last executing test programs: 6m45.573294182s ago: executing program 3 (id=688): r0 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x58}, 0x1, 0x0, 0x0, 0x50}, 0x0) 6m45.040284873s ago: executing program 3 (id=689): sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4000054) syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x7) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty, 0xffffff5d}, 0x1c) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000005c0), 0x10) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/97, 0x38}, {0x0}], 0x2}, 0x32}], 0x4000000000000be, 0x122, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}, 0x1, 0x0, 0x0, 0x4044080}, 0x20008800) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c930411a0bb0050015ff0a00faff0002000000000100"], 0x17) socket$inet6_sctp(0xa, 0x1, 0x84) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) getuid() r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2}) ioctl$TUNSETDEBUG(r2, 0x400454c9, 0xffffffffffffffff) ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000300)={'gretap0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 6m42.243870669s ago: executing program 3 (id=704): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) socket$xdp(0x2c, 0x3, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) readv(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x8800) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xfffffed3, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xffffffff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r6, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) r9 = socket(0x400000000010, 0x3, 0x0) r10 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newtfilter={0x30, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r11, {0x1, 0xf}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) 6m36.732814553s ago: executing program 3 (id=715): sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x4c, 0x3, 0x3, 0x101, 0x0, 0x0, {0x4, 0x0, 0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x62f2}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xffffffe6}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xffff}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xfffff303}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x840}, 0x2004c090) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x2c}}, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc) 6m35.096985044s ago: executing program 3 (id=720): ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, &(0x7f0000000000)={0x2, 0x3}) r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300ffa0000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2944], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x4a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'bond_slave_0\x00', &(0x7f0000000100)=@ethtool_drvinfo={0x3, "0b695b9e9941309fd8267ea77f7c0c5b1eba1eff95fdc0a682b9d4c0530c72f7", "b88266761b9be73fed524efc41997b7eb827c38302bb5c3f3e9261b27dddcb9f", "2029e5bf6feb26c9dc8078b0daecf2fc06955a34c83731d961d3e81866ec78ee", "281e2328fa7f22ad3287259797a989c87981470c7fa976746a0573e6fd8d105b", "a703b3d0faa76643588a8d774db495e9a5af9a5c5e30146f6e947135df60002d", "793e12867786e569673f999e", 0x0, 0x9, 0x8, 0x8, 0x3b}}) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601030000000000000000000000000900020073797a300000000005000100060000000500050002000000050004000000ea03a3b807800800114000000000050015000000000013000300686173683a6e65742c6966616365000027a4d3ef716487b06616aaf0c8adf12648bdb8059c2ff894b26ea2417702979b3f43b6356ddb2c7158326229aca5216e5bbb347c248a416571432e2d91865e35f7a8346352b191dc5643666748369fbfbd3793d9322ced597aa4d53c62f77e11e333eb4dcb4f1c56c14a77"], 0x60}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f7, &(0x7f0000000240)) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbf8, {0x0, 0x0, 0x0, r7, 0x3007, 0x409}, [@IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8804) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="ebd72dbd7000fddbdf2103000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) 6m33.853189484s ago: executing program 3 (id=722): r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) bind$rxrpc(r0, &(0x7f0000000400)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e24, 0xfffffff9, @empty, 0x6}}, 0x24) listen(r0, 0x1fc00001) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x64, 0x8}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x1, 0xde, &(0x7f0000000880)=""/222, 0x0, 0x8}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$vim2m(0x0, 0x0, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r5, 0x0) mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil) syz_emit_ethernet(0x46, &(0x7f0000000440)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0x1, 0x6, "7d52f5", 0x10, 0x11, 0x1, @remote, @local, {[], {0x4e24, 0x4e23, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x109a42) ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, &(0x7f00000001c0)=0x9) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0x1, @private0}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000280)='x', 0x1}], 0x1}}], 0x1, 0x240c48c0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400050124bd70007bdbdf250a84312a09"], 0x48}, 0x1, 0x0, 0x0, 0x4004081}, 0x2005c840) 6m18.574523891s ago: executing program 32 (id=722): r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) bind$rxrpc(r0, &(0x7f0000000400)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e24, 0xfffffff9, @empty, 0x6}}, 0x24) listen(r0, 0x1fc00001) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x64, 0x8}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x1, 0xde, &(0x7f0000000880)=""/222, 0x0, 0x8}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$vim2m(0x0, 0x0, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r5, 0x0) mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil) syz_emit_ethernet(0x46, &(0x7f0000000440)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0x1, 0x6, "7d52f5", 0x10, 0x11, 0x1, @remote, @local, {[], {0x4e24, 0x4e23, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x109a42) ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, &(0x7f00000001c0)=0x9) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0x1, @private0}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000280)='x', 0x1}], 0x1}}], 0x1, 0x240c48c0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400050124bd70007bdbdf250a84312a09"], 0x48}, 0x1, 0x0, 0x0, 0x4004081}, 0x2005c840) 1m26.101324489s ago: executing program 4 (id=1731): socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x10, 0x400000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x400, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0) 1m25.341811106s ago: executing program 4 (id=1736): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4}, 0xc) 1m24.781961586s ago: executing program 4 (id=1737): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) 1m23.801648193s ago: executing program 4 (id=1739): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) mknod$loop(0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)}, 0x80) lstat(0x0, &(0x7f0000000980)) 1m19.976345403s ago: executing program 4 (id=1749): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa, 0x1}, 0xe) 1m19.802877025s ago: executing program 4 (id=1751): ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x2, 0xb}, 0x5, 0x34, 0x91f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_RATE64={0xc, 0x4, 0xdd31e353c9fd1eb}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xffff, 0xb}, {0xe, 0x1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x4}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2400c060}, 0x90) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="80", 0x1}], 0x1}, 0x4) 1m4.539672928s ago: executing program 33 (id=1751): ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x2, 0xb}, 0x5, 0x34, 0x91f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_RATE64={0xc, 0x4, 0xdd31e353c9fd1eb}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xffff, 0xb}, {0xe, 0x1}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x4}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2400c060}, 0x90) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="80", 0x1}], 0x1}, 0x4) 16.917176284s ago: executing program 1 (id=1906): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xfff2, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffe0, 0x7}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xf7513c36026b8104}, 0x20000000) 15.672609126s ago: executing program 1 (id=1913): socket$nl_generic(0x10, 0x3, 0x10) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000200), r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[], 0xc48}, 0x0, 0xe3d08660d3cd4684}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x14, 0x0, 0x2, 0x101, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0..:\x00', 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03400000000000000000010000000900010073797a300000000040000000160a07000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000038000000160a09010000000000000000010000000900020073797a30000000000900010073797a300000000008000740000000000400038014000000110001"], 0xc0}}, 0x0) 12.048495518s ago: executing program 6 (id=1924): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) 11.785312594s ago: executing program 6 (id=1926): socket$inet6(0xa, 0x1, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) 11.488707117s ago: executing program 5 (id=1928): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setparam(0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001aa40)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_FD(r1, 0x5, 0x0, 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9.733206613s ago: executing program 1 (id=1931): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000280)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) 9.500504677s ago: executing program 5 (id=1934): ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000180)=@multiplanar_overlay={0x9, 0x8, 0x4, 0x200, 0x5, {0x77359400}, {0x1, 0x0, 0x3, 0xf, 0xdf, 0x0, "8f10ac3a"}, 0x1, 0x3, {0x0}, 0x6}) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x1, r0, 0x0, 0x61000006, &(0x7f0000000340)) ptrace$getregset(0x4205, r0, 0x202, 0x0) 9.381732418s ago: executing program 1 (id=1935): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xfff2, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffe0, 0x7}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xf7513c36026b8104}, 0x20000000) 9.253328975s ago: executing program 2 (id=1936): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) 9.194512119s ago: executing program 2 (id=1937): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000000080)={&(0x7f0000000840)=[{0x1, 0x5010, 0x0, 0x0}], 0x1}) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f0000000080)=[{0xd0, 0x0, 0x0, 0x0}], 0x1}) 9.011136089s ago: executing program 5 (id=1938): syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b3838108480b0310547b01"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x80402) ioctl$I2C_FUNCS(r0, 0x705, 0x0) 8.948475353s ago: executing program 1 (id=1939): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xa4242, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd=r0, 0xffffffffffffff7f, 0x0, 0x0, 0x4}) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) 7.749449695s ago: executing program 1 (id=1940): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x45, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x2c020400) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4080004) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0xfffffffffffffffc, 0x10000000000, 0x0, 0x4}}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x3c}, 0x0, @in=@multicast1, 0x200000, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x1001}}, 0xe8) connect$inet6(0xffffffffffffffff, 0x0, 0x0) pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 6.016927956s ago: executing program 0 (id=1942): socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x6b4, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x33c, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x88b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000440)=@userptr={0x0, 0x2, 0x4, 0x408, 0x3, {}, {0x0, 0x1, 0x0, 0x0, 0xff, 0x14, "c4363c16"}, 0x1, 0x2, {0x0}, 0x7000000}) 5.645466521s ago: executing program 6 (id=1943): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40) close(0x3) 5.286972634s ago: executing program 5 (id=1944): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setparam(0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001aa40)=""/102392, 0x18ff8) fsconfig$FSCONFIG_SET_FD(r1, 0x5, 0x0, 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 5.147028357s ago: executing program 2 (id=1945): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) 4.603218165s ago: executing program 0 (id=1946): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) acct(0x0) 4.525518396s ago: executing program 6 (id=1947): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) 4.490564208s ago: executing program 2 (id=1948): ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000180)=@multiplanar_overlay={0x9, 0x8, 0x4, 0x200, 0x5, {0x77359400}, {0x1, 0x0, 0x3, 0xf, 0xdf, 0x0, "8f10ac3a"}, 0x1, 0x3, {0x0}, 0x6}) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) waitid(0x1, r0, 0x0, 0x61000006, &(0x7f0000000340)) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={0x0}) 4.485644211s ago: executing program 5 (id=1949): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xfff2, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffe0, 0x7}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xf7513c36026b8104}, 0x20000000) 4.205653336s ago: executing program 2 (id=1950): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3000c005) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)="b9693e14ae39b9d4956589cd4383940ab3b40d07cb4c156f3ca6fc88de9cb8a4ecac59ed49fd2b216619907a0b6431db4058ea0fc81a8a2c0d90fe4a4d001cb9ee95d2753b07a7825250f7428fd1147c0143bfdaa681777e472c350000a1e49900194dc22df4c565e5e7dbf454da7e3171f9736ec5b31348bd11c559d531fc5ad17bb24275fe9a24f69f4c0d44458071aff8d3c4783a7f1ccd3442264f6416fda9da7fe6f999f956700335e3e6a034413af8c4ba7c00"/195, 0xc3}, {&(0x7f0000000380)="248d7ac09ae9afb8954f66838ae5bb401e1c656014c4c8af25db88b25065cb5a4c7073b230eb916c6ff171fd78611ff70f30b9e77db814a1d43c7fa7a70c0df21e728ed51b836e0ce6f3faf0e4817093867621b5e0c03cf4638bc53de55de11380d10ae2775154c1069ae25d99ff710f4bbf7b5e76282c2df5a2d1f289179a74a84d8aceef5d869e05cc5117f25cd1e4d2461a95237c2fa3ba38e181e3f23a3cde974dfa75aecc3b2ce33369ad52580a6cd143f10ac7e783955969b8bd05a524f919a2fd9d3cbd055b5d2f7f00ca58f6b770492f471dc3b6b3b101d10f157ec9f68dac9b8d18cf8b", 0xbf}, {&(0x7f0000000240)="a3df552cfd633a6742d5c27a9fc4f4", 0xffffff53}], 0x3}, 0x4009800) 4.084086895s ago: executing program 6 (id=1951): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b010902"], 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0xfffffffffffffffe, 0xf, 0x80000002, 0x8000}, 0x0, 0x0) pipe(&(0x7f0000000180)) close_range(r0, 0xffffffffffffffff, 0x0) 3.405891271s ago: executing program 0 (id=1952): openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x40800) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0xa2c65) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0x4112, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.245773061s ago: executing program 0 (id=1953): socket$inet6(0xa, 0x1, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00') ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x59, 0xffffffffffffffff, {0x3b55}}, './file0\x00'}) r6 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') 3.213565266s ago: executing program 2 (id=1954): syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b3838108480b0310547b01"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x80402) ioctl$I2C_FUNCS(r0, 0x705, 0x0) 3.148638435s ago: executing program 5 (id=1955): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x203) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000840)=[{0x1, 0x5010, 0x0, 0x0}], 0x1}) r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r2, 0x707, &(0x7f00000000c0)={&(0x7f0000000080)=[{0xd0, 0x0, 0x0, 0x0}], 0x1}) 2.028433574s ago: executing program 0 (id=1956): socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x6b4, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x33c, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x88b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000440)=@userptr={0x0, 0x2, 0x4, 0x408, 0x3, {}, {0x0, 0x1, 0x0, 0x0, 0xff, 0x14, "c4363c16"}, 0x1, 0x2, {0x0}, 0x7000000}) 832.954068ms ago: executing program 0 (id=1957): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40) close(0x3) 0s ago: executing program 6 (id=1958): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 5][ T9842] ___sys_recvmsg+0x175/0x590 [ 495.123234][ T9842] ? __pfx____sys_recvmsg+0x10/0x10 [ 495.123279][ T9842] ? __fget_files+0x3a6/0x420 [ 495.123315][ T9842] do_recvmmsg+0x33a/0x800 [ 495.123346][ T9842] ? __pfx_do_recvmmsg+0x10/0x10 [ 495.123380][ T9842] ? rt_mutex_slowunlock+0x1cb/0x300 [ 495.123422][ T9842] __x64_sys_recvmmsg+0x198/0x250 [ 495.123449][ T9842] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 495.123483][ T9842] do_syscall_64+0x14d/0xf80 [ 495.123503][ T9842] ? trace_irq_disable+0x3b/0x150 [ 495.123525][ T9842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.123544][ T9842] ? clear_bhb_loop+0x40/0x90 [ 495.123568][ T9842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.123587][ T9842] RIP: 0033:0x7fd0f23ac799 [ 495.123611][ T9842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 495.123629][ T9842] RSP: 002b:00007fd0f05dd028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 495.123654][ T9842] RAX: ffffffffffffffda RBX: 00007fd0f2626090 RCX: 00007fd0f23ac799 [ 495.123669][ T9842] RDX: 0000000000000001 RSI: 0000200000000dc0 RDI: 0000000000000003 [ 495.123682][ T9842] RBP: 00007fd0f05dd090 R08: 0000000000000000 R09: 0000000000000000 [ 495.123693][ T9842] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 495.123705][ T9842] R13: 00007fd0f2626128 R14: 00007fd0f2626090 R15: 00007ffda8a9b2c8 [ 495.123735][ T9842] [ 495.164492][ T9838] Invalid logical block size (-1) [ 496.143583][ T9858] netlink: 'syz.2.1162': attribute type 39 has an invalid length. [ 496.193802][ T1841] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 496.344209][ T1841] usb 5-1: Using ep0 maxpacket: 32 [ 496.348065][ T1841] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 496.348097][ T1841] usb 5-1: config 0 has no interface number 0 [ 496.348149][ T1841] usb 5-1: config 0 interface 184 has no altsetting 0 [ 496.355314][ T1841] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 496.355347][ T1841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.355369][ T1841] usb 5-1: Product: syz [ 496.355384][ T1841] usb 5-1: Manufacturer: syz [ 496.355400][ T1841] usb 5-1: SerialNumber: syz [ 496.380114][ T1841] usb 5-1: config 0 descriptor?? [ 496.987314][ T1841] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 496.987338][ T1841] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 497.793974][ T808] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 497.967243][ T808] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 497.967274][ T808] usb 1-1: config 2 has 1 interface, different from the descriptor's value: 3 [ 497.967314][ T808] usb 1-1: too many endpoints for config 2 interface 0 altsetting 185: 62, using maximum allowed: 30 [ 497.967354][ T808] usb 1-1: config 2 interface 0 altsetting 185 has 0 endpoint descriptors, different from the interface descriptor's value: 62 [ 497.967382][ T808] usb 1-1: config 2 interface 0 has no altsetting 0 [ 497.972765][ T808] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=bd.95 [ 497.972806][ T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.972827][ T808] usb 1-1: Product: syz [ 497.972840][ T808] usb 1-1: Manufacturer: syz [ 497.972854][ T808] usb 1-1: SerialNumber: syz [ 498.117201][ T9854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.137619][ T9854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.160131][ T1841] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 498.160170][ T1841] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71 [ 498.160190][ T1841] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 498.160704][ T1841] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 498.184264][ T1841] usb 5-1: USB disconnect, device number 24 [ 498.204428][ T5877] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 498.503649][ T808] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 498.503902][ T5877] usb 3-1: device descriptor read/64, error -71 [ 498.506888][ T808] dvb_usb_af9015 1-1:2.0: probe with driver dvb_usb_af9015 failed with error -22 [ 498.543325][ T808] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 498.543447][ T808] dvb_usb_af9035 1-1:2.0: probe with driver dvb_usb_af9035 failed with error -22 [ 498.722656][ T808] usb 1-1: USB disconnect, device number 21 [ 498.799785][ T5877] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 499.003822][ T5877] usb 3-1: device descriptor read/64, error -71 [ 499.121861][ T5877] usb usb3-port1: attempt power cycle [ 499.653786][ T5877] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 499.691828][ T5877] usb 3-1: device descriptor read/8, error -71 [ 499.740996][ T9896] netlink: 'syz.4.1173': attribute type 39 has an invalid length. [ 499.948480][ T5877] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 500.052242][ T5877] usb 3-1: device descriptor read/8, error -71 [ 500.156624][ T5877] usb usb3-port1: unable to enumerate USB device [ 501.702024][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.702074][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.618065][ T9925] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1182'. [ 503.845432][ T5804] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 504.113777][ T5804] usb 5-1: device descriptor read/64, error -71 [ 504.365440][ T5804] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 504.513889][ T5804] usb 5-1: device descriptor read/64, error -71 [ 504.646525][ T5804] usb usb5-port1: attempt power cycle [ 505.005547][ T5804] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 505.088045][ T5804] usb 5-1: device descriptor read/8, error -71 [ 505.343912][ T5804] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 505.389500][ T5804] usb 5-1: device descriptor read/8, error -71 [ 505.391200][ T9958] FAULT_INJECTION: forcing a failure. [ 505.391200][ T9958] name failslab, interval 1, probability 0, space 0, times 0 [ 505.391238][ T9958] CPU: 0 UID: 0 PID: 9958 Comm: syz.2.1195 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 505.391269][ T9958] Tainted: [L]=SOFTLOCKUP [ 505.391277][ T9958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.391290][ T9958] Call Trace: [ 505.391298][ T9958] [ 505.391307][ T9958] dump_stack_lvl+0xe8/0x150 [ 505.391345][ T9958] should_fail_ex+0x46b/0x600 [ 505.391382][ T9958] should_failslab+0xa8/0x100 [ 505.391480][ T9958] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 505.391539][ T9958] ? __alloc_skb+0x1d0/0x7d0 [ 505.391585][ T9958] ? lockdep_hardirqs_on+0x7a/0x110 [ 505.391641][ T9958] __alloc_skb+0x1d0/0x7d0 [ 505.391667][ T9958] netlink_sendmsg+0x5d4/0xb40 [ 505.391730][ T9958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.391765][ T9958] ? unwind_get_return_address+0x4d/0x90 [ 505.391792][ T9958] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 505.391867][ T9958] ____sys_sendmsg+0x94c/0x9c0 [ 505.391898][ T9958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 505.391940][ T9958] ? import_iovec+0x73/0xa0 [ 505.392001][ T9958] ___sys_sendmsg+0x2a5/0x360 [ 505.392032][ T9958] ? __pfx____sys_sendmsg+0x10/0x10 [ 505.392092][ T9958] ? __fget_files+0x2a/0x420 [ 505.392119][ T9958] ? __fget_files+0x3a6/0x420 [ 505.392158][ T9958] __x64_sys_sendmsg+0x1c3/0x2a0 [ 505.392186][ T9958] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 505.392220][ T9958] ? __pfx_ksys_write+0x10/0x10 [ 505.392265][ T9958] do_syscall_64+0x14d/0xf80 [ 505.392288][ T9958] ? trace_irq_disable+0x3b/0x150 [ 505.392312][ T9958] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.392334][ T9958] ? clear_bhb_loop+0x40/0x90 [ 505.392361][ T9958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.392381][ T9958] RIP: 0033:0x7f496b84c799 [ 505.392401][ T9958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 505.392418][ T9958] RSP: 002b:00007f4969a9e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 505.392443][ T9958] RAX: ffffffffffffffda RBX: 00007f496bac5fa0 RCX: 00007f496b84c799 [ 505.392458][ T9958] RDX: 0000000000000820 RSI: 0000200000000280 RDI: 0000000000000004 [ 505.392472][ T9958] RBP: 00007f4969a9e090 R08: 0000000000000000 R09: 0000000000000000 [ 505.392486][ T9958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 505.392497][ T9958] R13: 00007f496bac6038 R14: 00007f496bac5fa0 R15: 00007ffe4f9b8c98 [ 505.392530][ T9958] [ 505.521727][ T5804] usb usb5-port1: unable to enumerate USB device [ 507.514248][ T9976] tun0: tun_chr_ioctl cmd 1074025675 [ 507.514274][ T9976] tun0: persist disabled [ 507.764120][ T5876] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 507.913823][ T5804] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 507.924299][ T5876] usb 2-1: Using ep0 maxpacket: 16 [ 507.927057][ T5876] usb 2-1: config index 0 descriptor too short (expected 46593, got 71) [ 507.927083][ T5876] usb 2-1: config 0 has too many interfaces: 158, using maximum allowed: 32 [ 507.927103][ T5876] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 507.927121][ T5876] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 158 [ 507.927140][ T5876] usb 2-1: config 0 has no interface number 0 [ 507.983491][ T5876] usb 2-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01 [ 507.983525][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.983546][ T5876] usb 2-1: Product: syz [ 507.983561][ T5876] usb 2-1: Manufacturer: syz [ 507.983576][ T5876] usb 2-1: SerialNumber: syz [ 508.049423][ T5876] usb 2-1: config 0 descriptor?? [ 508.080912][ T5876] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046c:14e0) [ 508.080953][ T5876] uvcvideo 2-1:0.105: No valid video chain found. [ 508.098867][ T5804] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 508.098905][ T5804] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 508.098934][ T5804] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 508.098954][ T5804] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 508.098997][ T5804] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 508.099018][ T5804] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.144380][ T5804] usb 3-1: config 0 descriptor?? [ 508.273467][ T5876] usb 2-1: USB disconnect, device number 17 [ 508.568038][ T5804] plantronics 0003:047F:FFFF.000E: ignoring exceeding usage max [ 508.616339][ T5804] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 508.710980][ T9991] program syz.0.1207 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.959150][ T1841] usb 3-1: USB disconnect, device number 29 [ 511.513796][ T1841] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 511.690105][ T1841] usb 3-1: device descriptor read/64, error -71 [ 512.223959][ T1841] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 512.463877][ T1841] usb 3-1: device descriptor read/64, error -71 [ 512.574207][ T1841] usb usb3-port1: attempt power cycle [ 512.973782][ T1841] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 513.023779][ T1841] usb 3-1: device descriptor read/8, error -71 [ 513.563816][ T1841] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 515.083784][ T5876] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 515.236358][ T5876] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 515.236393][ T5876] usb 2-1: config 0 has no interface number 0 [ 515.236446][ T5876] usb 2-1: config 0 interface 41 has no altsetting 0 [ 515.239733][ T5876] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 515.239767][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.239786][ T5876] usb 2-1: Product: syz [ 515.239801][ T5876] usb 2-1: Manufacturer: syz [ 515.239834][ T5876] usb 2-1: SerialNumber: syz [ 515.321359][ T5876] usb 2-1: config 0 descriptor?? [ 516.137414][ T5876] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 517.209787][ T5876] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 517.393935][ T5876] usb 2-1: USB disconnect, device number 18 [ 517.537282][T10062] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1227'. [ 517.681399][T10062] netlink: 212356 bytes leftover after parsing attributes in process `syz.0.1227'. [ 518.809635][ T1841] usb 3-1: device descriptor read/8, error -110 [ 518.914114][ T1841] usb usb3-port1: unable to enumerate USB device [ 520.348627][ T5948] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 520.745626][ T5876] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 521.423784][ T5948] usb 1-1: Using ep0 maxpacket: 32 [ 521.426336][ T5948] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 521.426364][ T5948] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 521.426387][ T5948] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 521.426410][ T5948] usb 1-1: config 1 has no interface number 0 [ 521.426460][ T5948] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 521.426490][ T5948] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 521.426545][ T5948] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 521.426570][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.543711][ T5876] usb 5-1: Using ep0 maxpacket: 32 [ 521.547054][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 521.547113][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 521.547161][ T5876] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 521.547186][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.588585][ T64] block nbd0: Connection timed out, retrying (0/2 alive) [ 521.589878][ T64] block nbd0: Connection timed out, retrying (0/2 alive) [ 521.589943][ T64] block nbd0: Connection timed out, retrying (0/2 alive) [ 521.590055][ T64] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.590086][ T64] Buffer I/O error on dev nbd0, logical block 2, async page read [ 521.590125][ T64] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.590151][ T64] Buffer I/O error on dev nbd0, logical block 1, async page read [ 521.590180][ T64] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.590204][ T64] Buffer I/O error on dev nbd0, logical block 0, async page read [ 521.625710][ T5795] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.625752][ T5795] Buffer I/O error on dev nbd0, logical block 0, async page read [ 521.626192][ T5795] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626216][ T5795] Buffer I/O error on dev nbd0, logical block 1, async page read [ 521.626266][ T5795] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626289][ T5795] Buffer I/O error on dev nbd0, logical block 2, async page read [ 521.626336][ T5795] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626358][ T5795] Buffer I/O error on dev nbd0, logical block 3, async page read [ 521.626416][ T5795] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626438][ T5795] Buffer I/O error on dev nbd0, logical block 0, async page read [ 521.626486][ T5795] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626508][ T5795] Buffer I/O error on dev nbd0, logical block 1, async page read [ 521.626556][ T5795] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.626577][ T5795] Buffer I/O error on dev nbd0, logical block 2, async page read [ 521.627465][ T5795] ldm_validate_partition_table(): Disk read failed. [ 521.628233][ T5795] Dev nbd0: unable to read RDB block 0 [ 521.629073][ T5795] nbd0: unable to read partition table [ 521.654672][ T5795] ldm_validate_partition_table(): Disk read failed. [ 521.655350][ T5795] Dev nbd0: unable to read RDB block 0 [ 521.669318][ T5795] nbd0: unable to read partition table [ 521.808867][T10106] netlink: 'syz.5.1242': attribute type 1 has an invalid length. [ 521.808896][T10106] netlink: 212 bytes leftover after parsing attributes in process `syz.5.1242'. [ 521.950958][ T5876] usb 5-1: config 0 descriptor?? [ 521.970375][ T5948] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 521.999446][ T5948] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 522.027986][ T5876] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 522.769434][ T1335] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 522.781921][T10115] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1244'. [ 522.781959][T10115] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1244'. [ 522.845850][T10115] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 523.044310][ T1841] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 523.343385][ T1841] usb 5-1: USB disconnect, device number 29 [ 524.038476][ T5876] usb 1-1: USB disconnect, device number 22 [ 524.040212][ T5876] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 524.278398][T10140] netlink: 'syz.0.1253': attribute type 1 has an invalid length. [ 524.278424][T10140] netlink: 212 bytes leftover after parsing attributes in process `syz.0.1253'. [ 524.644034][ T6814] Bluetooth: hci1: command 0x1003 tx timeout [ 524.646583][ T5806] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 528.243750][ T5906] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 528.383800][ T5906] usb 6-1: device descriptor read/64, error -71 [ 528.653882][ T5906] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 528.793786][ T5906] usb 6-1: device descriptor read/64, error -71 [ 528.904292][ T5906] usb usb6-port1: attempt power cycle [ 529.360056][ T5906] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 529.384406][ T5906] usb 6-1: device descriptor read/8, error -71 [ 529.663689][ T5906] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 529.734578][ T5906] usb 6-1: device descriptor read/8, error -71 [ 529.869095][ T5906] usb usb6-port1: unable to enumerate USB device [ 530.883791][ T5806] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 531.970085][T10227] FAULT_INJECTION: forcing a failure. [ 531.970085][T10227] name failslab, interval 1, probability 0, space 0, times 0 [ 531.970124][T10227] CPU: 1 UID: 0 PID: 10227 Comm: syz.2.1283 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 531.970150][T10227] Tainted: [L]=SOFTLOCKUP [ 531.970157][T10227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 531.970170][T10227] Call Trace: [ 531.970179][T10227] [ 531.970188][T10227] dump_stack_lvl+0xe8/0x150 [ 531.970227][T10227] should_fail_ex+0x46b/0x600 [ 531.970263][T10227] should_failslab+0xa8/0x100 [ 531.970287][T10227] __kvmalloc_node_noprof+0x170/0x8e0 [ 531.970311][T10227] ? seq_read_iter+0x203/0xe20 [ 531.970384][T10227] ? mutex_lock_nested+0x152/0x1d0 [ 531.970413][T10227] ? seq_read_iter+0xb8/0xe20 [ 531.970438][T10227] seq_read_iter+0x203/0xe20 [ 531.970462][T10227] ? trace_kmalloc+0x2a/0x110 [ 531.970498][T10227] ? __kmalloc_noprof+0x408/0x7b0 [ 531.970518][T10227] ? iovec_from_user+0x87/0x250 [ 531.970558][T10227] do_iter_readv_writev+0x62b/0x8d0 [ 531.970585][T10227] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 531.970617][T10227] ? rw_verify_area+0x2ac/0x4e0 [ 531.970663][T10227] vfs_readv+0x292/0x850 [ 531.970699][T10227] ? __pfx_vfs_readv+0x10/0x10 [ 531.970741][T10227] ? __fget_files+0x2a/0x420 [ 531.970775][T10227] ? __fget_files+0x3a6/0x420 [ 531.970802][T10227] ? __fget_files+0x2a/0x420 [ 531.970839][T10227] __x64_sys_preadv+0x1a2/0x2b0 [ 531.970863][T10227] ? __pfx___x64_sys_preadv+0x10/0x10 [ 531.970895][T10227] do_syscall_64+0x14d/0xf80 [ 531.970918][T10227] ? trace_irq_disable+0x3b/0x150 [ 531.970942][T10227] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.970964][T10227] ? clear_bhb_loop+0x40/0x90 [ 531.970992][T10227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.971015][T10227] RIP: 0033:0x7f496b84c799 [ 531.971036][T10227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 531.971055][T10227] RSP: 002b:00007f4969a9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 531.971078][T10227] RAX: ffffffffffffffda RBX: 00007f496bac5fa0 RCX: 00007f496b84c799 [ 531.971094][T10227] RDX: 000000000000000a RSI: 0000200000000100 RDI: 0000000000000004 [ 531.971108][T10227] RBP: 00007f4969a9e090 R08: 0000000000000000 R09: 0000000000000000 [ 531.971122][T10227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.971135][T10227] R13: 00007f496bac6038 R14: 00007f496bac5fa0 R15: 00007ffe4f9b8c98 [ 531.971171][T10227] [ 533.369986][ T37] kauditd_printk_skb: 23 callbacks suppressed [ 533.370007][ T37] audit: type=1326 audit(1774871561.873:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.371749][ T37] audit: type=1326 audit(1774871561.873:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.372055][ T37] audit: type=1326 audit(1774871561.873:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385598][ T37] audit: type=1326 audit(1774871561.893:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385658][ T37] audit: type=1326 audit(1774871561.893:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385703][ T37] audit: type=1326 audit(1774871561.893:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385748][ T37] audit: type=1326 audit(1774871561.893:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385795][ T37] audit: type=1326 audit(1774871561.893:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.385843][ T37] audit: type=1326 audit(1774871561.893:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.417284][ T37] audit: type=1326 audit(1774871561.913:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd07facc799 code=0x7ffc0000 [ 533.847253][T10256] program syz.4.1294 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 534.052103][T10258] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1295'. [ 534.894143][T10274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1299'. [ 534.896073][T10274] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1299'. [ 535.108466][T10282] FAULT_INJECTION: forcing a failure. [ 535.108466][T10282] name failslab, interval 1, probability 0, space 0, times 0 [ 535.108506][T10282] CPU: 0 UID: 0 PID: 10282 Comm: syz.4.1302 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 535.108537][T10282] Tainted: [L]=SOFTLOCKUP [ 535.108545][T10282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 535.108557][T10282] Call Trace: [ 535.108566][T10282] [ 535.108575][T10282] dump_stack_lvl+0xe8/0x150 [ 535.108613][T10282] should_fail_ex+0x46b/0x600 [ 535.108648][T10282] should_failslab+0xa8/0x100 [ 535.108673][T10282] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 535.108709][T10282] ? __alloc_skb+0x1d0/0x7d0 [ 535.108728][T10282] ? lockdep_hardirqs_on+0x7a/0x110 [ 535.108760][T10282] __alloc_skb+0x1d0/0x7d0 [ 535.108787][T10282] netlink_sendmsg+0x5d4/0xb40 [ 535.108830][T10282] ? __pfx_netlink_sendmsg+0x10/0x10 [ 535.108865][T10282] ? unwind_get_return_address+0x4d/0x90 [ 535.108891][T10282] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 535.108927][T10282] ____sys_sendmsg+0x94c/0x9c0 [ 535.108960][T10282] ? __pfx_____sys_sendmsg+0x10/0x10 [ 535.108994][T10282] ? import_iovec+0x73/0xa0 [ 535.109032][T10282] ___sys_sendmsg+0x2a5/0x360 [ 535.109063][T10282] ? __pfx____sys_sendmsg+0x10/0x10 [ 535.109126][T10282] ? __fget_files+0x2a/0x420 [ 535.109154][T10282] ? __fget_files+0x3a6/0x420 [ 535.109194][T10282] __x64_sys_sendmsg+0x1c3/0x2a0 [ 535.109222][T10282] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 535.109258][T10282] ? __pfx_ksys_write+0x10/0x10 [ 535.109304][T10282] do_syscall_64+0x14d/0xf80 [ 535.109326][T10282] ? trace_irq_disable+0x3b/0x150 [ 535.109352][T10282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.109383][T10282] ? clear_bhb_loop+0x40/0x90 [ 535.109411][T10282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.109434][T10282] RIP: 0033:0x7fd07facc799 [ 535.109455][T10282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 535.109473][T10282] RSP: 002b:00007fd07dd26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 535.109498][T10282] RAX: ffffffffffffffda RBX: 00007fd07fd45fa0 RCX: 00007fd07facc799 [ 535.109513][T10282] RDX: 0000000020000850 RSI: 0000200000003280 RDI: 0000000000000003 [ 535.109528][T10282] RBP: 00007fd07dd26090 R08: 0000000000000000 R09: 0000000000000000 [ 535.109543][T10282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 535.109556][T10282] R13: 00007fd07fd46038 R14: 00007fd07fd45fa0 R15: 00007fffd91462a8 [ 535.109590][T10282] [ 538.927810][T10328] netlink: 'syz.1.1316': attribute type 1 has an invalid length. [ 538.927836][T10328] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1316'. [ 540.113842][ T1841] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 540.160744][T10349] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1325'. [ 540.161138][T10349] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1325'. [ 540.263739][ T1841] usb 3-1: Using ep0 maxpacket: 32 [ 540.280693][ T1841] usb 3-1: config 2 has an invalid interface number: 88 but max is 0 [ 540.280725][ T1841] usb 3-1: config 2 has no interface number 0 [ 540.280775][ T1841] usb 3-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 540.280801][ T1841] usb 3-1: config 2 interface 88 has no altsetting 0 [ 540.312817][ T1841] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 540.312852][ T1841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.312872][ T1841] usb 3-1: Product: syz [ 540.312887][ T1841] usb 3-1: Manufacturer: syz [ 540.312901][ T1841] usb 3-1: SerialNumber: syz [ 540.381794][T10341] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 540.586350][T10341] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 540.592351][T10358] FAULT_INJECTION: forcing a failure. [ 540.592351][T10358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 540.592393][T10358] CPU: 0 UID: 0 PID: 10358 Comm: syz.5.1327 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 540.592422][T10358] Tainted: [L]=SOFTLOCKUP [ 540.592431][T10358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 540.592443][T10358] Call Trace: [ 540.592452][T10358] [ 540.592461][T10358] dump_stack_lvl+0xe8/0x150 [ 540.592497][T10358] should_fail_ex+0x46b/0x600 [ 540.592533][T10358] _copy_from_user+0x2d/0xb0 [ 540.592556][T10358] __x64_sys_setrlimit+0xcc/0x150 [ 540.592582][T10358] ? __pfx___x64_sys_setrlimit+0x10/0x10 [ 540.592619][T10358] do_syscall_64+0x14d/0xf80 [ 540.592642][T10358] ? trace_irq_disable+0x3b/0x150 [ 540.592668][T10358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.592690][T10358] ? clear_bhb_loop+0x40/0x90 [ 540.592717][T10358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.592739][T10358] RIP: 0033:0x7fa4f74fc799 [ 540.592759][T10358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 540.592778][T10358] RSP: 002b:00007fa4f572d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a0 [ 540.592802][T10358] RAX: ffffffffffffffda RBX: 00007fa4f7776090 RCX: 00007fa4f74fc799 [ 540.592818][T10358] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 [ 540.592832][T10358] RBP: 00007fa4f572d090 R08: 0000000000000000 R09: 0000000000000000 [ 540.592845][T10358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 540.592859][T10358] R13: 00007fa4f7776128 R14: 00007fa4f7776090 R15: 00007ffd33fa8dc8 [ 540.592894][T10358] [ 540.943856][T10360] netlink: 188 bytes leftover after parsing attributes in process `syz.5.1328'. [ 540.969269][T10360] fuse: Unknown parameter 'UÚ0x0000000000000005' [ 541.005074][ T1841] asix 3-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 541.005404][ T1841] asix 3-1:2.88: probe with driver asix failed with error -71 [ 541.048850][ T1841] usb 3-1: USB disconnect, device number 34 [ 541.072856][T10361] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1328'. [ 543.788178][T10402] netlink: 'syz.4.1341': attribute type 21 has an invalid length. [ 546.174023][T10429] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1348'. [ 546.703781][ T31] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 546.853723][ T31] usb 6-1: Using ep0 maxpacket: 32 [ 546.864371][ T31] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 546.864406][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.872091][ T31] usb 6-1: config 0 descriptor?? [ 547.075120][ T31] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 547.097700][ T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 547.099741][ T31] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 547.099803][ T31] usb 6-1: media controller created [ 547.167688][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 547.458817][ T31] az6027: usb out operation failed. (-71) [ 547.459307][ T31] az6027: usb out operation failed. (-71) [ 547.459333][ T31] stb0899_attach: Driver disabled by Kconfig [ 547.459343][ T31] az6027: no front-end attached [ 547.459343][ T31] [ 547.459760][ T31] az6027: usb out operation failed. (-71) [ 547.459775][ T31] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 547.501432][ T31] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input21 [ 547.507456][ T31] dvb-usb: schedule remote query interval to 400 msecs. [ 547.507479][ T31] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 547.512967][ T31] usb 6-1: USB disconnect, device number 8 [ 547.859487][ T31] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 548.686385][T10463] FAULT_INJECTION: forcing a failure. [ 548.686385][T10463] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 548.686425][T10463] CPU: 0 UID: 0 PID: 10463 Comm: syz.5.1360 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 548.686456][T10463] Tainted: [L]=SOFTLOCKUP [ 548.686464][T10463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.686477][T10463] Call Trace: [ 548.686486][T10463] [ 548.686495][T10463] dump_stack_lvl+0xe8/0x150 [ 548.686545][T10463] should_fail_ex+0x46b/0x600 [ 548.686581][T10463] prepare_alloc_pages+0x22a/0x6b0 [ 548.686686][T10463] __alloc_frozen_pages_noprof+0x12f/0x380 [ 548.686717][T10463] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 548.686748][T10463] ? __pfx_policy_nodemask+0x10/0x10 [ 548.686792][T10463] ? __lock_acquire+0x6b5/0x2cf0 [ 548.686825][T10463] alloc_pages_mpol+0xd1/0x380 [ 548.686854][T10463] vma_alloc_folio_noprof+0xea/0x290 [ 548.686882][T10463] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 548.686919][T10463] do_pte_missing+0x7f9/0x29e0 [ 548.687025][T10463] handle_mm_fault+0xd0a/0x13c0 [ 548.687086][T10463] ? handle_mm_fault+0xe7/0x13c0 [ 548.687123][T10463] ? __pfx_handle_mm_fault+0x10/0x10 [ 548.687181][T10463] ? lock_mm_and_find_vma+0xa7/0x340 [ 548.687235][T10463] do_user_addr_fault+0x75b/0x1340 [ 548.687284][T10463] exc_page_fault+0x6a/0xc0 [ 548.687310][T10463] asm_exc_page_fault+0x26/0x30 [ 548.687332][T10463] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 548.687391][T10463] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 548.687411][T10463] RSP: 0018:ffffc9000dad7538 EFLAGS: 00050202 [ 548.687431][T10463] RAX: ffffffff849c0001 RBX: ffff8880346b206a RCX: 0000000000000a96 [ 548.687448][T10463] RDX: 0000000000000000 RSI: ffff8880346b242a RDI: 0000200000003000 [ 548.687463][T10463] RBP: ffffc9000dad76b0 R08: ffff8880346b2ebf R09: 1ffff110068d65d7 [ 548.687478][T10463] R10: dffffc0000000000 R11: ffffed10068d65d8 R12: 1ffff92001b5af47 [ 548.687495][T10463] R13: 0000200000002c40 R14: ffffc9000dad7a48 R15: 0000000000000e56 [ 548.687528][T10463] ? _copy_to_iter+0x151/0x17d0 [ 548.687567][T10463] _copy_to_iter+0x255/0x17d0 [ 548.687596][T10463] ? __local_bh_enable+0x1e1/0x2f0 [ 548.687633][T10463] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 548.687664][T10463] ? lockdep_hardirqs_on+0x7a/0x110 [ 548.687693][T10463] ? __pfx__copy_to_iter+0x10/0x10 [ 548.687720][T10463] ? __skb_recv_udp+0x673/0x750 [ 548.687780][T10463] ? csum_partial+0x239/0x2c0 [ 548.687827][T10463] ? preempt_count_add+0x91/0x190 [ 548.687861][T10463] __skb_datagram_iter+0xf8/0x980 [ 548.687912][T10463] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 548.687950][T10463] skb_copy_datagram_iter+0xb5/0x270 [ 548.687983][T10463] udp_recvmsg+0x77b/0x10b0 [ 548.688022][T10463] ? __pfx_udp_recvmsg+0x10/0x10 [ 548.688056][T10463] ? sock_rps_record_flow+0x19/0x400 [ 548.688100][T10463] ? __pfx_udp_recvmsg+0x10/0x10 [ 548.688122][T10463] inet_recvmsg+0x218/0x270 [ 548.688142][T10463] ? __lock_acquire+0x6b5/0x2cf0 [ 548.688166][T10463] ? __pfx_inet_recvmsg+0x10/0x10 [ 548.688186][T10463] ? is_bpf_text_address+0x26/0x2b0 [ 548.688222][T10463] ? kernel_text_address+0xa5/0xe0 [ 548.688247][T10463] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 548.688277][T10463] ? security_socket_recvmsg+0x7e/0x2c0 [ 548.688355][T10463] ? __pfx_inet_recvmsg+0x10/0x10 [ 548.688377][T10463] sock_recvmsg+0x155/0x1b0 [ 548.688434][T10463] sock_read_iter+0x25a/0x330 [ 548.688467][T10463] ? __pfx_sock_read_iter+0x10/0x10 [ 548.688528][T10463] do_iter_readv_writev+0x62b/0x8d0 [ 548.688556][T10463] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 548.688590][T10463] ? rw_verify_area+0x2ac/0x4e0 [ 548.688628][T10463] vfs_readv+0x292/0x850 [ 548.688664][T10463] ? __pfx_vfs_readv+0x10/0x10 [ 548.688708][T10463] ? __fget_files+0x2a/0x420 [ 548.688742][T10463] ? __fget_files+0x3a6/0x420 [ 548.688769][T10463] ? __fget_files+0x2a/0x420 [ 548.688808][T10463] do_readv+0x15a/0x2e0 [ 548.688837][T10463] ? __pfx_do_readv+0x10/0x10 [ 548.688876][T10463] do_syscall_64+0x14d/0xf80 [ 548.688897][T10463] ? trace_irq_disable+0x3b/0x150 [ 548.688924][T10463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.688946][T10463] ? clear_bhb_loop+0x40/0x90 [ 548.688974][T10463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.688996][T10463] RIP: 0033:0x7fa4f74fc799 [ 548.689017][T10463] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.689035][T10463] RSP: 002b:00007fa4f574e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 548.689057][T10463] RAX: ffffffffffffffda RBX: 00007fa4f7775fa0 RCX: 00007fa4f74fc799 [ 548.689073][T10463] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 548.689087][T10463] RBP: 00007fa4f574e090 R08: 0000000000000000 R09: 0000000000000000 [ 548.689100][T10463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.689113][T10463] R13: 00007fa4f7776038 R14: 00007fa4f7775fa0 R15: 00007ffd33fa8dc8 [ 548.689149][T10463] [ 551.513873][ T5876] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 551.702138][ T5876] usb 6-1: Using ep0 maxpacket: 32 [ 551.720613][ T5876] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 551.720646][ T5876] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 551.720668][ T5876] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 551.720691][ T5876] usb 6-1: config 1 has no interface number 0 [ 551.720748][ T5876] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 551.720775][ T5876] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 551.720828][ T5876] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 551.720852][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.892480][ T5876] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 552.267810][ T5876] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached [ 553.034217][ T5876] usb 6-1: USB disconnect, device number 9 [ 553.070294][ T5876] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 553.398552][T10524] sctp: [Deprecated]: syz.1.1381 (pid 10524) Use of int in max_burst socket option. [ 553.398552][T10524] Use struct sctp_assoc_value instead [ 553.713801][ T31] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 553.873860][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 553.884278][ T31] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 553.884308][ T31] usb 2-1: config 0 has no interface number 0 [ 553.884354][ T31] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 553.884379][ T31] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 553.884406][ T31] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 553.884429][ T31] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 553.884467][ T31] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 553.884490][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.913405][ T31] usb 2-1: config 0 descriptor?? [ 553.957284][ T31] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 554.142241][ C0] ldusb 2-1:0.55: usb_submit_urb failed (-1) [ 554.148527][ T31] usb 2-1: USB disconnect, device number 19 [ 554.200350][ T31] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 554.580976][T10536] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 554.581006][T10536] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 554.581127][T10536] vhci_hcd vhci_hcd.0: Device attached [ 554.589926][T10536] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(7) [ 554.589955][T10536] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 554.653738][T10536] vhci_hcd vhci_hcd.0: Device attached [ 554.656197][T10544] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(10) [ 554.656225][T10544] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 554.656283][T10544] vhci_hcd vhci_hcd.0: Device attached [ 554.660955][T10536] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(9) [ 554.660982][T10536] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 554.675741][T10536] vhci_hcd vhci_hcd.0: Device attached [ 554.775437][T10544] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(15) [ 554.775469][T10544] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 554.815619][T10544] vhci_hcd vhci_hcd.0: Device attached [ 555.044480][T10536] vhci_hcd vhci_hcd.0: pdev(5) rhport(5) sockfd(18) [ 555.044512][T10536] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 555.044618][T10536] vhci_hcd vhci_hcd.0: Device attached [ 555.051561][T10552] vhci_hcd: connection closed [ 555.051929][ T68] vhci_hcd vhci_hcd.5: stop threads [ 555.051958][ T68] vhci_hcd vhci_hcd.5: release socket [ 555.057772][ T68] vhci_hcd vhci_hcd.5: disconnect device [ 555.093822][ T31] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 555.150703][T10547] vhci_hcd: connection closed [ 555.152190][T10539] vhci_hcd: connection reset by peer [ 555.152403][T10542] vhci_hcd: connection closed [ 555.153501][T10545] vhci_hcd: connection closed [ 555.154101][ T12] vhci_hcd vhci_hcd.5: stop threads [ 555.154125][ T12] vhci_hcd vhci_hcd.5: release socket [ 555.154194][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 555.154646][ T12] vhci_hcd vhci_hcd.5: stop threads [ 555.154660][ T12] vhci_hcd vhci_hcd.5: release socket [ 555.154717][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 555.157282][ T12] vhci_hcd vhci_hcd.5: stop threads [ 555.157298][ T12] vhci_hcd vhci_hcd.5: release socket [ 555.159053][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 555.159542][ T12] vhci_hcd vhci_hcd.5: stop threads [ 555.159557][ T12] vhci_hcd vhci_hcd.5: release socket [ 555.159618][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 555.241424][T10554] vhci_hcd: connection closed [ 555.343764][ T12] vhci_hcd vhci_hcd.5: stop threads [ 555.343793][ T12] vhci_hcd vhci_hcd.5: release socket [ 555.344045][ T12] vhci_hcd vhci_hcd.5: disconnect device [ 556.042513][T10572] batadv_slave_0: entered promiscuous mode [ 556.047015][T10571] batadv_slave_0: left promiscuous mode [ 560.459355][ T31] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 562.926807][T10656] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 563.131769][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.131883][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.254870][T10679] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1428'. [ 565.567235][T10689] loop5: detected capacity change from 0 to 7 [ 565.604984][ C0] blk_print_req_error: 137 callbacks suppressed [ 565.605001][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.605018][ C0] buffer_io_error: 137 callbacks suppressed [ 565.605025][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.613878][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.613919][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.622458][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.622497][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.623735][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.623767][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.627223][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.627256][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.632776][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.632810][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.633742][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.633773][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.633943][T10689] ldm_validate_partition_table(): Disk read failed. [ 565.634441][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.634471][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.643890][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.643922][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.653687][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 565.653721][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 565.655831][T10689] Dev loop5: unable to read RDB block 0 [ 565.713775][T10689] loop5: unable to read partition table [ 565.714012][T10689] loop5: partition table beyond EOD, truncated [ 565.714045][T10689] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 566.822576][T10717] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1441'. [ 566.852970][T10717] Invalid argument reading file caps for ./file0 [ 566.872182][T10718] overlay: ./file0 is not a directory [ 567.244466][T10730] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1445'. [ 567.373887][ T808] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 567.539936][ T808] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 567.539971][ T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.539993][ T808] usb 2-1: Product: syz [ 567.540008][ T808] usb 2-1: Manufacturer: syz [ 567.540025][ T808] usb 2-1: SerialNumber: syz [ 567.610781][ T808] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 567.809719][T10739] FAULT_INJECTION: forcing a failure. [ 567.809719][T10739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.809764][T10739] CPU: 0 UID: 0 PID: 10739 Comm: syz.0.1448 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 567.809795][T10739] Tainted: [L]=SOFTLOCKUP [ 567.809803][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 567.809816][T10739] Call Trace: [ 567.809824][T10739] [ 567.809834][T10739] dump_stack_lvl+0xe8/0x150 [ 567.809874][T10739] should_fail_ex+0x46b/0x600 [ 567.809911][T10739] _copy_from_iter+0x1d3/0x1670 [ 567.809959][T10739] ? __pfx__copy_from_iter+0x10/0x10 [ 567.809990][T10739] ? trace_kmalloc+0x2a/0x110 [ 567.810029][T10739] ? __kmalloc_noprof+0x408/0x7b0 [ 567.810050][T10739] ? kernfs_fop_write_iter+0x159/0x540 [ 567.810154][T10739] kernfs_fop_write_iter+0x19c/0x540 [ 567.810197][T10739] vfs_write+0x629/0xba0 [ 567.810243][T10739] ? __pfx_vfs_write+0x10/0x10 [ 567.810280][T10739] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 567.810340][T10739] ? lockdep_hardirqs_on+0x7a/0x110 [ 567.810367][T10739] ? mutex_lock_nested+0x152/0x1d0 [ 567.810392][T10739] ? fdget_pos+0x252/0x320 [ 567.810429][T10739] ksys_write+0x156/0x270 [ 567.810463][T10739] ? __pfx_ksys_write+0x10/0x10 [ 567.810506][T10739] do_syscall_64+0x14d/0xf80 [ 567.810533][T10739] ? trace_irq_disable+0x3b/0x150 [ 567.810557][T10739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.810579][T10739] ? clear_bhb_loop+0x40/0x90 [ 567.810603][T10739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.810624][T10739] RIP: 0033:0x7fd0f23ac799 [ 567.810644][T10739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 567.810662][T10739] RSP: 002b:00007fd0f05fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 567.810686][T10739] RAX: ffffffffffffffda RBX: 00007fd0f2625fa0 RCX: 00007fd0f23ac799 [ 567.810703][T10739] RDX: 000000000000002f RSI: 0000200000000080 RDI: 0000000000000004 [ 567.810717][T10739] RBP: 00007fd0f05fe090 R08: 0000000000000000 R09: 0000000000000000 [ 567.810730][T10739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.810744][T10739] R13: 00007fd0f2626038 R14: 00007fd0f2625fa0 R15: 00007ffda8a9b2c8 [ 567.810781][T10739] [ 568.152787][ T5876] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 568.232028][T10744] FAULT_INJECTION: forcing a failure. [ 568.232028][T10744] name failslab, interval 1, probability 0, space 0, times 0 [ 568.232070][T10744] CPU: 1 UID: 0 PID: 10744 Comm: syz.0.1450 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 568.232100][T10744] Tainted: [L]=SOFTLOCKUP [ 568.232108][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 568.232120][T10744] Call Trace: [ 568.232128][T10744] [ 568.232138][T10744] dump_stack_lvl+0xe8/0x150 [ 568.232173][T10744] should_fail_ex+0x46b/0x600 [ 568.232209][T10744] should_failslab+0xa8/0x100 [ 568.232231][T10744] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 568.232263][T10744] ? __alloc_skb+0x1d0/0x7d0 [ 568.232294][T10744] ? lockdep_hardirqs_on+0x7a/0x110 [ 568.232324][T10744] __alloc_skb+0x1d0/0x7d0 [ 568.232350][T10744] netlink_sendmsg+0x5d4/0xb40 [ 568.232393][T10744] ? __pfx_netlink_sendmsg+0x10/0x10 [ 568.232427][T10744] ? unwind_get_return_address+0x4d/0x90 [ 568.232452][T10744] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 568.232488][T10744] ____sys_sendmsg+0x94c/0x9c0 [ 568.232520][T10744] ? __pfx_____sys_sendmsg+0x10/0x10 [ 568.232556][T10744] ? import_iovec+0x73/0xa0 [ 568.232593][T10744] ___sys_sendmsg+0x2a5/0x360 [ 568.232621][T10744] ? __pfx____sys_sendmsg+0x10/0x10 [ 568.232683][T10744] ? __fget_files+0x2a/0x420 [ 568.232710][T10744] ? __fget_files+0x3a6/0x420 [ 568.232749][T10744] __x64_sys_sendmsg+0x1c3/0x2a0 [ 568.232777][T10744] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 568.232809][T10744] ? __pfx_ksys_write+0x10/0x10 [ 568.232854][T10744] do_syscall_64+0x14d/0xf80 [ 568.232876][T10744] ? trace_irq_disable+0x3b/0x150 [ 568.232899][T10744] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.232922][T10744] ? clear_bhb_loop+0x40/0x90 [ 568.232949][T10744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.232968][T10744] RIP: 0033:0x7fd0f23ac799 [ 568.232988][T10744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.233006][T10744] RSP: 002b:00007fd0f05fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.233029][T10744] RAX: ffffffffffffffda RBX: 00007fd0f2625fa0 RCX: 00007fd0f23ac799 [ 568.233044][T10744] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 568.233058][T10744] RBP: 00007fd0f05fe090 R08: 0000000000000000 R09: 0000000000000000 [ 568.233071][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.233084][T10744] R13: 00007fd0f2626038 R14: 00007fd0f2625fa0 R15: 00007ffda8a9b2c8 [ 568.233119][T10744] [ 568.255768][ T37] kauditd_printk_skb: 15 callbacks suppressed [ 568.255791][ T37] audit: type=1800 audit(1774871596.743:543): pid=10741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1449" name="eth0" dev="tmpfs" ino=1586 res=0 errno=0 [ 568.354380][ C0] usb 2-1: ath9k_htc: invalid pkt_len (fef1) [ 568.583793][ T880] usb 2-1: USB disconnect, device number 20 [ 569.196511][T10762] FAULT_INJECTION: forcing a failure. [ 569.196511][T10762] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.196548][T10762] CPU: 0 UID: 0 PID: 10762 Comm: syz.0.1457 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 569.196573][T10762] Tainted: [L]=SOFTLOCKUP [ 569.196580][T10762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 569.196590][T10762] Call Trace: [ 569.196597][T10762] [ 569.196605][T10762] dump_stack_lvl+0xe8/0x150 [ 569.196636][T10762] should_fail_ex+0x46b/0x600 [ 569.196665][T10762] _copy_to_user+0x31/0xb0 [ 569.196684][T10762] simple_read_from_buffer+0xe1/0x170 [ 569.196712][T10762] proc_fail_nth_read+0x1be/0x230 [ 569.196737][T10762] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 569.196762][T10762] ? rw_verify_area+0x2ac/0x4e0 [ 569.196788][T10762] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 569.196810][T10762] vfs_read+0x212/0xa80 [ 569.196844][T10762] ? __pfx_vfs_read+0x10/0x10 [ 569.196872][T10762] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 569.196891][T10762] ? lockdep_hardirqs_on+0x7a/0x110 [ 569.196910][T10762] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 569.196929][T10762] ? mutex_lock_nested+0x152/0x1d0 [ 569.196951][T10762] ? fdget_pos+0x252/0x320 [ 569.196981][T10762] ksys_read+0x156/0x270 [ 569.197009][T10762] ? __pfx_ksys_read+0x10/0x10 [ 569.197045][T10762] do_syscall_64+0x14d/0xf80 [ 569.197074][T10762] ? trace_irq_disable+0x3b/0x150 [ 569.197094][T10762] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.197111][T10762] ? clear_bhb_loop+0x40/0x90 [ 569.197133][T10762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.197150][T10762] RIP: 0033:0x7fd0f236cfce [ 569.197167][T10762] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 569.197183][T10762] RSP: 002b:00007fd0f05fdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 569.197202][T10762] RAX: ffffffffffffffda RBX: 00007fd0f05fe6c0 RCX: 00007fd0f236cfce [ 569.197215][T10762] RDX: 000000000000000f RSI: 00007fd0f05fe0a0 RDI: 0000000000000003 [ 569.197226][T10762] RBP: 00007fd0f05fe090 R08: 0000000000000000 R09: 0000000000000000 [ 569.197237][T10762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.197248][T10762] R13: 00007fd0f2626038 R14: 00007fd0f2625fa0 R15: 00007ffda8a9b2c8 [ 569.197278][T10762] [ 569.413643][ T5876] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 569.414640][ T5876] ath9k_htc: Failed to initialize the device [ 569.418920][ T880] usb 2-1: ath9k_htc: USB layer deinitialized [ 570.417464][T10794] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1467'. [ 570.417495][T10794] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1467'. [ 571.727947][T10804] FAULT_INJECTION: forcing a failure. [ 571.727947][T10804] name failslab, interval 1, probability 0, space 0, times 0 [ 571.727974][T10804] CPU: 0 UID: 0 PID: 10804 Comm: syz.5.1470 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 571.727992][T10804] Tainted: [L]=SOFTLOCKUP [ 571.727997][T10804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 571.728004][T10804] Call Trace: [ 571.728009][T10804] [ 571.728015][T10804] dump_stack_lvl+0xe8/0x150 [ 571.728038][T10804] should_fail_ex+0x46b/0x600 [ 571.728057][T10804] should_failslab+0xa8/0x100 [ 571.728071][T10804] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 571.728090][T10804] ? __alloc_skb+0x1d0/0x7d0 [ 571.728101][T10804] ? lockdep_hardirqs_on+0x7a/0x110 [ 571.728117][T10804] __alloc_skb+0x1d0/0x7d0 [ 571.728131][T10804] netlink_sendmsg+0x5d4/0xb40 [ 571.728155][T10804] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.728174][T10804] ? unwind_get_return_address+0x4d/0x90 [ 571.728188][T10804] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 571.728209][T10804] ____sys_sendmsg+0x94c/0x9c0 [ 571.728226][T10804] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.728253][T10804] ? import_iovec+0x73/0xa0 [ 571.728274][T10804] ___sys_sendmsg+0x2a5/0x360 [ 571.728290][T10804] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.728322][T10804] ? __fget_files+0x2a/0x420 [ 571.728337][T10804] ? __fget_files+0x3a6/0x420 [ 571.728358][T10804] __x64_sys_sendmsg+0x1c3/0x2a0 [ 571.728373][T10804] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 571.728392][T10804] ? __pfx_ksys_write+0x10/0x10 [ 571.728416][T10804] do_syscall_64+0x14d/0xf80 [ 571.728429][T10804] ? trace_irq_disable+0x3b/0x150 [ 571.728443][T10804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.728455][T10804] ? clear_bhb_loop+0x40/0x90 [ 571.728469][T10804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.728481][T10804] RIP: 0033:0x7fa4f74fc799 [ 571.728493][T10804] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.728504][T10804] RSP: 002b:00007fa4f574e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.728519][T10804] RAX: ffffffffffffffda RBX: 00007fa4f7775fa0 RCX: 00007fa4f74fc799 [ 571.728528][T10804] RDX: 0000000000008084 RSI: 0000200000000040 RDI: 0000000000000003 [ 571.728535][T10804] RBP: 00007fa4f574e090 R08: 0000000000000000 R09: 0000000000000000 [ 571.728543][T10804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 571.728550][T10804] R13: 00007fa4f7776038 R14: 00007fa4f7775fa0 R15: 00007ffd33fa8dc8 [ 571.728568][T10804] [ 577.354665][T10835] netlink: 108 bytes leftover after parsing attributes in process `syz.5.1478'. [ 577.354694][T10835] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1478'. [ 578.093784][ T880] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 578.196191][T10856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'. [ 578.251954][ T880] usb 2-1: unable to get BOS descriptor or descriptor too short [ 578.262089][ T880] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 185, changing to 7 [ 578.287328][ T880] usb 2-1: string descriptor 0 read error: -22 [ 578.287509][ T880] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 578.287535][ T880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.383236][ T880] usb 2-1: selecting invalid altsetting 1 [ 578.392294][ T880] usb 2-1: unit 3 not found! [ 578.801254][ T880] usb 2-1: cannot request logical cluster ID: 35217 (err: -5) [ 578.801286][ T880] usb 2-1: invalid MIXER UNIT descriptor 6 [ 578.801900][ T880] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -5 [ 578.832413][ T880] usb 2-1: selecting invalid altsetting 1 [ 578.833402][ T880] usb 2-1: unit 3 not found! [ 580.144022][ T880] usb 2-1: cannot request logical cluster ID: 35217 (err: -71) [ 580.144053][ T880] usb 2-1: invalid MIXER UNIT descriptor 6 [ 580.144682][ T880] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -71 [ 580.201441][ T880] usb 2-1: selecting invalid altsetting 1 [ 580.202472][ T880] usb 2-1: unit 3 not found! [ 580.203035][ T880] usb 2-1: cannot request logical cluster ID: 35217 (err: -71) [ 580.203059][ T880] usb 2-1: invalid MIXER UNIT descriptor 6 [ 580.375604][ T880] snd-usb-audio 2-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 580.381481][ T880] usb 2-1: USB disconnect, device number 21 [ 581.644320][T10914] FAULT_INJECTION: forcing a failure. [ 581.644320][T10914] name failslab, interval 1, probability 0, space 0, times 0 [ 581.644360][T10914] CPU: 0 UID: 0 PID: 10914 Comm: syz.2.1503 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 581.644388][T10914] Tainted: [L]=SOFTLOCKUP [ 581.644395][T10914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 581.644407][T10914] Call Trace: [ 581.644415][T10914] [ 581.644428][T10914] dump_stack_lvl+0xe8/0x150 [ 581.644463][T10914] should_fail_ex+0x46b/0x600 [ 581.644494][T10914] should_failslab+0xa8/0x100 [ 581.644519][T10914] __kmalloc_noprof+0xdf/0x7b0 [ 581.644537][T10914] ? __lock_acquire+0x6b5/0x2cf0 [ 581.644558][T10914] ? bpf_test_init+0x9f/0x150 [ 581.644655][T10914] bpf_test_init+0x9f/0x150 [ 581.644688][T10914] bpf_prog_test_run_skb+0x36f/0x1c90 [ 581.644732][T10914] ? __fget_files+0x2a/0x420 [ 581.644759][T10914] ? __fget_files+0x3a6/0x420 [ 581.644787][T10914] ? __fget_files+0x2a/0x420 [ 581.644817][T10914] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 581.644849][T10914] bpf_prog_test_run+0x2cd/0x340 [ 581.644919][T10914] __sys_bpf+0x643/0x950 [ 581.644949][T10914] ? __pfx___sys_bpf+0x10/0x10 [ 581.644974][T10914] ? rt_mutex_slowunlock+0x1cb/0x300 [ 581.645018][T10914] ? ksys_write+0x248/0x270 [ 581.645052][T10914] ? __pfx_ksys_write+0x10/0x10 [ 581.645091][T10914] __x64_sys_bpf+0x7c/0x90 [ 581.645116][T10914] do_syscall_64+0x14d/0xf80 [ 581.645137][T10914] ? trace_irq_disable+0x3b/0x150 [ 581.645160][T10914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.645180][T10914] ? clear_bhb_loop+0x40/0x90 [ 581.645205][T10914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.645227][T10914] RIP: 0033:0x7f496b84c799 [ 581.645248][T10914] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.645267][T10914] RSP: 002b:00007f4969a9e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 581.645290][T10914] RAX: ffffffffffffffda RBX: 00007f496bac5fa0 RCX: 00007f496b84c799 [ 581.645306][T10914] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 581.645320][T10914] RBP: 00007f4969a9e090 R08: 0000000000000000 R09: 0000000000000000 [ 581.645333][T10914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 581.645347][T10914] R13: 00007f496bac6038 R14: 00007f496bac5fa0 R15: 00007ffe4f9b8c98 [ 581.645381][T10914] [ 582.911449][T10937] binder: BINDER_SET_CONTEXT_MGR already set [ 582.911467][T10937] binder: 10934:10937 ioctl 4018620d 200000004a80 returned -16 [ 584.178702][ T5804] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 584.433734][ T5804] usb 1-1: Using ep0 maxpacket: 32 [ 584.436220][ T5804] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 584.436250][ T5804] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 584.436271][ T5804] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 584.436294][ T5804] usb 1-1: config 1 has no interface number 0 [ 584.436360][ T5804] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 584.436388][ T5804] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 584.436434][ T5804] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 584.436460][ T5804] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.551059][ T5804] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 584.812834][ T5804] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 585.622324][ T880] usb 1-1: USB disconnect, device number 23 [ 585.625409][ T880] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 586.095952][T10971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1524'. [ 586.207821][T10971] : entered promiscuous mode [ 586.476829][ T31] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 586.630425][ T31] usb 3-1: unable to get BOS descriptor or descriptor too short [ 586.632535][ T31] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 586.644902][ T31] usb 3-1: string descriptor 0 read error: -22 [ 586.645073][ T31] usb 3-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 586.645099][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.706412][ T31] usb 3-1: selecting invalid altsetting 1 [ 586.707808][ T31] usb 3-1: unit 3 not found! [ 586.894384][ T31] usb 3-1: cannot request logical cluster ID: 35217 (err: -5) [ 586.894414][ T31] usb 3-1: invalid MIXER UNIT descriptor 6 [ 586.902430][ T31] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -5 [ 586.952592][ T31] usb 3-1: selecting invalid altsetting 1 [ 586.957438][ T31] usb 3-1: unit 3 not found! [ 587.095931][ T31] usb 3-1: cannot request logical cluster ID: 35217 (err: -71) [ 587.095961][ T31] usb 3-1: invalid MIXER UNIT descriptor 6 [ 587.097808][ T31] snd-usb-audio 3-1:1.1: probe with driver snd-usb-audio failed with error -71 [ 587.133933][ T31] usb 3-1: selecting invalid altsetting 1 [ 587.134911][ T31] usb 3-1: unit 3 not found! [ 587.135787][ T31] usb 3-1: cannot request logical cluster ID: 35217 (err: -71) [ 587.135808][ T31] usb 3-1: invalid MIXER UNIT descriptor 6 [ 587.401301][ T31] snd-usb-audio 3-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 587.429184][ T31] usb 3-1: USB disconnect, device number 35 [ 587.832777][T11002] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 587.854371][T11002] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1536'. [ 588.024209][T11007] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1537'. [ 588.152816][T11010] bond0: option min_links: invalid value (18446744073709549906) [ 588.152847][T11010] bond0: option min_links: allowed values 0 - 2147483647 [ 588.414229][T11017] binder: BINDER_SET_CONTEXT_MGR already set [ 588.414248][T11017] binder: 11014:11017 ioctl 4018620d 200000004a80 returned -16 [ 589.443763][ T5804] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 589.630016][ T5804] usb 2-1: unable to get BOS descriptor or descriptor too short [ 589.631581][ T5804] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 589.637891][ T5804] usb 2-1: string descriptor 0 read error: -22 [ 589.638021][ T5804] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 589.638037][ T5804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.740447][ T5804] usb 2-1: selecting invalid altsetting 1 [ 589.741270][ T5804] usb 2-1: unit 3 not found! [ 589.901352][ T5804] usb 2-1: cannot request logical cluster ID: 35217 (err: -5) [ 589.901384][ T5804] usb 2-1: invalid MIXER UNIT descriptor 6 [ 589.902101][ T5804] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -5 [ 589.928080][ T5804] usb 2-1: selecting invalid altsetting 1 [ 589.929075][ T5804] usb 2-1: unit 3 not found! [ 590.115195][ T5804] usb 2-1: cannot request logical cluster ID: 35217 (err: -71) [ 590.115227][ T5804] usb 2-1: invalid MIXER UNIT descriptor 6 [ 590.115872][ T5804] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -71 [ 590.121466][ T5804] usb 2-1: selecting invalid altsetting 1 [ 590.167104][ T5804] usb 2-1: unit 3 not found! [ 590.169107][ T5804] usb 2-1: cannot request logical cluster ID: 35217 (err: -71) [ 590.169133][ T5804] usb 2-1: invalid MIXER UNIT descriptor 6 [ 591.464982][ T5804] snd-usb-audio 2-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 591.484982][ T5804] usb 2-1: USB disconnect, device number 22 [ 591.579923][ T5795] udevd[5795]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 591.883761][ T5804] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 591.930813][T11054] binder: BINDER_SET_CONTEXT_MGR already set [ 591.930831][T11054] binder: 11050:11054 ioctl 4018620d 200000004a80 returned -16 [ 592.038238][ T5804] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 592.038267][ T5804] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 592.039681][ T5804] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 592.039710][ T5804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 592.039820][ T5804] usb 5-1: SerialNumber: syz [ 592.286739][ T5804] usb 5-1: 0:2 : does not exist [ 592.442059][ T5804] usb 5-1: USB disconnect, device number 30 [ 592.628892][ T5795] udevd[5795]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 593.703754][ T5804] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 593.861449][ T5804] usb 5-1: unable to get BOS descriptor or descriptor too short [ 593.863231][ T5804] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 593.901542][ T5804] usb 5-1: string descriptor 0 read error: -22 [ 593.901698][ T5804] usb 5-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 593.901726][ T5804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.944280][ T6814] Bluetooth: Unexpected start frame (len 18) [ 593.952811][ T5804] usb 5-1: selecting invalid altsetting 1 [ 593.965922][ T5804] usb 5-1: unit 3 not found! [ 594.145189][ T5804] usb 5-1: cannot request logical cluster ID: 35217 (err: -5) [ 594.145222][ T5804] usb 5-1: invalid MIXER UNIT descriptor 6 [ 594.145885][ T5804] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -5 [ 594.184134][ T5804] usb 5-1: selecting invalid altsetting 1 [ 594.185091][ T5804] usb 5-1: unit 3 not found! [ 594.345355][ T5804] usb 5-1: cannot request logical cluster ID: 35217 (err: -71) [ 594.345386][ T5804] usb 5-1: invalid MIXER UNIT descriptor 6 [ 594.346016][ T5804] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -71 [ 594.357598][ T5804] usb 5-1: selecting invalid altsetting 1 [ 594.358567][ T5804] usb 5-1: unit 3 not found! [ 594.366286][ T5804] usb 5-1: cannot request logical cluster ID: 35217 (err: -71) [ 594.366316][ T5804] usb 5-1: invalid MIXER UNIT descriptor 6 [ 594.463764][ T5948] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 594.551134][ T5804] snd-usb-audio 5-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 594.574008][ T5804] usb 5-1: USB disconnect, device number 31 [ 594.613694][ T5948] usb 2-1: Using ep0 maxpacket: 32 [ 594.615642][ T5948] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 594.615667][ T5948] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 594.615687][ T5948] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 594.615706][ T5948] usb 2-1: config 1 has no interface number 0 [ 594.615750][ T5948] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 594.615775][ T5948] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 594.615814][ T5948] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 594.615835][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.671481][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 594.918207][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 595.527750][ T37] audit: type=1326 audit(1774871624.023:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11097 comm="syz.2.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 595.527810][ T37] audit: type=1326 audit(1774871624.033:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11097 comm="syz.2.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 596.483909][ T5948] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 596.513703][ T37] audit: type=1326 audit(1774871625.013:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11097 comm="syz.2.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 596.633890][ T37] audit: type=1326 audit(1774871625.133:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11097 comm="syz.2.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 596.634204][ T37] audit: type=1326 audit(1774871625.143:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11097 comm="syz.2.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 597.013793][ T5948] usb 2-1: USB disconnect, device number 23 [ 597.016441][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 597.140161][ T6814] Bluetooth: Unexpected start frame (len 18) [ 599.004483][ T5804] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 599.107032][T11136] netlink: 'syz.4.1589': attribute type 4 has an invalid length. [ 599.153728][ T5804] usb 6-1: Using ep0 maxpacket: 32 [ 599.161133][ T5804] usb 6-1: no configurations [ 599.161157][ T5804] usb 6-1: can't read configurations, error -22 [ 599.293823][ T5804] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 600.643736][ T5804] usb 6-1: Using ep0 maxpacket: 32 [ 600.651291][ T5804] usb 6-1: no configurations [ 600.651305][ T5804] usb 6-1: can't read configurations, error -22 [ 600.657006][ T5804] usb usb6-port1: attempt power cycle [ 600.774480][T11148] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1594'. [ 600.774510][T11148] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1594'. [ 600.832481][ T6814] Bluetooth: Unexpected start frame (len 18) [ 601.073860][ T5804] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 601.330422][ T5804] usb 6-1: Using ep0 maxpacket: 32 [ 601.332489][ T5804] usb 6-1: no configurations [ 601.332509][ T5804] usb 6-1: can't read configurations, error -22 [ 602.304202][ T5804] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 602.610383][T11165] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 603.562679][T11179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1607'. [ 604.680830][ T6814] Bluetooth: Unexpected start frame (len 18) [ 607.372986][ T5804] usb 6-1: device descriptor read/8, error -110 [ 607.485058][ T5804] usb usb6-port1: unable to enumerate USB device [ 607.703822][ T5948] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 607.853726][ T5948] usb 2-1: Using ep0 maxpacket: 32 [ 607.862609][ T5948] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 607.862651][ T5948] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 607.862673][ T5948] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 607.862695][ T5948] usb 2-1: config 1 has no interface number 0 [ 607.862733][ T5948] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 607.862748][ T5948] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 607.862774][ T5948] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 607.862787][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.343488][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 609.386291][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 610.282092][ T5948] usb 2-1: USB disconnect, device number 24 [ 610.285213][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 610.393745][ T5804] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 610.555260][ T5804] usb 6-1: Using ep0 maxpacket: 8 [ 610.560199][ T5804] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 610.560258][ T5804] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 610.560282][ T5804] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 610.560306][ T5804] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 610.560332][ T5804] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 610.560378][ T5804] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 610.560401][ T5804] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.790736][ T5804] usb 6-1: usb_control_msg returned -32 [ 610.790771][ T5804] usbtmc 6-1:16.0: can't read capabilities [ 611.801658][T11254] usbtmc 6-1:16.0: CHECK_CLEAR_STATUS returned 8 [ 612.656259][ T5906] usb 6-1: USB disconnect, device number 14 [ 613.523711][ T37] audit: type=1326 audit(1774871642.013:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.523777][ T37] audit: type=1326 audit(1774871642.013:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.525678][ T37] audit: type=1326 audit(1774871642.013:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.525735][ T37] audit: type=1326 audit(1774871642.013:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.525784][ T37] audit: type=1326 audit(1774871642.013:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.525837][ T37] audit: type=1326 audit(1774871642.013:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.534403][ T37] audit: type=1326 audit(1774871642.013:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.534439][ T37] audit: type=1326 audit(1774871642.023:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.534468][ T37] audit: type=1326 audit(1774871642.023:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f496b84c799 code=0x7ffc0000 [ 613.534497][ T37] audit: type=1326 audit(1774871642.033:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.2.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f496b84c502 code=0x7ffc0000 [ 614.033283][T11271] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 615.795380][T11285] syz_tun: entered allmulticast mode [ 615.797403][T11283] syz_tun: left allmulticast mode [ 616.655846][T11290] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1640'. [ 618.264323][T11301] block nbd4: NBD_DISCONNECT [ 621.727473][T11330] bridge_slave_0: left allmulticast mode [ 621.727504][T11330] bridge_slave_0: left promiscuous mode [ 621.731321][T11330] bridge0: port 1(bridge_slave_0) entered disabled state [ 621.897502][T11330] bridge_slave_1: left allmulticast mode [ 621.897537][T11330] bridge_slave_1: left promiscuous mode [ 621.897817][T11330] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.045779][T11330] bond0: (slave bond_slave_0): Releasing backup interface [ 622.355201][T11330] bond0: (slave bond_slave_1): Releasing backup interface [ 622.567169][T11330] team0: Port device team_slave_0 removed [ 622.639768][T11330] team0: Port device team_slave_1 removed [ 622.640988][T11330] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 622.641016][T11330] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 622.687272][T11330] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 622.687292][T11330] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 622.756532][T11330] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 622.803789][ T5876] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 622.986028][ T5876] usb 3-1: config 1 interface 0 has no altsetting 0 [ 622.990422][ T5876] usb 3-1: string descriptor 0 read error: -22 [ 622.990588][ T5876] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.40 [ 622.990614][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.659460][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659501][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659528][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659553][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659579][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659604][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659631][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659655][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659681][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 623.659706][ T5876] logitech 0003:046D:C295.000F: unknown main item tag 0x0 [ 624.294124][ T5876] logitech 0003:046D:C295.000F: hidraw0: USB HID vfd.7f Device [HID 046d:c295] on usb-dummy_hcd.2-1/input0 [ 624.294164][ T5876] logitech 0003:046D:C295.000F: no inputs found [ 624.464511][T11359] kvm: pic: non byte read [ 624.464625][T11359] kvm: pic: non byte read [ 624.464724][T11359] kvm: pic: non byte read [ 624.464814][T11359] kvm: pic: non byte read [ 624.464903][T11359] kvm: pic: non byte read [ 624.464992][T11359] kvm: pic: non byte read [ 624.465082][T11359] kvm: pic: non byte read [ 624.465171][T11359] kvm: pic: non byte read [ 624.465260][T11359] kvm: pic: non byte read [ 624.465349][T11359] kvm: pic: non byte read [ 624.554363][T11361] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 624.573163][ T31] usb 3-1: USB disconnect, device number 36 [ 624.582801][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.582881][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.894147][T11366] fido_id[11366]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 626.128825][T11337] Process accounting resumed [ 626.183756][ T1841] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 626.652858][ T1841] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 626.652890][ T1841] usb 1-1: config 1 has no interface number 0 [ 626.652941][ T1841] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 32 [ 626.652969][ T1841] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0xD has invalid maxpacket 8 [ 626.652994][ T1841] usb 1-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0xD, skipping [ 626.676266][ T1841] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 626.676298][ T1841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.676316][ T1841] usb 1-1: Product: syz [ 626.676329][ T1841] usb 1-1: Manufacturer: syz [ 626.676342][ T1841] usb 1-1: SerialNumber: syz [ 626.731186][T11371] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 626.731522][T11371] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 626.785263][ T1841] usb 1-1: Expected 3 endpoints, found: 2 [ 626.984436][ T31] usb 1-1: USB disconnect, device number 24 [ 627.674518][T11392] input: syz1 as /devices/virtual/input/input22 [ 629.591795][T11399] autofs4:pid:11399:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 631.053791][ T31] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 631.696841][ T31] usb 3-1: config 1 interface 0 has no altsetting 0 [ 631.711754][ T31] usb 3-1: string descriptor 0 read error: -22 [ 631.711937][ T31] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.40 [ 631.711965][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.192843][ T31] usbhid 3-1:1.0: can't add hid device: -71 [ 632.192985][ T31] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 632.209312][ T31] usb 3-1: USB disconnect, device number 37 [ 632.455932][T11418] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 632.455964][T11418] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 632.456061][T11418] vhci_hcd vhci_hcd.0: Device attached [ 632.558767][T11419] vhci_hcd: connection closed [ 632.559349][ T1335] vhci_hcd vhci_hcd.4: stop threads [ 632.559378][ T1335] vhci_hcd vhci_hcd.4: release socket [ 632.559419][ T1335] vhci_hcd vhci_hcd.4: disconnect device [ 633.890330][T11424] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 633.915831][ T170] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 633.915908][ T170] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 633.915987][ T170] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 633.916031][ T170] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 636.148514][ T37] kauditd_printk_skb: 32 callbacks suppressed [ 636.148538][ T37] audit: type=1804 audit(1774871664.623:591): pid=11450 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1694" name="/newroot/335/file1" dev="fuse" ino=1 res=1 errno=0 [ 636.253779][ T5948] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 636.395361][ T5876] hid_parser_main: 4007 callbacks suppressed [ 636.395388][ T5876] hid-generic 0003:0004:0000.0010: unknown main item tag 0x0 [ 636.395422][ T5876] hid-generic 0003:0004:0000.0010: unknown main item tag 0x0 [ 636.395448][ T5876] hid-generic 0003:0004:0000.0010: unknown main item tag 0x0 [ 636.408070][ T5948] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 636.408100][ T5948] usb 5-1: config 0 has no interface number 0 [ 636.456687][ T5948] usb 5-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 636.456720][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.456741][ T5948] usb 5-1: Product: syz [ 636.456756][ T5948] usb 5-1: Manufacturer: syz [ 636.456771][ T5948] usb 5-1: SerialNumber: syz [ 636.525594][ T5948] usb 5-1: config 0 descriptor?? [ 636.530161][ T5876] hid-generic 0003:0004:0000.0010: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 636.585216][ T5906] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 636.591523][ T5948] usb 5-1: selecting invalid altsetting 1 [ 636.610656][ T5948] dvb_ttusb_budget: ttusb_init_controller: error [ 636.610679][ T5948] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 636.717579][T11459] fido_id[11459]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 636.784606][ T5906] usb 6-1: config 1 interface 0 has no altsetting 0 [ 636.790109][ T5906] usb 6-1: string descriptor 0 read error: -22 [ 636.790275][ T5906] usb 6-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.40 [ 636.790300][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.931579][ T5948] DVB: Unable to find symbol stv0299_attach() [ 637.001381][ T5948] DVB: Unable to find symbol tda8083_attach() [ 637.001398][ T5948] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 637.029439][ T5948] usb 5-1: USB disconnect, device number 32 [ 637.568638][ C0] raw-gadget.1 gadget.5: ignoring, device is not running [ 637.569055][ T5906] usbhid 6-1:1.0: can't add hid device: -32 [ 637.569196][ T5906] usbhid 6-1:1.0: probe with driver usbhid failed with error -32 [ 637.603268][ T5906] usb 6-1: USB disconnect, device number 15 [ 641.968146][T11516] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 642.411102][T11522] hub 9-0:1.0: USB hub found [ 642.414961][T11522] hub 9-0:1.0: 1 port detected [ 645.375288][T11540] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 647.630578][T11575] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 648.023727][ T31] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 648.134380][T11581] syzkaller0: entered promiscuous mode [ 648.134413][T11581] syzkaller0: entered allmulticast mode [ 648.189263][ T31] usb 6-1: config 0 has no interfaces? [ 648.192065][ T31] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 648.192085][ T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 648.192098][ T31] usb 6-1: Product: syz [ 648.192106][ T31] usb 6-1: Manufacturer: syz [ 648.192115][ T31] usb 6-1: SerialNumber: syz [ 648.261183][ T31] usb 6-1: config 0 descriptor?? [ 651.250520][ T808] usb 6-1: USB disconnect, device number 16 [ 653.004039][ T5948] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 653.156630][ T5948] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 653.156676][ T5948] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 653.156700][ T5948] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 653.156742][ T5948] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 653.156768][ T5948] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.274708][ T5948] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 653.805243][T11632] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 653.805266][T11632] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 653.807621][T11632] vhci_hcd vhci_hcd.0: Device attached [ 653.855054][T11635] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1746'. [ 654.492009][T11625] syzkaller0: entered promiscuous mode [ 654.492044][T11625] syzkaller0: entered allmulticast mode [ 654.974104][ T5876] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 654.974284][ T808] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 654.981481][ T5948] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 655.131801][ T808] usb 2-1: config 0 has no interfaces? [ 655.133039][ T808] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 655.133068][ T808] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 655.133088][ T808] usb 2-1: Manufacturer: syz [ 655.173240][ T808] usb 2-1: config 0 descriptor?? [ 655.410466][T11636] usb 35-1: recv xbuf, 0 [ 655.428520][ T5948] usb 2-1: USB disconnect, device number 25 [ 655.444927][ T1042] vhci_hcd vhci_hcd.1: stop threads [ 655.444956][ T1042] vhci_hcd vhci_hcd.1: release socket [ 655.445044][ T1042] vhci_hcd vhci_hcd.1: disconnect device [ 655.451357][T11653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 655.477941][ T5876] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 656.093308][ T808] usb 6-1: USB disconnect, device number 17 [ 657.570555][T11674] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 657.999390][ T37] audit: type=1804 audit(1774871686.493:592): pid=11683 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1768" name="/newroot/340/file1" dev="fuse" ino=1 res=1 errno=0 [ 668.779355][ T5806] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 668.797444][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 668.798978][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 668.800564][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 668.801441][ T5806] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 669.895908][T11716] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 670.037511][ T37] audit: type=1804 audit(1774871698.503:593): pid=11724 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.1779" name="/newroot/202/file1" dev="fuse" ino=1 res=1 errno=0 [ 670.883762][ T5806] Bluetooth: hci1: command tx timeout [ 671.135837][T11754] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 671.244141][ T5806] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 671.244175][ T5806] CPU: 1 UID: 0 PID: 5806 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 671.244208][ T5806] Tainted: [L]=SOFTLOCKUP [ 671.244217][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 671.244231][ T5806] Workqueue: hci2 hci_rx_work [ 671.244314][ T5806] Call Trace: [ 671.244322][ T5806] [ 671.244332][ T5806] dump_stack_lvl+0xe8/0x150 [ 671.244371][ T5806] sysfs_create_dir_ns+0x271/0x2a0 [ 671.244427][ T5806] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 671.244465][ T5806] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 671.244495][ T5806] ? rt_spin_unlock+0x160/0x200 [ 671.244530][ T5806] kobject_add_internal+0x631/0xd10 [ 671.244598][ T5806] kobject_add+0x163/0x240 [ 671.244630][ T5806] ? __pfx_kobject_add+0x10/0x10 [ 671.244666][ T5806] ? get_device_parent+0x370/0x3a0 [ 671.244747][ T5806] device_add+0x408/0xb80 [ 671.244781][ T5806] hci_conn_add_sysfs+0xd5/0x210 [ 671.244860][ T5806] le_conn_complete_evt+0xf1d/0x1430 [ 671.244928][ T5806] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 671.244959][ T5806] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 671.244985][ T5806] ? lockdep_hardirqs_on+0x7a/0x110 [ 671.245013][ T5806] ? skb_pull_data+0xfb/0x200 [ 671.245051][ T5806] hci_le_conn_complete_evt+0x187/0x470 [ 671.245088][ T5806] hci_event_packet+0x7af/0x12c0 [ 671.245160][ T5806] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 671.245187][ T5806] ? __pfx_hci_event_packet+0x10/0x10 [ 671.245222][ T5806] ? rt_spin_unlock+0x14f/0x200 [ 671.245265][ T5806] ? hci_send_to_monitor+0xe2/0x590 [ 671.245299][ T5806] hci_rx_work+0x3ee/0x1030 [ 671.245328][ T5806] ? process_scheduled_works+0xa8d/0x18c0 [ 671.245361][ T5806] process_scheduled_works+0xb6e/0x18c0 [ 671.245428][ T5806] ? __pfx_process_scheduled_works+0x10/0x10 [ 671.245466][ T5806] ? assign_work+0x3d5/0x5e0 [ 671.245501][ T5806] worker_thread+0xa53/0xfc0 [ 671.245566][ T5806] kthread+0x388/0x470 [ 671.245591][ T5806] ? __pfx_worker_thread+0x10/0x10 [ 671.245621][ T5806] ? __pfx_kthread+0x10/0x10 [ 671.245647][ T5806] ret_from_fork+0x51e/0xb90 [ 671.245683][ T5806] ? __pfx_ret_from_fork+0x10/0x10 [ 671.245714][ T5806] ? __switch_to+0xc7d/0x1450 [ 671.245747][ T5806] ? __pfx_kthread+0x10/0x10 [ 671.245774][ T5806] ret_from_fork_asm+0x1a/0x30 [ 671.245816][ T5806] [ 671.248875][ T5806] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 671.248928][ T5806] Bluetooth: hci2: failed to register connection device [ 671.628028][T11706] chnl_net:caif_netlink_parms(): no params data found [ 672.983720][ T6814] Bluetooth: hci1: command tx timeout [ 673.342114][T11706] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.342355][T11706] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.342477][T11706] bridge_slave_0: entered allmulticast mode [ 673.365378][T11706] bridge_slave_0: entered promiscuous mode [ 673.370021][T11706] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.370238][T11706] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.370455][T11706] bridge_slave_1: entered allmulticast mode [ 673.373398][T11706] bridge_slave_1: entered promiscuous mode [ 673.393688][ T5906] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 673.423703][ T880] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 673.463771][ T5948] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 673.509758][T11706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.525701][T11706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.547943][ T5906] usb 2-1: config 1 interface 0 has no altsetting 0 [ 673.551373][ T5906] usb 2-1: string descriptor 0 read error: -22 [ 673.551537][ T5906] usb 2-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.40 [ 673.551563][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.573698][ T880] usb 3-1: Using ep0 maxpacket: 16 [ 673.575835][ T880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 673.578521][ T880] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 673.578545][ T880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.578564][ T880] usb 3-1: Product: syz [ 673.578577][ T880] usb 3-1: Manufacturer: syz [ 673.578591][ T880] usb 3-1: SerialNumber: syz [ 673.615584][ T5948] usb 6-1: config 0 has no interfaces? [ 673.617993][ T5948] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 673.618022][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 673.618041][ T5948] usb 6-1: Product: syz [ 673.618055][ T5948] usb 6-1: Manufacturer: syz [ 673.618068][ T5948] usb 6-1: SerialNumber: syz [ 673.738446][ T5948] usb 6-1: config 0 descriptor?? [ 673.746596][ T880] usb 3-1: config 0 descriptor?? [ 673.790041][ T880] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 673.790068][ T880] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 673.832894][T11795] bridge_slave_0: left allmulticast mode [ 673.832978][T11795] bridge_slave_0: left promiscuous mode [ 673.833387][T11795] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.957145][T11795] bridge_slave_1: left allmulticast mode [ 673.957178][T11795] bridge_slave_1: left promiscuous mode [ 673.958140][T11795] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.191481][T11795] bond0: (slave bond_slave_0): Releasing backup interface [ 674.319560][T11795] bond0: (slave bond_slave_1): Releasing backup interface [ 674.355863][ T5906] usbhid 2-1:1.0: can't add hid device: -71 [ 674.356012][ T5906] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 674.377227][ T5906] usb 2-1: USB disconnect, device number 26 [ 674.459599][ T880] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 675.044435][ T6814] Bluetooth: hci1: command tx timeout [ 675.375137][ T880] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 675.375175][ T880] em28xx 3-1:0.0: board has no eeprom [ 675.579362][T11795] team0: Port device team_slave_0 removed [ 675.828421][T11795] team0: Port device team_slave_1 removed [ 675.837910][T11795] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 675.837940][T11795] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.957878][T11795] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 675.957911][T11795] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.011540][T11795] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 677.285395][ T6814] Bluetooth: hci1: command tx timeout [ 677.364590][ T6814] Bluetooth: hci2: command 0x0406 tx timeout [ 677.599922][T11785] em28xx 3-1:0.0: reading from i2c device at 0x2 failed (error=-5) [ 677.618174][ T880] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 677.618193][ T880] em28xx 3-1:0.0: dvb set to bulk mode. [ 677.619665][ T31] em28xx 3-1:0.0: Binding DVB extension [ 677.709821][ T880] usb 3-1: USB disconnect, device number 38 [ 677.711286][ T880] em28xx 3-1:0.0: Disconnecting em28xx [ 677.715959][ T5876] usb 6-1: USB disconnect, device number 18 [ 677.764753][T11706] team0: Port device team_slave_0 added [ 677.783390][T11706] team0: Port device team_slave_1 added [ 677.849747][ T31] em28xx 3-1:0.0: Registering input extension [ 677.860359][ T880] em28xx 3-1:0.0: Closing input extension [ 678.021925][ T880] em28xx 3-1:0.0: Freeing device [ 678.140183][T11706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.140197][T11706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.140212][T11706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.142446][T11706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.142456][T11706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 678.142471][T11706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.530852][T11706] hsr_slave_0: entered promiscuous mode [ 678.545976][T11706] hsr_slave_1: entered promiscuous mode [ 678.569203][T11706] debugfs: 'hsr0' already exists in 'hsr' [ 678.569223][T11706] Cannot create hsr debugfs directory [ 679.142042][T11824] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 679.142463][T11824] overlayfs: overlapping lowerdir path [ 679.253193][T11829] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1816'. [ 679.373742][ T5906] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 680.658845][ T5906] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 680.658910][ T5906] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 680.658935][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.674764][ T5906] usb 3-1: config 0 descriptor?? [ 680.680146][ T5906] keyspan 3-1:0.0: Keyspan 2 port adapter converter detected [ 680.680474][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 87 [ 680.680552][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 7 [ 680.682677][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 680.682764][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 82 [ 680.682850][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 680.682934][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 680.683028][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 85 [ 680.683122][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 5 [ 680.689849][ T5906] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 680.692948][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 680.693040][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 84 [ 680.693131][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 680.693213][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 4 [ 680.693298][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 86 [ 680.693381][ T5906] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 6 [ 680.697331][ T5906] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 680.890160][T11831] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 680.969606][ T5906] usb 3-1: USB disconnect, device number 39 [ 681.069846][ T5906] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 681.136511][ T5906] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 681.138764][ T5906] keyspan 3-1:0.0: device disconnected [ 681.729826][T11841] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 681.729859][T11841] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 681.749997][T11841] vhci_hcd vhci_hcd.0: Device attached [ 681.900717][T11706] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 682.050046][T11706] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 682.165094][ T880] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 682.284989][ T31] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 683.041100][T11706] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 683.133694][T11706] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 683.200817][ T31] usb 1-1: config 0 has no interfaces? [ 683.212682][ T31] usb 1-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 683.212715][ T31] usb 1-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 683.212736][ T31] usb 1-1: Manufacturer: syz [ 683.258558][ T31] usb 1-1: config 0 descriptor?? [ 683.446765][ T808] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 683.465681][T11843] usb 33-1: recv xbuf, 0 [ 683.472657][ T1042] vhci_hcd vhci_hcd.0: stop threads [ 683.472677][ T1042] vhci_hcd vhci_hcd.0: release socket [ 683.477691][ T1042] vhci_hcd vhci_hcd.0: disconnect device [ 683.515401][ T5906] usb 1-1: USB disconnect, device number 25 [ 683.533801][ T880] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 683.570099][T11706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 683.603806][ T808] usb 3-1: Using ep0 maxpacket: 16 [ 683.605990][ T808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 683.612627][ T808] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 683.612653][ T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.612665][ T808] usb 3-1: Product: syz [ 683.612673][ T808] usb 3-1: Manufacturer: syz [ 683.612681][ T808] usb 3-1: SerialNumber: syz [ 683.658769][T11706] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.666574][ T808] usb 3-1: config 0 descriptor?? [ 683.676624][ T808] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 683.676648][ T808] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 683.760510][ T6875] bridge0: port 1(bridge_slave_0) entered blocking state [ 683.760789][ T6875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 683.826431][T10594] bridge0: port 2(bridge_slave_1) entered blocking state [ 683.826762][T10594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 684.460890][T11867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1826'. [ 684.460941][T11867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1826'. [ 684.461083][T11867] netlink: 'syz.1.1826': attribute type 11 has an invalid length. [ 684.477751][T11867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1826'. [ 684.477805][T11867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1826'. [ 684.477908][T11867] netlink: 'syz.1.1826': attribute type 11 has an invalid length. [ 685.133674][ T808] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 685.569281][T11865] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 685.569334][T11865] UDF-fs: Scanning with blocksize 512 failed [ 685.613859][T11865] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 685.613910][T11865] UDF-fs: Scanning with blocksize 1024 failed [ 685.625909][T11865] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 685.625978][T11865] UDF-fs: Scanning with blocksize 2048 failed [ 685.632904][T11865] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 685.632952][T11865] UDF-fs: Scanning with blocksize 4096 failed [ 685.825214][ T808] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 685.825239][ T808] em28xx 3-1:0.0: board has no eeprom [ 686.166308][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.167026][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.903199][T11849] em28xx 3-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 686.953914][ T808] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 686.953947][ T808] em28xx 3-1:0.0: dvb set to bulk mode. [ 686.964405][ T5876] em28xx 3-1:0.0: Binding DVB extension [ 687.048966][ T808] usb 3-1: USB disconnect, device number 40 [ 687.050845][T11876] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 687.069601][ T808] em28xx 3-1:0.0: Disconnecting em28xx [ 687.998253][ T5876] em28xx 3-1:0.0: Registering input extension [ 688.002047][ T808] em28xx 3-1:0.0: Closing input extension [ 688.372661][ T808] em28xx 3-1:0.0: Freeing device [ 689.818860][T11706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 689.852983][ T808] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 690.030849][ T808] usb 3-1: config 0 has no interfaces? [ 690.041320][ T808] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 690.041354][ T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 690.041376][ T808] usb 3-1: Product: syz [ 690.041391][ T808] usb 3-1: Manufacturer: syz [ 690.041406][ T808] usb 3-1: SerialNumber: syz [ 690.097539][ T808] usb 3-1: config 0 descriptor?? [ 692.797140][ T808] usb 3-1: USB disconnect, device number 41 [ 692.868423][T11706] veth0_vlan: entered promiscuous mode [ 692.885981][T11706] veth1_vlan: entered promiscuous mode [ 693.648773][T11706] veth0_macvtap: entered promiscuous mode [ 693.686520][T11706] veth1_macvtap: entered promiscuous mode [ 693.742671][T11921] bridge_slave_0: left allmulticast mode [ 693.742704][T11921] bridge_slave_0: left promiscuous mode [ 693.742981][T11921] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.867322][T11921] bridge_slave_1: left allmulticast mode [ 693.867355][T11921] bridge_slave_1: left promiscuous mode [ 693.867605][T11921] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.984544][T11921] bond0: (slave bond_slave_0): Releasing backup interface [ 694.065999][T11921] bond0: (slave bond_slave_1): Releasing backup interface [ 694.093722][ T5876] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 694.137618][T11921] team0: Port device team_slave_0 removed [ 694.162047][T11921] team0: Port device team_slave_1 removed [ 694.162685][T11921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 694.162705][T11921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.215855][T11921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 694.215885][T11921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 694.247140][T11921] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 694.252722][T11706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 694.273735][ T5876] usb 1-1: Using ep0 maxpacket: 16 [ 694.286361][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 694.304706][ T5876] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 694.304741][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 694.304762][ T5876] usb 1-1: Product: syz [ 694.304777][ T5876] usb 1-1: Manufacturer: syz [ 694.304792][ T5876] usb 1-1: SerialNumber: syz [ 694.334164][T11706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 694.356788][ T1129] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.359999][ T1129] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.361699][ T1129] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.378036][ T1129] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.410015][ T5876] usb 1-1: config 0 descriptor?? [ 694.421494][ T5876] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 694.421531][ T5876] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 694.704643][T11927] netlink: 220 bytes leftover after parsing attributes in process `syz.5.1843'. [ 694.704672][T11927] netlink: 'syz.5.1843': attribute type 2 has an invalid length. [ 695.223600][ T5876] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 696.103100][ T5876] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 696.103124][ T5876] em28xx 1-1:0.0: board has no eeprom [ 697.292125][T11924] em28xx 1-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 697.343645][ T5876] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 697.343678][ T5876] em28xx 1-1:0.0: dvb set to bulk mode. [ 697.351906][ T6875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.351931][ T6875] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.361426][ T5876] usb 1-1: USB disconnect, device number 26 [ 697.361501][ T5804] em28xx 1-1:0.0: Binding DVB extension [ 697.434083][ T5876] em28xx 1-1:0.0: Disconnecting em28xx [ 697.745198][ T1120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 697.745224][ T1120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 697.780592][T11943] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 697.905903][ T5804] em28xx 1-1:0.0: Registering input extension [ 697.913113][ T5876] em28xx 1-1:0.0: Closing input extension [ 698.065647][ T5876] em28xx 1-1:0.0: Freeing device [ 698.104656][T11826] udevd[11826]: setting mode of /dev/bus/usb/001/026 to 020664 failed: No such file or directory [ 698.104773][T11826] udevd[11826]: setting owner of /dev/bus/usb/001/026 to uid=0, gid=0 failed: No such file or directory [ 698.394707][ T808] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 698.546074][ T808] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 698.566195][ T808] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 698.566229][ T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.566250][ T808] usb 2-1: Product: syz [ 698.566265][ T808] usb 2-1: Manufacturer: syz [ 698.566280][ T808] usb 2-1: SerialNumber: syz [ 699.339398][ T808] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 701.252017][ T880] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 701.436450][ T808] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 701.512222][ T880] usb 7-1: Using ep0 maxpacket: 16 [ 701.615387][ T808] usb 2-1: USB disconnect, device number 27 [ 701.615392][ T880] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 701.640646][ T880] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 701.640677][ T880] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.640698][ T880] usb 7-1: Product: syz [ 701.640713][ T880] usb 7-1: Manufacturer: syz [ 701.640728][ T880] usb 7-1: SerialNumber: syz [ 701.705026][ T880] usb 7-1: config 0 descriptor?? [ 701.743475][ T880] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 701.743499][ T880] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 702.595012][ T880] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 703.668019][T12005] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 703.805164][ T880] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 703.805199][ T880] em28xx 7-1:0.0: board has no eeprom [ 704.433863][T12000] em28xx 7-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 704.553760][ T880] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 704.553792][ T880] em28xx 7-1:0.0: dvb set to bulk mode. [ 704.554803][ T31] em28xx 7-1:0.0: Binding DVB extension [ 704.594780][ T880] usb 7-1: USB disconnect, device number 2 [ 704.597352][ T880] em28xx 7-1:0.0: Disconnecting em28xx [ 705.100223][ T31] em28xx 7-1:0.0: Registering input extension [ 705.101360][ T880] em28xx 7-1:0.0: Closing input extension [ 705.218835][ T880] em28xx 7-1:0.0: Freeing device [ 706.932684][ T6814] Bluetooth: hci4: command 0x0406 tx timeout [ 709.084082][ T880] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 709.605032][ T880] usb 3-1: Using ep0 maxpacket: 16 [ 709.646762][ T880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 709.667234][ T880] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 709.667268][ T880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.667289][ T880] usb 3-1: Product: syz [ 709.667303][ T880] usb 3-1: Manufacturer: syz [ 709.667318][ T880] usb 3-1: SerialNumber: syz [ 709.816312][ T880] usb 3-1: config 0 descriptor?? [ 709.928486][ T880] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 709.928527][ T880] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 710.522936][ T880] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 711.803449][ T880] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 711.803486][ T880] em28xx 3-1:0.0: board has no eeprom [ 712.898654][T12053] em28xx 3-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 712.954157][ T880] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 712.954282][ T880] em28xx 3-1:0.0: dvb set to bulk mode. [ 712.960355][ T5948] em28xx 3-1:0.0: Binding DVB extension [ 713.078974][ T880] usb 3-1: USB disconnect, device number 42 [ 713.092614][ T880] em28xx 3-1:0.0: Disconnecting em28xx [ 713.238862][ T5948] em28xx 3-1:0.0: Registering input extension [ 713.242184][ T880] em28xx 3-1:0.0: Closing input extension [ 713.295785][ T880] em28xx 3-1:0.0: Freeing device [ 717.423729][ T5804] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 717.574140][ T5804] usb 3-1: Using ep0 maxpacket: 16 [ 717.584034][ T5804] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 717.597522][ T5804] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 717.597552][ T5804] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.597571][ T5804] usb 3-1: Product: syz [ 717.597584][ T5804] usb 3-1: Manufacturer: syz [ 717.597597][ T5804] usb 3-1: SerialNumber: syz [ 717.754381][ T5804] usb 3-1: config 0 descriptor?? [ 718.457764][ T5804] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 718.457789][ T5804] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 719.143647][ T880] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 719.242668][ T5804] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 719.303658][ T880] usb 6-1: device descriptor read/64, error -71 [ 719.563760][ T880] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 719.664943][ T5804] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 719.664975][ T5804] em28xx 3-1:0.0: board has no eeprom [ 719.703680][ T880] usb 6-1: device descriptor read/64, error -71 [ 719.827960][ T880] usb usb6-port1: attempt power cycle [ 720.223999][ T880] usb 6-1: new full-speed USB device number 21 using dummy_hcd [ 720.244999][ T880] usb 6-1: device descriptor read/8, error -71 [ 720.485674][ T880] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 720.505472][ T880] usb 6-1: device descriptor read/8, error -71 [ 720.614214][ T880] usb usb6-port1: unable to enumerate USB device [ 720.727072][T12141] em28xx 3-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 720.783763][ T5804] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 720.783795][ T5804] em28xx 3-1:0.0: dvb set to bulk mode. [ 720.818455][ T9] em28xx 3-1:0.0: Binding DVB extension [ 720.830990][ T5804] usb 3-1: USB disconnect, device number 43 [ 720.853896][ T5804] em28xx 3-1:0.0: Disconnecting em28xx [ 721.087496][ T9] em28xx 3-1:0.0: Registering input extension [ 721.087766][ T5804] em28xx 3-1:0.0: Closing input extension [ 721.150247][ T5804] em28xx 3-1:0.0: Freeing device [ 723.993750][ T880] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 724.164004][ T880] usb 1-1: config 0 has no interfaces? [ 724.181371][ T880] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 724.181406][ T880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 724.181427][ T880] usb 1-1: Product: syz [ 724.181442][ T880] usb 1-1: Manufacturer: syz [ 724.181456][ T880] usb 1-1: SerialNumber: syz [ 724.193721][ T5948] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 724.201053][ T880] usb 1-1: config 0 descriptor?? [ 724.582295][ T5948] usb 3-1: Using ep0 maxpacket: 16 [ 724.714523][T11798] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 725.275066][ T5948] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 725.300342][ T5948] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 725.300376][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.300397][ T5948] usb 3-1: Product: syz [ 725.300412][ T5948] usb 3-1: Manufacturer: syz [ 725.300428][ T5948] usb 3-1: SerialNumber: syz [ 725.333983][ T5948] usb 3-1: config 0 descriptor?? [ 725.341928][ T5948] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 725.341961][ T5948] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 725.425324][T11798] usb 6-1: no configurations [ 725.425348][T11798] usb 6-1: can't read configurations, error -22 [ 725.690528][T11798] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 725.933280][T11798] usb 6-1: no configurations [ 725.933302][T11798] usb 6-1: can't read configurations, error -22 [ 725.934034][T11798] usb usb6-port1: attempt power cycle [ 725.993424][ T5948] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 726.449733][ T5948] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 726.449770][ T5948] em28xx 3-1:0.0: board has no eeprom [ 726.473655][T11798] usb 6-1: new full-speed USB device number 25 using dummy_hcd [ 726.529165][T11798] usb 6-1: no configurations [ 726.529181][T11798] usb 6-1: can't read configurations, error -22 [ 726.653661][T11798] usb 6-1: new full-speed USB device number 26 using dummy_hcd [ 726.686182][T11798] usb 6-1: no configurations [ 726.686205][T11798] usb 6-1: can't read configurations, error -22 [ 726.706986][T11798] usb usb6-port1: unable to enumerate USB device [ 726.820551][ T9] usb 1-1: USB disconnect, device number 27 [ 727.779215][T12214] em28xx 3-1:0.0: reading from i2c device at 0x1a0 failed (error=-5) [ 727.823718][ T5948] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 727.823753][ T5948] em28xx 3-1:0.0: dvb set to bulk mode. [ 727.827293][T11798] em28xx 3-1:0.0: Binding DVB extension [ 727.973760][ T5948] usb 3-1: USB disconnect, device number 44 [ 727.979551][ T5948] em28xx 3-1:0.0: Disconnecting em28xx [ 728.555206][T11798] em28xx 3-1:0.0: Registering input extension [ 728.555480][ T5948] em28xx 3-1:0.0: Closing input extension [ 728.764126][ T5948] em28xx 3-1:0.0: Freeing device [ 729.843772][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 730.163472][ T9] usb 7-1: config 0 has no interfaces? [ 730.189512][ T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 730.189549][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 730.189574][ T9] usb 7-1: Product: syz [ 730.189588][ T9] usb 7-1: Manufacturer: syz [ 730.189603][ T9] usb 7-1: SerialNumber: syz [ 730.316400][T12266] autofs4:pid:12266:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 731.082864][ T9] usb 7-1: config 0 descriptor?? [ 731.194829][T11798] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 731.363710][ T5804] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 731.767514][T11798] usb 3-1: no configurations [ 731.767539][T11798] usb 3-1: can't read configurations, error -22 [ 731.848910][ T5876] usb 7-1: USB disconnect, device number 3 [ 731.893955][ T5804] usb 6-1: Using ep0 maxpacket: 16 [ 732.230118][ T5804] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 732.551942][ T5804] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 732.552014][ T5804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.552070][ T5804] usb 6-1: Product: syz [ 732.552134][ T5804] usb 6-1: Manufacturer: syz [ 732.552189][ T5804] usb 6-1: SerialNumber: syz [ 732.919419][ T5804] usb 6-1: config 0 descriptor?? [ 732.943708][T11798] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 732.982197][ T5804] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 732.982223][ T5804] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 733.116592][T11798] usb 3-1: device descriptor read/all, error -71 [ 733.116896][T11798] usb usb3-port1: attempt power cycle [ 733.166807][T11798] ================================================================== [ 733.166827][T11798] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irq+0x3d/0x50 [ 733.166865][T11798] Read of size 1 at addr ffff8880591b88c0 by task kworker/1:1/11798 [ 733.166884][T11798] [ 733.166900][T11798] CPU: 1 UID: 0 PID: 11798 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 733.166931][T11798] Tainted: [L]=SOFTLOCKUP [ 733.166940][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 733.166955][T11798] Workqueue: usb_hub_wq hub_event [ 733.167049][T11798] Call Trace: [ 733.167058][T11798] [ 733.167068][T11798] dump_stack_lvl+0xe8/0x150 [ 733.167102][T11798] print_report+0xba/0x230 [ 733.167129][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.167150][T11798] kasan_report+0x117/0x150 [ 733.167204][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.167227][T11798] __kasan_check_byte+0x2a/0x40 [ 733.167249][T11798] lock_acquire+0x79/0x2e0 [ 733.167271][T11798] ? rcu_is_watching+0x15/0xb0 [ 733.167295][T11798] _raw_spin_lock_irq+0x3d/0x50 [ 733.167316][T11798] ? rtlock_slowlock_locked+0x3640/0x3c80 [ 733.167357][T11798] rtlock_slowlock_locked+0x3640/0x3c80 [ 733.167400][T11798] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 733.167431][T11798] ? rtlock_slowlock_locked+0x2a8/0x3c80 [ 733.167463][T11798] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 733.167502][T11798] ? rcu_is_watching+0x15/0xb0 [ 733.167529][T11798] rt_spin_lock+0x165/0x400 [ 733.167557][T11798] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 733.167580][T11798] ? __pfx_rt_spin_lock+0x10/0x10 [ 733.167612][T11798] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 733.167646][T11798] raw_queue_event+0x39/0x2e0 [ 733.167727][T11798] gadget_disconnect+0x51/0xe0 [ 733.167756][T11798] set_link_state+0xc0a/0x1220 [ 733.167833][T11798] dummy_hub_control+0xafc/0x1a00 [ 733.167865][T11798] ? usb_hcd_submit_urb+0x786/0x1b50 [ 733.167897][T11798] usb_hcd_submit_urb+0xdbe/0x1b50 [ 733.167932][T11798] usb_start_wait_urb+0x13f/0x5b0 [ 733.167982][T11798] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 733.168016][T11798] usb_control_msg+0x234/0x3e0 [ 733.168043][T11798] hub_event+0x2dc0/0x4f60 [ 733.168094][T11798] ? __pfx_hub_event+0x10/0x10 [ 733.168125][T11798] ? process_scheduled_works+0xa8d/0x18c0 [ 733.168154][T11798] ? process_scheduled_works+0xa8d/0x18c0 [ 733.168185][T11798] process_scheduled_works+0xb6e/0x18c0 [ 733.168229][T11798] ? __pfx_process_scheduled_works+0x10/0x10 [ 733.168263][T11798] ? assign_work+0x3d5/0x5e0 [ 733.168296][T11798] worker_thread+0xa53/0xfc0 [ 733.168348][T11798] kthread+0x388/0x470 [ 733.168372][T11798] ? __pfx_worker_thread+0x10/0x10 [ 733.168403][T11798] ? __pfx_kthread+0x10/0x10 [ 733.168426][T11798] ret_from_fork+0x51e/0xb90 [ 733.168460][T11798] ? __pfx_ret_from_fork+0x10/0x10 [ 733.168487][T11798] ? __switch_to+0xc7d/0x1450 [ 733.168515][T11798] ? __pfx_kthread+0x10/0x10 [ 733.168538][T11798] ret_from_fork_asm+0x1a/0x30 [ 733.168569][T11798] [ 733.168576][T11798] [ 733.168581][T11798] Allocated by task 12265: [ 733.168591][T11798] kasan_save_track+0x3e/0x80 [ 733.168644][T11798] __kasan_kmalloc+0x93/0xb0 [ 733.168674][T11798] __kmalloc_cache_noprof+0x3a6/0x690 [ 733.168694][T11798] raw_open+0x8d/0x530 [ 733.168716][T11798] misc_open+0x2de/0x350 [ 733.168784][T11798] chrdev_open+0x4d0/0x5f0 [ 733.168824][T11798] do_dentry_open+0x83d/0x13e0 [ 733.168849][T11798] vfs_open+0x3b/0x350 [ 733.168871][T11798] path_openat+0x2e43/0x38a0 [ 733.168923][T11798] do_file_open+0x23e/0x4a0 [ 733.168953][T11798] do_sys_openat2+0x113/0x200 [ 733.168974][T11798] __x64_sys_openat+0x138/0x170 [ 733.168998][T11798] do_syscall_64+0x14d/0xf80 [ 733.169020][T11798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 733.169040][T11798] [ 733.169045][T11798] Freed by task 12263: [ 733.169055][T11798] kasan_save_track+0x3e/0x80 [ 733.169084][T11798] kasan_save_free_info+0x46/0x50 [ 733.169109][T11798] __kasan_slab_free+0x5c/0x80 [ 733.169136][T11798] kfree+0x1c1/0x6c0 [ 733.169164][T11798] raw_release+0x191/0x260 [ 733.169186][T11798] __fput+0x461/0xa90 [ 733.169210][T11798] task_work_run+0x1d9/0x270 [ 733.169233][T11798] do_exit+0x70f/0x23c0 [ 733.169253][T11798] do_group_exit+0x21b/0x2d0 [ 733.169275][T11798] get_signal+0x125c/0x1310 [ 733.169300][T11798] arch_do_signal_or_restart+0xbc/0x830 [ 733.169333][T11798] exit_to_user_mode_loop+0x86/0x480 [ 733.169366][T11798] do_syscall_64+0x32d/0xf80 [ 733.169386][T11798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 733.169406][T11798] [ 733.169411][T11798] The buggy address belongs to the object at ffff8880591b8000 [ 733.169411][T11798] which belongs to the cache kmalloc-4k of size 4096 [ 733.169431][T11798] The buggy address is located 2240 bytes inside of [ 733.169431][T11798] freed 4096-byte region [ffff8880591b8000, ffff8880591b9000) [ 733.169453][T11798] [ 733.169458][T11798] The buggy address belongs to the physical page: [ 733.169470][T11798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x591b8 [ 733.169492][T11798] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 733.169510][T11798] flags: 0x80000000000040(head|node=0|zone=1) [ 733.169528][T11798] page_type: f5(slab) [ 733.169548][T11798] raw: 0080000000000040 ffff88813fe1a140 dead000000000100 dead000000000122 [ 733.169567][T11798] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 733.169587][T11798] head: 0080000000000040 ffff88813fe1a140 dead000000000100 dead000000000122 [ 733.169605][T11798] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 733.169623][T11798] head: 0080000000000003 ffffea0001646e01 00000000ffffffff 00000000ffffffff [ 733.169642][T11798] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 733.169653][T11798] page dumped because: kasan: bad access detected [ 733.169665][T11798] page_owner tracks the page as allocated [ 733.169673][T11798] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1335, tgid 1335 (kworker/u8:10), ts 710646819168, free_ts 708874559130 [ 733.169713][T11798] post_alloc_hook+0x231/0x280 [ 733.169753][T11798] get_page_from_freelist+0x28bb/0x2950 [ 733.169775][T11798] __alloc_frozen_pages_noprof+0x18d/0x380 [ 733.169797][T11798] allocate_slab+0x77/0x660 [ 733.169846][T11798] refill_objects+0x334/0x3c0 [ 733.169868][T11798] __pcs_replace_empty_main+0x35c/0x710 [ 733.169896][T11798] __kmalloc_node_track_caller_noprof+0x60b/0x7e0 [ 733.169917][T11798] __alloc_skb+0x2c1/0x7d0 [ 733.169935][T11798] nsim_dev_trap_report_work+0x29f/0xbc0 [ 733.170007][T11798] process_scheduled_works+0xb6e/0x18c0 [ 733.170035][T11798] worker_thread+0xa53/0xfc0 [ 733.170065][T11798] kthread+0x388/0x470 [ 733.170084][T11798] ret_from_fork+0x51e/0xb90 [ 733.170110][T11798] ret_from_fork_asm+0x1a/0x30 [ 733.170128][T11798] page last free pid 12054 tgid 12054 stack trace: [ 733.170141][T11798] __free_frozen_pages+0xfe3/0x1170 [ 733.170159][T11798] __slab_free+0x24f/0x2a0 [ 733.170177][T11798] qlist_free_all+0x97/0x100 [ 733.170206][T11798] kasan_quarantine_reduce+0x148/0x160 [ 733.170235][T11798] __kasan_slab_alloc+0x22/0x80 [ 733.170266][T11798] kmem_cache_alloc_noprof+0x33b/0x680 [ 733.170296][T11798] ptlock_alloc+0x20/0x70 [ 733.170313][T11798] pte_alloc_one+0x7e/0x380 [ 733.170339][T11798] __pte_alloc+0x25/0x1a0 [ 733.170361][T11798] do_pte_missing+0x1ba7/0x29e0 [ 733.170382][T11798] handle_mm_fault+0xd0a/0x13c0 [ 733.170413][T11798] do_user_addr_fault+0xa73/0x1340 [ 733.170439][T11798] exc_page_fault+0x6a/0xc0 [ 733.170459][T11798] asm_exc_page_fault+0x26/0x30 [ 733.170479][T11798] [ 733.170484][T11798] Memory state around the buggy address: [ 733.170496][T11798] ffff8880591b8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 733.170511][T11798] ffff8880591b8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 733.170527][T11798] >ffff8880591b8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 733.170539][T11798] ^ [ 733.170552][T11798] ffff8880591b8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 733.170567][T11798] ffff8880591b8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 733.170577][T11798] ================================================================== [ 733.170589][T11798] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 733.170607][T11798] CPU: 1 UID: 0 PID: 11798 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 733.170637][T11798] Tainted: [L]=SOFTLOCKUP [ 733.170646][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 733.170660][T11798] Workqueue: usb_hub_wq hub_event [ 733.170690][T11798] Call Trace: [ 733.170699][T11798] [ 733.170707][T11798] vpanic+0x56c/0xa60 [ 733.170741][T11798] ? __pfx_vpanic+0x10/0x10 [ 733.170775][T11798] panic+0xc5/0xd0 [ 733.170806][T11798] ? __pfx_panic+0x10/0x10 [ 733.170839][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.170864][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.170886][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.170907][T11798] check_panic_on_warn+0x89/0xb0 [ 733.170929][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.170951][T11798] end_report+0x73/0x180 [ 733.170971][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.170992][T11798] kasan_report+0x128/0x150 [ 733.171014][T11798] ? _raw_spin_lock_irq+0x3d/0x50 [ 733.171040][T11798] __kasan_check_byte+0x2a/0x40 [ 733.171060][T11798] lock_acquire+0x79/0x2e0 [ 733.171082][T11798] ? rcu_is_watching+0x15/0xb0 [ 733.171106][T11798] _raw_spin_lock_irq+0x3d/0x50 [ 733.171127][T11798] ? rtlock_slowlock_locked+0x3640/0x3c80 [ 733.171161][T11798] rtlock_slowlock_locked+0x3640/0x3c80 [ 733.171204][T11798] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 733.171235][T11798] ? rtlock_slowlock_locked+0x2a8/0x3c80 [ 733.171269][T11798] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 733.171307][T11798] ? rcu_is_watching+0x15/0xb0 [ 733.171344][T11798] rt_spin_lock+0x165/0x400 [ 733.171373][T11798] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 733.171398][T11798] ? __pfx_rt_spin_lock+0x10/0x10 [ 733.171427][T11798] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 733.171461][T11798] raw_queue_event+0x39/0x2e0 [ 733.171492][T11798] gadget_disconnect+0x51/0xe0 [ 733.171519][T11798] set_link_state+0xc0a/0x1220 [ 733.171555][T11798] dummy_hub_control+0xafc/0x1a00 [ 733.171583][T11798] ? usb_hcd_submit_urb+0x786/0x1b50 [ 733.171617][T11798] usb_hcd_submit_urb+0xdbe/0x1b50 [ 733.171653][T11798] usb_start_wait_urb+0x13f/0x5b0 [ 733.171680][T11798] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 733.171714][T11798] usb_control_msg+0x234/0x3e0 [ 733.171739][T11798] hub_event+0x2dc0/0x4f60 [ 733.171786][T11798] ? __pfx_hub_event+0x10/0x10 [ 733.171817][T11798] ? process_scheduled_works+0xa8d/0x18c0 [ 733.171847][T11798] ? process_scheduled_works+0xa8d/0x18c0 [ 733.171876][T11798] process_scheduled_works+0xb6e/0x18c0 [ 733.171918][T11798] ? __pfx_process_scheduled_works+0x10/0x10 [ 733.171950][T11798] ? assign_work+0x3d5/0x5e0 [ 733.171981][T11798] worker_thread+0xa53/0xfc0 [ 733.172035][T11798] kthread+0x388/0x470 [ 733.172058][T11798] ? __pfx_worker_thread+0x10/0x10 [ 733.172085][T11798] ? __pfx_kthread+0x10/0x10 [ 733.172109][T11798] ret_from_fork+0x51e/0xb90 [ 733.172142][T11798] ? __pfx_ret_from_fork+0x10/0x10 [ 733.172173][T11798] ? __switch_to+0xc7d/0x1450 [ 733.172201][T11798] ? __pfx_kthread+0x10/0x10 [ 733.172225][T11798] ret_from_fork_asm+0x1a/0x30 [ 733.172252][T11798] [ 733.172679][T11798] Kernel Offset: disabled