioctl+0xff/0x170 [ 724.423280][T15232] do_syscall_64+0x14d/0xf80 [ 724.423306][T15232] ? trace_irq_disable+0x3b/0x150 [ 724.423334][T15232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.423359][T15232] ? clear_bhb_loop+0x40/0x90 [ 724.423390][T15232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.423414][T15232] RIP: 0033:0x7f87a3e7c819 [ 724.423434][T15232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 724.423454][T15232] RSP: 002b:00007f87a20b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 724.423477][T15232] RAX: ffffffffffffffda RBX: 00007f87a40f6090 RCX: 00007f87a3e7c819 [ 724.423494][T15232] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 000000000000000a [ 724.423509][T15232] RBP: 00007f87a3f12c91 R08: 0000000000000000 R09: 0000000000000000 [ 724.423525][T15232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.423540][T15232] R13: 00007f87a40f6128 R14: 00007f87a40f6090 R15: 00007fff62ed0c68 [ 724.423579][T15232] [ 724.423744][T15232] Kernel Offset: disabled