last executing test programs: 8.137956213s ago: executing program 1 (id=2582): r0 = creat(&(0x7f0000000040)='./file0\x00', 0xecf86c37d53049dc) write$binfmt_script(r0, &(0x7f00000002c0)={'#! ', './file0', [{0x20, '\t\t\xf2`:y\xd4H\xfa\xee=d\xd7T\x0f7\x93`\xc6\xd84\xa3\xacQT\x8cj\x83\xa8\xb1\x88H\xe3\x16\xeb\x16\xaa\x91Pn\xcd\xde}$\xad`\xd6(\xa8\xaa\xc67?anM_\xa0\xcf\x82\x84\xf8\xb0\x8amlKL!\xd7\xaaKS\xffn*\xcf\t\\\xces\x04\x1e*p\x9e\xf2\x16\x01`\x00\x00\x00B\x1d\xc7\xd8\xb5\x81\x15\x0f[D8\x88@A$\x88\xa5O&\xae\xe3\b\xa8\xd4\x9b\xab\x81\xf4\xd1\f\"e\xcdzA\xf49\xc1\xc8\f\x8c\xb1)*O\xe3\xc3L\xd6J\ta\xf5\xc6\xee\xa2\xd4\xde\xe5\x1b\x1e\x00\xb4\xc2\xac\xacT\xedq\x10\xb1HW\xben\xbc\x9b\x03\xb6#\xd6z\xe5\xf5\xb4\xcdBA(\xd1\xf3Sx\xad\xa37\xda7\xc6\xc3\xcc\xf6w\x19m_O\xc9C\xb4\xea\xd5U\xb3\x82\xab1\x8e\xfc\xe3\xa8\x89\xb1?\xbf\x84\xdb\x01\x00\xc1\r\x16\x15\x8a\x1d\xa1\x98\x0fS\xd1c\x01O\xd7oi\x96\ts\a \x90Y\xe4\xc2\xcbcC\xdb\xa9\x85'}]}, 0x10a) close(r0) r1 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000002240)={0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.time\x00', 0x275a, 0x0) preadv2(r5, &(0x7f0000000340)=[{&(0x7f0000000200)=""/261, 0x105}], 0x1, 0x102, 0xfffffffd, 0x3b) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x7fffffff) splice(r3, 0x0, r1, 0x0, 0x1000, 0x800000000000000) splice(r2, 0x0, r4, 0x0, 0x80, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 7.692838334s ago: executing program 1 (id=2584): r0 = syz_usb_connect$lan78xx(0x5, 0x0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f00000006c0)={0x40, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, &(0x7f0000000500)={0x14, &(0x7f0000000380)={0x40, 0x1, 0x9, {0x9, 0x31, "60debff6eb0de8"}}, 0x0}, &(0x7f0000000900)={0x34, &(0x7f0000000540)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.002051414s ago: executing program 1 (id=2588): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="2e00000010008188e6b62aa73f72cc9f0ba1f848390000005e770602210300000e000a0010000000028000001294", 0x2e}], 0x1}, 0x20000800) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clock_gettime(0x3, &(0x7f0000000080)) recvmmsg(r1, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40000101, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000564404204e080110f9330102030109021b00010000000009040000010000c200090588"], 0x0) read(r7, &(0x7f00000000c0)=""/177, 0xb1) read(r7, 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x2, 0xfb, 0x1, 0x8, 0x1ff}, 0xc) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/clear_refs\x00', 0x1, 0x0) r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r9, 0x1) ioctl$SIOCX25CALLACCPTAPPRV(r9, 0x89e8) write$sysctl(r8, &(0x7f0000000040)='3\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x0, 0x4, 0x88, {}, 0x0, 0xffff}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000040)={0x0, 0x2, {0x1, 0x0, 0x0, 0x3}}) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r10, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x275a, 0x0) 5.470185718s ago: executing program 0 (id=2594): r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x0) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000040)={0x1, {"40a568bf607c2094e9c6a0c0f550f7f8", "241e6a0b37e28869f574458eb6417d55", "a34d3bcc4817356e5c266b26fe399bde"}, 0x7, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"4772ffacff04856ec9e8776f8ee906be", "2dfad343e15ead11f40c8977fdfd00", "0000b3f88813da82b4cf00"}, 0x3eaf, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000240)={0x3, {"771c2e09a6afc168243d3e8ca34e208f", "45d5c22cb6cd3148b85d5dbf5f9e3413", "a9929074e915d4b883a44cd492a341be"}, 0x1, 0x4}) (fail_nth: 2) 5.000010049s ago: executing program 0 (id=2596): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f00000006c0)={0x40, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, &(0x7f0000000500)={0x14, &(0x7f0000000380)={0x40, 0x1, 0x9, {0x9, 0x31, "60debff6eb0de8"}}, 0x0}, &(0x7f0000000900)={0x34, &(0x7f0000000540)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.70066368s ago: executing program 2 (id=2598): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108) ioctl$OCFS2_IOC_GROUP_ADD64(r0, 0x40186f03, &(0x7f0000000080)={0x8, 0xffffff66, 0x7, 0x8}) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xcb}, 0x0, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) r2 = dup(r1) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x18, 0x1, 0x0, 0x5, 0x0}) 4.54201255s ago: executing program 3 (id=2599): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108943, 0x148) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r1, 0x400, 0x1) fcntl$setlease(r0, 0x400, 0x0) close(r1) 4.277930744s ago: executing program 3 (id=2600): syz_open_dev$usbfs(&(0x7f0000000240), 0x11, 0x1) socket$igmp(0x2, 0x3, 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff09", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 3.605456457s ago: executing program 1 (id=2601): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a3000000000050004000040000005000500020000000500010006000000140007800800064000000000080013"], 0x64}}, 0x0) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="05005b"], 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) close_range(r4, r8, 0x200000000000000) 3.525576623s ago: executing program 2 (id=2602): unshare(0x22020400) r0 = memfd_secret(0x80000) ftruncate(r0, 0x51a9497) 3.491766285s ago: executing program 1 (id=2603): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001200), 0x8a400, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) poll(&(0x7f0000000000)=[{r1, 0xf1c3}], 0x1, 0x9) 3.17493221s ago: executing program 2 (id=2604): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) r1 = dup(r0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x14, 0x1, 0x0, 0x5, 0x0}) (fail_nth: 2) 2.852522788s ago: executing program 2 (id=2605): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x6) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000) syz_open_dev$loop(0x0, 0xffff, 0x14f600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0xf0, 0xa, 0x0, 0x4, 0x9, 0xf9, 0x2, 0x0, 0x2, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x5, 0x7, 0x1, '\x00', 0xc, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.819135727s ago: executing program 3 (id=2606): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="05005b"], 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket(0x40000000015, 0x805, 0x0) getsockopt(r5, 0x114, 0x271d, 0x0, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) 2.671817748s ago: executing program 3 (id=2607): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000000406010100000000000000000700000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x80) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r2, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010100}]}, 0x60}, 0x1, 0x0, 0x0, 0x4048801}, 0x41) 2.140279422s ago: executing program 2 (id=2608): mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x8f13, 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x400200) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x37) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r5, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(r5, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) sendto$inet(r5, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) ioctl$BLKOPENZONE(r1, 0x40101286, &(0x7f0000000040)={0xb, 0x8}) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10100020}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="88000000", @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf25060000002000018008000700", @ANYRES32=r7, @ANYBLOB="14000400fc000000000000006d9c0a257e01ee844c00018008000700", @ANYRES32=r8, @ANYBLOB="14000400fe8000000000000000000000000000bb08000700", @ANYRES32=r9, @ANYBLOB="060005004e210000140004000000000000000000000000000000000005000200360000000500050007000000"], 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) 1.413537649s ago: executing program 0 (id=2609): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000001c0)='l', 0x1, 0x24008015, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='lp', 0x2) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f0000000080)='<', 0xffffffffffffffef, 0x4805, 0x0, 0xfe8d) 1.23922214s ago: executing program 2 (id=2610): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="2e00000010008188e6b62aa73f72cc9f0ba1f848390000005e770602210300000e000a0010000000028000001294", 0x2e}], 0x1}, 0x20000800) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) clock_gettime(0x3, &(0x7f0000000080)) recvmmsg(r1, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40000101, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000564404204e080110f9330102030109021b00010000000009040000010000c200090588"], 0x0) read(r7, &(0x7f00000000c0)=""/177, 0xb1) read(r7, 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x2, 0xfb, 0x1, 0x8, 0x1ff}, 0xc) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/clear_refs\x00', 0x1, 0x0) r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r9, 0x1) ioctl$SIOCX25CALLACCPTAPPRV(r9, 0x89e8) write$sysctl(r8, &(0x7f0000000040)='3\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x0, 0x4, 0x88, {}, 0x0, 0xffff}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000040)={0x0, 0x2, {0x1, 0x0, 0x0, 0x3}}) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r10, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x275a, 0x0) 1.164608241s ago: executing program 0 (id=2611): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r0) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x23, 0x11, 0x14, 0x41, 0x5a, 0x5, 0x0}) 896.610901ms ago: executing program 0 (id=2612): r0 = syz_io_uring_complete(0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, 0x0) (async) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, 0x0) write$bt_hci(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="01150403c900"], 0x6) (async) write$bt_hci(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="01150403c900"], 0x6) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) (async) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0xffff, @local, 0xfffffffd}, 0x1c) socket$netlink(0x10, 0x3, 0x8000000004) (async) r3 = socket$netlink(0x10, 0x3, 0x8000000004) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400}, 0x4000000) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) (async) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r6}) recvmmsg(0xffffffffffffffff, &(0x7f0000000980)=[{{0x0, 0x0, 0x0}, 0x16a}], 0x1, 0x40000000, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000002540)={&(0x7f0000002200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000024c0)=[{&(0x7f0000002280)="75cc683fd3c6d4cebf9d872c4bf32ad3e08cf4ad00310a62217959727903b4ccae4cddeb02d9ee9d11407aa5c1a020319296610d83f6250a042987c6e54344873948561ad8a13e74c2b0be6ff868e5ace1a354dc72a01f3d25c72afd56f18ded9b6fa86f322bf477c086f30891e6f5b57432181dc705ccc3ed59ce22f13dd24ed9d70ffbcb245bec30993df0b583e5dd1bc3bf1cb6ef284a9f82057a0761838610ca949955942ea7ae67cec32498a23a36700565b934de1f65a91c9c48c2d0dcb8febc8e3354ccb689e512ece0d75acf46fb0acd77879b30d07cfbce3ed6353a49369764c80d", 0xe6}, {&(0x7f0000002380)="e4280526686e921ce47cf307dc2e4634a363dc455f88a6f347357de564e44aeb4ac414c3608a453e76be731c26e5bc3ccc73b762c9e9d5c508a7", 0x3a}, {&(0x7f00000023c0)="ec56d127974cc9c538838b8e8ccdfa9cfc36f2a42f35f38932cc9ab65269aa93e4269be9b8d2209d482c18f234656c90c6b110f0d90ee715fe3497d13442b38c3f94a42446dcfdda82b0c18ffcf0afe5", 0x50}, {&(0x7f0000002440)="2e8670b63d8c00264eb77aec8cd791357b828e7db4c1e10654ee8df015bae872342827b505d83a11cb82b4d9a01b4d72f00627f36659afb3d232d5466a7114d4c50017b046df3d1b68f5b962181cbea5c7531ddc4a30347b45b181989cc3959b8ce3", 0x62}], 0x4, &(0x7f0000002500)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r3, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r0, r2, r5]}}], 0x40, 0xc000}, 0x800) (async) sendmsg$unix(0xffffffffffffffff, &(0x7f0000002540)={&(0x7f0000002200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000024c0)=[{&(0x7f0000002280)="75cc683fd3c6d4cebf9d872c4bf32ad3e08cf4ad00310a62217959727903b4ccae4cddeb02d9ee9d11407aa5c1a020319296610d83f6250a042987c6e54344873948561ad8a13e74c2b0be6ff868e5ace1a354dc72a01f3d25c72afd56f18ded9b6fa86f322bf477c086f30891e6f5b57432181dc705ccc3ed59ce22f13dd24ed9d70ffbcb245bec30993df0b583e5dd1bc3bf1cb6ef284a9f82057a0761838610ca949955942ea7ae67cec32498a23a36700565b934de1f65a91c9c48c2d0dcb8febc8e3354ccb689e512ece0d75acf46fb0acd77879b30d07cfbce3ed6353a49369764c80d", 0xe6}, {&(0x7f0000002380)="e4280526686e921ce47cf307dc2e4634a363dc455f88a6f347357de564e44aeb4ac414c3608a453e76be731c26e5bc3ccc73b762c9e9d5c508a7", 0x3a}, {&(0x7f00000023c0)="ec56d127974cc9c538838b8e8ccdfa9cfc36f2a42f35f38932cc9ab65269aa93e4269be9b8d2209d482c18f234656c90c6b110f0d90ee715fe3497d13442b38c3f94a42446dcfdda82b0c18ffcf0afe5", 0x50}, {&(0x7f0000002440)="2e8670b63d8c00264eb77aec8cd791357b828e7db4c1e10654ee8df015bae872342827b505d83a11cb82b4d9a01b4d72f00627f36659afb3d232d5466a7114d4c50017b046df3d1b68f5b962181cbea5c7531ddc4a30347b45b181989cc3959b8ce3", 0x62}], 0x4, &(0x7f0000002500)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r3, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r0, r2, r5]}}], 0x40, 0xc000}, 0x800) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000040)={0x500, 0x1, &(0x7f0000000180)=[r6], &(0x7f0000000180), &(0x7f0000000340)=[r7], &(0x7f00000001c0), 0x0, 0xff}) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000080)="580000001400add427323b472545b4560a117fffffff81000e220e227f00228c0008925aa80013007b00090080007f000001e809000000ff0000f03afdffffffffffffffffffffffffffffe7ee000000deff000000020000", 0x58}], 0x1) syz_io_uring_setup(0xf02, &(0x7f0000002580)={0x0, 0xfffffffd, 0x800, 0x1, 0x163}, 0x0, 0x0, 0x0) (async) syz_io_uring_setup(0xf02, &(0x7f0000002580)={0x0, 0xfffffffd, 0x800, 0x1, 0x163}, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00') read$FUSE(r8, &(0x7f00000001c0)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x6, 0x1111ffff, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002600)='./cgroup.net/syz0\x00', 0x200002, 0x0) r10 = openat$cgroup_int(r9, &(0x7f00000016c0)='cpu.weight.nice\x00', 0x2, 0x0) write$cgroup_subtree(r10, &(0x7f0000000040)=ANY=[@ANYRESDEC=r10], 0xaa) (async) write$cgroup_subtree(r10, &(0x7f0000000040)=ANY=[@ANYRESDEC=r10], 0xaa) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r11, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="013301300108"}) (async) ioctl$SIOCSIFHWADDR(r11, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="013301300108"}) 895.945357ms ago: executing program 3 (id=2613): unshare(0x22020400) r0 = memfd_secret(0x80000) ftruncate(r0, 0x51a9497) (fail_nth: 2) 352.306807ms ago: executing program 3 (id=2614): syz_open_dev$usbfs(&(0x7f0000000240), 0x11, 0x1) socket$igmp(0x2, 0x3, 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff00", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 347.379582ms ago: executing program 1 (id=2615): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="05005b"], 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket(0x40000000015, 0x805, 0x0) getsockopt(r5, 0x114, 0x271d, 0x0, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) 0s ago: executing program 0 (id=2616): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x6) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000) syz_open_dev$loop(0x0, 0xffff, 0x14f600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0xf0, 0xa, 0x0, 0x4, 0x9, 0xf9, 0x2, 0x0, 0x2, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x5, 0x7, 0x1, '\x00', 0xc, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): 's busy [ 543.155294][T12138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 543.231379][ T5719] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 543.434517][ T5719] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 543.461285][T12148] FAULT_INJECTION: forcing a failure. [ 543.461285][T12148] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 543.461327][T12148] CPU: 0 UID: 0 PID: 12148 Comm: syz.0.2351 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 543.461357][T12148] Tainted: [L]=SOFTLOCKUP [ 543.461365][T12148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 543.461378][T12148] Call Trace: [ 543.461387][T12148] [ 543.461396][T12148] dump_stack_lvl+0xe8/0x150 [ 543.461426][T12148] should_fail_ex+0x46b/0x600 [ 543.461460][T12148] _copy_from_user+0x2d/0xb0 [ 543.461487][T12148] ___sys_recvmsg+0x175/0x590 [ 543.461507][T12148] ? ktime_get_ts64+0xa9/0x410 [ 543.461534][T12148] ? __pfx____sys_recvmsg+0x10/0x10 [ 543.461560][T12148] ? __fget_files+0x2a/0x420 [ 543.461603][T12148] ? __fget_files+0x3a6/0x420 [ 543.461651][T12148] do_recvmmsg+0x33a/0x800 [ 543.461681][T12148] ? __pfx_do_recvmmsg+0x10/0x10 [ 543.461717][T12148] ? _copy_from_user+0x94/0xb0 [ 543.461756][T12148] __x64_sys_recvmmsg+0x1b7/0x250 [ 543.461781][T12148] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 543.461813][T12148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.461838][T12148] do_syscall_64+0x174/0x580 [ 543.461869][T12148] ? trace_irq_disable+0x3b/0x140 [ 543.461893][T12148] ? clear_bhb_loop+0x40/0x90 [ 543.461920][T12148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.461943][T12148] RIP: 0033:0x7f430452ce59 [ 543.461965][T12148] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 543.461986][T12148] RSP: 002b:00007f4302786028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 543.462012][T12148] RAX: ffffffffffffffda RBX: 00007f43047a5fa0 RCX: 00007f430452ce59 [ 543.462029][T12148] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 543.462045][T12148] RBP: 00007f4302786090 R08: 0000200000003700 R09: 0000000000000000 [ 543.462060][T12148] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001 [ 543.462074][T12148] R13: 00007f43047a6038 R14: 00007f43047a5fa0 R15: 00007fff913b9db8 [ 543.462113][T12148] [ 543.474103][ T5719] usb 4-1: USB disconnect, device number 5 [ 543.748873][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 544.273041][T12164] FAULT_INJECTION: forcing a failure. [ 544.273041][T12164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 544.273085][T12164] CPU: 1 UID: 0 PID: 12164 Comm: syz.0.2357 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 544.273116][T12164] Tainted: [L]=SOFTLOCKUP [ 544.273125][T12164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 544.273138][T12164] Call Trace: [ 544.273147][T12164] [ 544.273156][T12164] dump_stack_lvl+0xe8/0x150 [ 544.273190][T12164] should_fail_ex+0x46b/0x600 [ 544.273229][T12164] _copy_from_user+0x2d/0xb0 [ 544.273257][T12164] ___sys_recvmsg+0x175/0x590 [ 544.273282][T12164] ? ktime_get_ts64+0xa9/0x410 [ 544.273312][T12164] ? __pfx____sys_recvmsg+0x10/0x10 [ 544.273340][T12164] ? __fget_files+0x2a/0x420 [ 544.273385][T12164] ? __fget_files+0x3a6/0x420 [ 544.273421][T12164] do_recvmmsg+0x33a/0x800 [ 544.273453][T12164] ? __pfx_do_recvmmsg+0x10/0x10 [ 544.273491][T12164] ? _copy_from_user+0x94/0xb0 [ 544.273530][T12164] __x64_sys_recvmmsg+0x1b7/0x250 [ 544.273555][T12164] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 544.273582][T12164] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.273605][T12164] do_syscall_64+0x174/0x580 [ 544.273636][T12164] ? trace_irq_disable+0x3b/0x140 [ 544.273671][T12164] ? clear_bhb_loop+0x40/0x90 [ 544.273698][T12164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.273721][T12164] RIP: 0033:0x7f430452ce59 [ 544.273743][T12164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 544.273763][T12164] RSP: 002b:00007f4302786028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 544.273790][T12164] RAX: ffffffffffffffda RBX: 00007f43047a5fa0 RCX: 00007f430452ce59 [ 544.273807][T12164] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 544.273823][T12164] RBP: 00007f4302786090 R08: 0000200000003700 R09: 0000000000000000 [ 544.273839][T12164] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001 [ 544.273853][T12164] R13: 00007f43047a6038 R14: 00007f43047a5fa0 R15: 00007fff913b9db8 [ 544.273886][T12164] [ 544.367886][ T4932] Bluetooth: hci0: command 0x0c1a tx timeout [ 544.754661][T11975] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 544.866003][T11975] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 544.887958][T11975] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 544.930711][T12177] FAULT_INJECTION: forcing a failure. [ 544.930711][T12177] name failslab, interval 1, probability 0, space 0, times 0 [ 544.930754][T12177] CPU: 0 UID: 0 PID: 12177 Comm: syz.2.2363 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 544.930786][T12177] Tainted: [L]=SOFTLOCKUP [ 544.930795][T12177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 544.930810][T12177] Call Trace: [ 544.930819][T12177] [ 544.930829][T12177] dump_stack_lvl+0xe8/0x150 [ 544.930861][T12177] should_fail_ex+0x46b/0x600 [ 544.930901][T12177] should_failslab+0xa8/0x100 [ 544.930948][T12177] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 544.930976][T12177] ? __alloc_skb+0x1d0/0x7d0 [ 544.931005][T12177] ? lockdep_hardirqs_on+0x7a/0x110 [ 544.931045][T12177] __alloc_skb+0x1d0/0x7d0 [ 544.931081][T12177] __ip6_append_data+0x2d3c/0x3f60 [ 544.931136][T12177] ? __pfx_raw6_getfrag+0x10/0x10 [ 544.931172][T12177] ? ip6_mtu+0x7d/0x490 [ 544.931205][T12177] ? __pfx___ip6_append_data+0x10/0x10 [ 544.931237][T12177] ? ip6_setup_cork+0x544/0xf30 [ 544.931268][T12177] ? ip6_append_data+0x1c7/0x2a0 [ 544.931303][T12177] ip6_append_data+0x10f/0x2a0 [ 544.931338][T12177] ? __pfx_raw6_getfrag+0x10/0x10 [ 544.931363][T12177] rawv6_sendmsg+0x12d3/0x18e0 [ 544.931413][T12177] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 544.931481][T12177] ? __pfx_aa_sk_perm+0x10/0x10 [ 544.931503][T12177] ? sock_rps_record_flow+0x19/0x350 [ 544.931535][T12177] ? inet_sendmsg+0x2f4/0x370 [ 544.931561][T12177] ? aa_sock_msg_perm+0x122/0x200 [ 544.931587][T12177] ? __pfx_inet_sendmsg+0x10/0x10 [ 544.931614][T12177] sock_sendmsg_nosec+0x10e/0x180 [ 544.931643][T12177] ____sys_sendmsg+0x55c/0x870 [ 544.931683][T12177] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.931728][T12177] ? import_iovec+0x73/0xa0 [ 544.931758][T12177] ___sys_sendmsg+0x2a5/0x360 [ 544.931792][T12177] ? __lock_acquire+0x6b5/0x2d10 [ 544.931824][T12177] ? __pfx____sys_sendmsg+0x10/0x10 [ 544.931865][T12177] ? kstrtouint+0x6e/0xe0 [ 544.931935][T12177] ? __fget_files+0x2a/0x420 [ 544.931959][T12177] ? __fget_files+0x3a6/0x420 [ 544.931998][T12177] __sys_sendmmsg+0x282/0x4e0 [ 544.932039][T12177] ? __pfx___sys_sendmmsg+0x10/0x10 [ 544.932084][T12177] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 544.932126][T12177] ? ksys_write+0x248/0x270 [ 544.932160][T12177] ? __pfx_ksys_write+0x10/0x10 [ 544.932199][T12177] __x64_sys_sendmmsg+0xa0/0xc0 [ 544.932235][T12177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.932259][T12177] do_syscall_64+0x174/0x580 [ 544.932326][T12177] ? trace_irq_disable+0x3b/0x140 [ 544.932352][T12177] ? clear_bhb_loop+0x40/0x90 [ 544.932380][T12177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.932403][T12177] RIP: 0033:0x7fab1683ce59 [ 544.932426][T12177] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 544.932447][T12177] RSP: 002b:00007fab14a75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 544.932473][T12177] RAX: ffffffffffffffda RBX: 00007fab16ab6090 RCX: 00007fab1683ce59 [ 544.932490][T12177] RDX: 0000000000000001 RSI: 00002000000006c0 RDI: 0000000000000004 [ 544.932506][T12177] RBP: 00007fab14a75090 R08: 0000000000000000 R09: 0000000000000000 [ 544.932520][T12177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.932535][T12177] R13: 00007fab16ab6128 R14: 00007fab16ab6090 R15: 00007fff5e3f40b8 [ 544.932570][T12177] [ 545.316956][T12185] FAULT_INJECTION: forcing a failure. [ 545.316956][T12185] name failslab, interval 1, probability 0, space 0, times 0 [ 545.316998][T12185] CPU: 1 UID: 0 PID: 12185 Comm: syz.2.2367 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 545.317030][T12185] Tainted: [L]=SOFTLOCKUP [ 545.317039][T12185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 545.317052][T12185] Call Trace: [ 545.317062][T12185] [ 545.317073][T12185] dump_stack_lvl+0xe8/0x150 [ 545.317106][T12185] should_fail_ex+0x46b/0x600 [ 545.317148][T12185] should_failslab+0xa8/0x100 [ 545.317180][T12185] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 545.317213][T12185] ? __alloc_skb+0x1d0/0x7d0 [ 545.317242][T12185] ? lockdep_hardirqs_on+0x7a/0x110 [ 545.317283][T12185] __alloc_skb+0x1d0/0x7d0 [ 545.317320][T12185] create_monitor_ctrl_close+0xbd/0x520 [ 545.317346][T12185] ? hci_sock_release+0xbc/0x590 [ 545.317383][T12185] hci_sock_release+0xd9/0x590 [ 545.317413][T12185] __sock_release+0xb9/0x250 [ 545.317440][T12185] ? __pfx_sock_close+0x10/0x10 [ 545.317466][T12185] sock_close+0x1c/0x30 [ 545.317490][T12185] __fput+0x461/0xa70 [ 545.317530][T12185] task_work_run+0x1d9/0x270 [ 545.317562][T12185] ? __pfx_task_work_run+0x10/0x10 [ 545.317601][T12185] exit_to_user_mode_loop+0x193/0x680 [ 545.317628][T12185] ? rcu_is_watching+0x15/0xb0 [ 545.317661][T12185] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.317694][T12185] do_syscall_64+0x353/0x580 [ 545.317724][T12185] ? trace_irq_disable+0x3b/0x140 [ 545.317749][T12185] ? clear_bhb_loop+0x40/0x90 [ 545.317776][T12185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.317798][T12185] RIP: 0033:0x7fab1683ce59 [ 545.317819][T12185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 545.317840][T12185] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 545.317865][T12185] RAX: 0000000000000000 RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 545.317881][T12185] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 545.317896][T12185] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 545.317911][T12185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 545.317923][T12185] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 545.317958][T12185] [ 545.326415][T11975] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 545.338515][T11975] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 545.481249][T11975] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 545.557839][T11975] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 545.635378][T11975] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 546.081132][T11975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.216501][T11975] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.291555][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.291749][ T5969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.344600][T12217] FAULT_INJECTION: forcing a failure. [ 546.344600][T12217] name failslab, interval 1, probability 0, space 0, times 0 [ 546.344641][T12217] CPU: 1 UID: 0 PID: 12217 Comm: syz.2.2378 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 546.344683][T12217] Tainted: [L]=SOFTLOCKUP [ 546.344690][T12217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 546.344704][T12217] Call Trace: [ 546.344712][T12217] [ 546.344722][T12217] dump_stack_lvl+0xe8/0x150 [ 546.344752][T12217] should_fail_ex+0x46b/0x600 [ 546.344789][T12217] should_failslab+0xa8/0x100 [ 546.344818][T12217] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 546.344844][T12217] ? __alloc_skb+0x1d0/0x7d0 [ 546.344869][T12217] ? lockdep_hardirqs_on+0x7a/0x110 [ 546.344900][T12217] __alloc_skb+0x1d0/0x7d0 [ 546.344930][T12217] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 546.344962][T12217] netlink_sendmsg+0x5d4/0xb40 [ 546.344995][T12217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.345019][T12217] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 546.345050][T12217] ? aa_sock_msg_perm+0x122/0x200 [ 546.345077][T12217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 546.345098][T12217] sock_sendmsg_nosec+0x13a/0x180 [ 546.345127][T12217] ____sys_sendmsg+0x55c/0x870 [ 546.345169][T12217] ? __pfx_____sys_sendmsg+0x10/0x10 [ 546.345212][T12217] ? import_iovec+0x73/0xa0 [ 546.345242][T12217] ___sys_sendmsg+0x2a5/0x360 [ 546.345275][T12217] ? __lock_acquire+0x6b5/0x2d10 [ 546.345307][T12217] ? __pfx____sys_sendmsg+0x10/0x10 [ 546.345378][T12217] ? __fget_files+0x2a/0x420 [ 546.345404][T12217] ? __fget_files+0x3a6/0x420 [ 546.345462][T12217] __x64_sys_sendmsg+0x1c3/0x2a0 [ 546.345500][T12217] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 546.345545][T12217] ? __pfx_ksys_write+0x10/0x10 [ 546.345586][T12217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.345611][T12217] do_syscall_64+0x174/0x580 [ 546.345644][T12217] ? trace_irq_disable+0x3b/0x140 [ 546.345678][T12217] ? clear_bhb_loop+0x40/0x90 [ 546.345706][T12217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.345728][T12217] RIP: 0033:0x7fab1683ce59 [ 546.345749][T12217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 546.345769][T12217] RSP: 002b:00007fab14a75028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 546.345794][T12217] RAX: ffffffffffffffda RBX: 00007fab16ab6090 RCX: 00007fab1683ce59 [ 546.345812][T12217] RDX: 0000000000044054 RSI: 0000200000000000 RDI: 0000000000000003 [ 546.345828][T12217] RBP: 00007fab14a75090 R08: 0000000000000000 R09: 0000000000000000 [ 546.345843][T12217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.345858][T12217] R13: 00007fab16ab6128 R14: 00007fab16ab6090 R15: 00007fff5e3f40b8 [ 546.345893][T12217] [ 546.448068][ T4932] Bluetooth: hci0: command 0x0c1a tx timeout [ 546.677576][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.700454][ T5969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.042648][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.042665][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.042772][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.042783][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.080418][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.080445][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.118730][T12240] binder: BINDER_SET_CONTEXT_MGR already set [ 547.118754][T12240] binder: 12237:12240 ioctl 4018620d 200000004a80 returned -16 [ 547.118994][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119010][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119133][T12240] binder: 12237:12240 ioctl c0306201 2000000004c0 returned -22 [ 547.119188][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119197][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119305][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119314][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119410][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119419][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119518][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119526][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119623][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119633][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119737][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119746][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119862][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119871][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.119978][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.119987][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.120083][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.120092][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.120203][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.120213][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.120309][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.120319][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.124522][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.124539][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.124646][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.124656][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.124759][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.124769][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.124866][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.124875][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.124979][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.124989][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125085][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125094][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125200][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125211][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125313][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125323][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125425][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125435][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125566][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125575][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.125789][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.125805][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.135798][T12239] binder: BINDER_SET_CONTEXT_MGR already set [ 547.135813][T12239] binder: 12237:12239 ioctl 4018620d 200000000100 returned -16 [ 547.800120][T12253] syzkaller1: entered promiscuous mode [ 547.800152][T12253] syzkaller1: entered allmulticast mode [ 547.840778][T12253] 9pnet_fd: Insufficient options for proto=fd [ 548.007974][ T10] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 548.084572][T12265] FAULT_INJECTION: forcing a failure. [ 548.084572][T12265] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.084600][T12265] CPU: 0 UID: 0 PID: 12265 Comm: syz.0.2399 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 548.084619][T12265] Tainted: [L]=SOFTLOCKUP [ 548.084625][T12265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 548.084636][T12265] Call Trace: [ 548.084641][T12265] [ 548.084646][T12265] dump_stack_lvl+0xe8/0x150 [ 548.084667][T12265] should_fail_ex+0x46b/0x600 [ 548.084689][T12265] _copy_from_user+0x2d/0xb0 [ 548.084705][T12265] memdup_user+0x5e/0xd0 [ 548.084718][T12265] strndup_user+0x68/0xd0 [ 548.084731][T12265] __se_sys_mount+0x9d/0x420 [ 548.084747][T12265] ? ksys_write+0x248/0x270 [ 548.084766][T12265] ? __pfx___se_sys_mount+0x10/0x10 [ 548.084784][T12265] ? __x64_sys_mount+0x20/0xc0 [ 548.084798][T12265] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.084812][T12265] do_syscall_64+0x174/0x580 [ 548.084831][T12265] ? trace_irq_disable+0x3b/0x140 [ 548.084846][T12265] ? clear_bhb_loop+0x40/0x90 [ 548.084861][T12265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.084881][T12265] RIP: 0033:0x7f430452ce59 [ 548.084895][T12265] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.084907][T12265] RSP: 002b:00007f4302786028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 548.084923][T12265] RAX: ffffffffffffffda RBX: 00007f43047a5fa0 RCX: 00007f430452ce59 [ 548.084932][T12265] RDX: 0000200000004500 RSI: 00002000000000c0 RDI: 0000000000000000 [ 548.084941][T12265] RBP: 00007f4302786090 R08: 0000200000000100 R09: 0000000000000000 [ 548.084949][T12265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.084957][T12265] R13: 00007f43047a6038 R14: 00007f43047a5fa0 R15: 00007fff913b9db8 [ 548.084975][T12265] [ 548.236801][ T10] usb 3-1: device descriptor read/64, error -71 [ 548.467885][ T10] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 548.657854][ T10] usb 3-1: device descriptor read/64, error -71 [ 548.771182][ T10] usb usb3-port1: attempt power cycle [ 548.930270][T12289] netlink: 'syz.3.2408': attribute type 16 has an invalid length. [ 548.930297][T12289] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2408'. [ 548.972307][T12289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2408'. [ 549.001702][T12289] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2408'. [ 549.103191][ T9376] udevd[9376]: symlink '../../loop9' '/dev/disk/by-diskseq/83.tmp-b7:9' failed: Read-only file system [ 549.119843][ T10] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 549.148779][ T10] usb 3-1: device descriptor read/8, error -71 [ 549.231296][T12297] FAULT_INJECTION: forcing a failure. [ 549.231296][T12297] name failslab, interval 1, probability 0, space 0, times 0 [ 549.231324][T12297] CPU: 1 UID: 0 PID: 12297 Comm: syz.3.2411 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 549.231344][T12297] Tainted: [L]=SOFTLOCKUP [ 549.231350][T12297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 549.231357][T12297] Call Trace: [ 549.231363][T12297] [ 549.231369][T12297] dump_stack_lvl+0xe8/0x150 [ 549.231389][T12297] should_fail_ex+0x46b/0x600 [ 549.231411][T12297] should_failslab+0xa8/0x100 [ 549.231429][T12297] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 549.231445][T12297] ? __alloc_skb+0x1d0/0x7d0 [ 549.231462][T12297] ? lockdep_hardirqs_on+0x7a/0x110 [ 549.231484][T12297] __alloc_skb+0x1d0/0x7d0 [ 549.231501][T12297] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 549.231522][T12297] netlink_sendmsg+0x5d4/0xb40 [ 549.231539][T12297] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.231553][T12297] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 549.231572][T12297] ? aa_sock_msg_perm+0x122/0x200 [ 549.231586][T12297] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.231598][T12297] sock_sendmsg_nosec+0x13a/0x180 [ 549.231615][T12297] ____sys_sendmsg+0x55c/0x870 [ 549.231638][T12297] ? __pfx_____sys_sendmsg+0x10/0x10 [ 549.231665][T12297] ? import_iovec+0x73/0xa0 [ 549.231681][T12297] ___sys_sendmsg+0x2a5/0x360 [ 549.231701][T12297] ? __lock_acquire+0x6b5/0x2d10 [ 549.231718][T12297] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.231756][T12297] ? __fget_files+0x2a/0x420 [ 549.231771][T12297] ? __fget_files+0x3a6/0x420 [ 549.231791][T12297] __x64_sys_sendmsg+0x1c3/0x2a0 [ 549.231813][T12297] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 549.231837][T12297] ? __pfx_ksys_write+0x10/0x10 [ 549.231859][T12297] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.231873][T12297] do_syscall_64+0x174/0x580 [ 549.231892][T12297] ? trace_irq_disable+0x3b/0x140 [ 549.231913][T12297] ? clear_bhb_loop+0x40/0x90 [ 549.231928][T12297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.231941][T12297] RIP: 0033:0x7fd7b1edce59 [ 549.231954][T12297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.231966][T12297] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.231982][T12297] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 549.231992][T12297] RDX: 0000000000000000 RSI: 0000200000009b40 RDI: 0000000000000003 [ 549.232000][T12297] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 549.232008][T12297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.232016][T12297] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 549.232034][T12297] [ 549.462369][ T10] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 549.519981][ T10] usb 3-1: device descriptor read/8, error -71 [ 549.565752][T11975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 549.638761][ T10] usb usb3-port1: unable to enumerate USB device [ 549.768041][T12313] FAULT_INJECTION: forcing a failure. [ 549.768041][T12313] name failslab, interval 1, probability 0, space 0, times 0 [ 549.768079][T12313] CPU: 0 UID: 0 PID: 12313 Comm: syz.3.2419 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 549.768104][T12313] Tainted: [L]=SOFTLOCKUP [ 549.768111][T12313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 549.768122][T12313] Call Trace: [ 549.768130][T12313] [ 549.768139][T12313] dump_stack_lvl+0xe8/0x150 [ 549.768170][T12313] should_fail_ex+0x46b/0x600 [ 549.768202][T12313] should_failslab+0xa8/0x100 [ 549.768227][T12313] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 549.768248][T12313] ? __alloc_skb+0x1d0/0x7d0 [ 549.768279][T12313] __alloc_skb+0x1d0/0x7d0 [ 549.768301][T12313] ? seqcount_lockdep_reader_access+0xa9/0x100 [ 549.768326][T12313] tcp_stream_alloc_skb+0x3f/0x5c0 [ 549.768350][T12313] ? tcp_tso_segs+0x1f0/0x360 [ 549.768374][T12313] tcp_write_xmit+0x12f8/0x6540 [ 549.768439][T12313] __tcp_push_pending_frames+0x97/0x380 [ 549.768460][T12313] ? tcp_push+0x424/0x660 [ 549.768485][T12313] tcp_sendmsg_locked+0x470e/0x5370 [ 549.768562][T12313] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 549.768598][T12313] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 549.768625][T12313] ? lockdep_hardirqs_on+0x7a/0x110 [ 549.768688][T12313] tcp_sendmsg+0x2f/0x50 [ 549.768714][T12313] ? __pfx_inet_sendmsg+0x10/0x10 [ 549.768735][T12313] sock_sendmsg_nosec+0x10e/0x180 [ 549.768760][T12313] ____sys_sendmsg+0x55c/0x870 [ 549.768791][T12313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 549.768827][T12313] ? import_iovec+0x73/0xa0 [ 549.768852][T12313] ___sys_sendmsg+0x2a5/0x360 [ 549.768877][T12313] ? __lock_acquire+0x6b5/0x2d10 [ 549.768912][T12313] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.768971][T12313] ? __fget_files+0x2a/0x420 [ 549.768992][T12313] ? __fget_files+0x3a6/0x420 [ 549.769021][T12313] __x64_sys_sendmsg+0x1c3/0x2a0 [ 549.769052][T12313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 549.769089][T12313] ? __pfx_ksys_write+0x10/0x10 [ 549.769123][T12313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.769142][T12313] do_syscall_64+0x174/0x580 [ 549.769168][T12313] ? trace_irq_disable+0x3b/0x140 [ 549.769188][T12313] ? clear_bhb_loop+0x40/0x90 [ 549.769216][T12313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.769235][T12313] RIP: 0033:0x7fd7b1edce59 [ 549.769253][T12313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.769268][T12313] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.769288][T12313] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 549.769301][T12313] RDX: 0000000000004884 RSI: 0000200000000600 RDI: 0000000000000003 [ 549.769314][T12313] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 549.769327][T12313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.769339][T12313] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 549.769369][T12313] [ 550.019381][T11975] veth0_vlan: entered promiscuous mode [ 550.162609][T11975] veth1_vlan: entered promiscuous mode [ 550.410637][T11975] veth0_macvtap: entered promiscuous mode [ 550.436609][T11975] veth1_macvtap: entered promiscuous mode [ 550.813986][T12345] FAULT_INJECTION: forcing a failure. [ 550.813986][T12345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 550.814016][T12345] CPU: 0 UID: 0 PID: 12345 Comm: syz.0.2433 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 550.814036][T12345] Tainted: [L]=SOFTLOCKUP [ 550.814040][T12345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 550.814049][T12345] Call Trace: [ 550.814054][T12345] [ 550.814060][T12345] dump_stack_lvl+0xe8/0x150 [ 550.814082][T12345] should_fail_ex+0x46b/0x600 [ 550.814104][T12345] _copy_from_user+0x2d/0xb0 [ 550.814120][T12345] ___sys_recvmsg+0x175/0x590 [ 550.814134][T12345] ? ktime_get_ts64+0xa9/0x410 [ 550.814151][T12345] ? __pfx____sys_recvmsg+0x10/0x10 [ 550.814166][T12345] ? __fget_files+0x2a/0x420 [ 550.814190][T12345] ? __fget_files+0x3a6/0x420 [ 550.814210][T12345] do_recvmmsg+0x33a/0x800 [ 550.814228][T12345] ? __pfx_do_recvmmsg+0x10/0x10 [ 550.814247][T12345] ? _copy_from_user+0x94/0xb0 [ 550.814276][T12345] __x64_sys_recvmmsg+0x1b7/0x250 [ 550.814291][T12345] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 550.814309][T12345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.814323][T12345] do_syscall_64+0x174/0x580 [ 550.814342][T12345] ? trace_irq_disable+0x3b/0x140 [ 550.814357][T12345] ? clear_bhb_loop+0x40/0x90 [ 550.814372][T12345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.814385][T12345] RIP: 0033:0x7f430452ce59 [ 550.814398][T12345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 550.814410][T12345] RSP: 002b:00007f4302765028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 550.814425][T12345] RAX: ffffffffffffffda RBX: 00007f43047a6090 RCX: 00007f430452ce59 [ 550.814435][T12345] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 550.814444][T12345] RBP: 00007f4302765090 R08: 0000200000003700 R09: 0000000000000000 [ 550.814452][T12345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 550.814460][T12345] R13: 00007f43047a6128 R14: 00007f43047a6090 R15: 00007fff913b9db8 [ 550.814478][T12345] [ 550.837274][T11975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 550.970924][T11975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 551.054797][ T5885] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.054848][ T5885] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.054885][ T5885] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.054920][ T5885] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.984922][ T822] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 552.199153][ T822] usb 3-1: device descriptor read/64, error -71 [ 552.579237][ T822] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 552.741197][ T822] usb 3-1: device descriptor read/64, error -71 [ 552.770955][T12369] FAULT_INJECTION: forcing a failure. [ 552.770955][T12369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 552.770994][T12369] CPU: 1 UID: 0 PID: 12369 Comm: syz.0.2444 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 552.771027][T12369] Tainted: [L]=SOFTLOCKUP [ 552.771035][T12369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 552.771049][T12369] Call Trace: [ 552.771059][T12369] [ 552.771069][T12369] dump_stack_lvl+0xe8/0x150 [ 552.771102][T12369] should_fail_ex+0x46b/0x600 [ 552.771140][T12369] strncpy_from_user+0x36/0x2b0 [ 552.771174][T12369] do_getname+0x77/0x250 [ 552.771200][T12369] do_sys_openat2+0xcc/0x200 [ 552.771224][T12369] ? __pfx_do_sys_openat2+0x10/0x10 [ 552.771246][T12369] ? ksys_write+0x248/0x270 [ 552.771273][T12369] ? __pfx_ksys_write+0x10/0x10 [ 552.771301][T12369] __x64_sys_openat+0x138/0x170 [ 552.771325][T12369] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.771344][T12369] do_syscall_64+0x174/0x580 [ 552.771384][T12369] ? trace_irq_disable+0x3b/0x140 [ 552.771404][T12369] ? clear_bhb_loop+0x40/0x90 [ 552.771427][T12369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.771445][T12369] RIP: 0033:0x7f43044ed68e [ 552.771464][T12369] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 552.771480][T12369] RSP: 002b:00007f4302785b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 552.771500][T12369] RAX: ffffffffffffffda RBX: 00007f43027866c0 RCX: 00007f43044ed68e [ 552.771514][T12369] RDX: 0000000000000002 RSI: 00007f4302785c00 RDI: ffffffffffffff9c [ 552.771527][T12369] RBP: 00007f4302786090 R08: 0000000000000000 R09: 0000000000000000 [ 552.771539][T12369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.771550][T12369] R13: 00007f43047a6038 R14: 00007f43047a5fa0 R15: 00007fff913b9db8 [ 552.771592][T12369] [ 552.851383][ T822] usb usb3-port1: attempt power cycle [ 553.188009][ T822] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 553.213042][ T822] usb 3-1: device descriptor read/8, error -71 [ 553.231789][ T5993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.231815][ T5993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.370195][T12383] FAULT_INJECTION: forcing a failure. [ 553.370195][T12383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 553.370236][T12383] CPU: 0 UID: 0 PID: 12383 Comm: syz.3.2449 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 553.370270][T12383] Tainted: [L]=SOFTLOCKUP [ 553.370278][T12383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 553.370292][T12383] Call Trace: [ 553.370302][T12383] [ 553.370312][T12383] dump_stack_lvl+0xe8/0x150 [ 553.370345][T12383] should_fail_ex+0x46b/0x600 [ 553.370386][T12383] _copy_to_user+0x31/0xb0 [ 553.370426][T12383] simple_read_from_buffer+0xe1/0x170 [ 553.370460][T12383] proc_fail_nth_read+0x1be/0x230 [ 553.370491][T12383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 553.370522][T12383] ? rw_verify_area+0x2ac/0x4e0 [ 553.370553][T12383] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 553.370581][T12383] vfs_read+0x212/0xa80 [ 553.370622][T12383] ? __pfx_vfs_read+0x10/0x10 [ 553.370654][T12383] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 553.370689][T12383] ? lockdep_hardirqs_on+0x7a/0x110 [ 553.370722][T12383] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 553.370756][T12383] ? mutex_lock_nested+0x152/0x1d0 [ 553.370780][T12383] ? fdget_pos+0x252/0x320 [ 553.370815][T12383] ksys_read+0x156/0x270 [ 553.370846][T12383] ? __pfx_ksys_read+0x10/0x10 [ 553.370887][T12383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.370908][T12383] do_syscall_64+0x174/0x580 [ 553.370936][T12383] ? trace_irq_disable+0x3b/0x140 [ 553.370959][T12383] ? clear_bhb_loop+0x40/0x90 [ 553.370992][T12383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.371020][T12383] RIP: 0033:0x7fd7b1e9d68e [ 553.371040][T12383] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 553.371058][T12383] RSP: 002b:00007fd7b0135fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 553.371081][T12383] RAX: ffffffffffffffda RBX: 00007fd7b01366c0 RCX: 00007fd7b1e9d68e [ 553.371097][T12383] RDX: 000000000000000f RSI: 00007fd7b01360a0 RDI: 0000000000000004 [ 553.371111][T12383] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 553.371126][T12383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.371139][T12383] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 553.371175][T12383] [ 553.499525][ T822] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 553.522853][ T822] usb 3-1: device descriptor read/8, error -71 [ 553.630500][ T822] usb usb3-port1: unable to enumerate USB device [ 553.786030][ T5974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.786135][ T5974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.806038][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2453'. [ 554.018029][T12396] FAULT_INJECTION: forcing a failure. [ 554.018029][T12396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 554.018071][T12396] CPU: 0 UID: 0 PID: 12396 Comm: syz.0.2456 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 554.018098][T12396] Tainted: [L]=SOFTLOCKUP [ 554.018105][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 554.018117][T12396] Call Trace: [ 554.018125][T12396] [ 554.018135][T12396] dump_stack_lvl+0xe8/0x150 [ 554.018167][T12396] should_fail_ex+0x46b/0x600 [ 554.018200][T12396] _copy_to_user+0x31/0xb0 [ 554.018224][T12396] copy_siginfo_to_user+0x22/0xc0 [ 554.018252][T12396] x64_setup_rt_frame+0x77b/0xcb0 [ 554.018271][T12396] ? rt_spin_unlock+0x14f/0x200 [ 554.018311][T12396] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 554.018338][T12396] arch_do_signal_or_restart+0x442/0x840 [ 554.018361][T12396] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 554.018387][T12396] ? do_readv+0x2b7/0x2e0 [ 554.018413][T12396] exit_to_user_mode_loop+0xa9/0x680 [ 554.018434][T12396] ? rcu_is_watching+0x15/0xb0 [ 554.018458][T12396] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.018477][T12396] do_syscall_64+0x353/0x580 [ 554.018503][T12396] ? trace_irq_disable+0x3b/0x140 [ 554.018522][T12396] ? clear_bhb_loop+0x40/0x90 [ 554.018545][T12396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.018564][T12396] RIP: 0033:0x7f430452ce57 [ 554.018584][T12396] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 554.018601][T12396] RSP: 002b:00007f4302786028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 554.018624][T12396] RAX: 0000000000000013 RBX: 00007f43047a5fa0 RCX: 00007f430452ce59 [ 554.018637][T12396] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 554.018649][T12396] RBP: 00007f4302786090 R08: 0000000000000000 R09: 0000000000000000 [ 554.018660][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 554.018672][T12396] R13: 00007f43047a6038 R14: 00007f43047a5fa0 R15: 00007fff913b9db8 [ 554.018700][T12396] [ 555.044471][T12411] netdevsim netdevsim1: Direct firmware load for . [ 555.044471][T12411] failed with error -2 [ 555.044506][T12411] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 555.044506][T12411] [ 555.206565][T12429] FAULT_INJECTION: forcing a failure. [ 555.206565][T12429] name failslab, interval 1, probability 0, space 0, times 0 [ 555.206594][T12429] CPU: 1 UID: 0 PID: 12429 Comm: syz.3.2468 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 555.206622][T12429] Tainted: [L]=SOFTLOCKUP [ 555.206627][T12429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 555.206636][T12429] Call Trace: [ 555.206642][T12429] [ 555.206648][T12429] dump_stack_lvl+0xe8/0x150 [ 555.206669][T12429] should_fail_ex+0x46b/0x600 [ 555.206691][T12429] should_failslab+0xa8/0x100 [ 555.206709][T12429] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 555.206726][T12429] ? __alloc_skb+0x1d0/0x7d0 [ 555.206742][T12429] ? lockdep_hardirqs_on+0x7a/0x110 [ 555.206765][T12429] __alloc_skb+0x1d0/0x7d0 [ 555.206785][T12429] netlink_sendmsg+0x5d4/0xb40 [ 555.206803][T12429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 555.206817][T12429] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 555.206836][T12429] ? aa_sock_msg_perm+0x122/0x200 [ 555.206851][T12429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 555.206866][T12429] sock_sendmsg_nosec+0x13a/0x180 [ 555.206883][T12429] ____sys_sendmsg+0x55c/0x870 [ 555.206906][T12429] ? __pfx_____sys_sendmsg+0x10/0x10 [ 555.206930][T12429] ? import_iovec+0x73/0xa0 [ 555.206946][T12429] ___sys_sendmsg+0x2a5/0x360 [ 555.206965][T12429] ? __lock_acquire+0x6b5/0x2d10 [ 555.206983][T12429] ? __pfx____sys_sendmsg+0x10/0x10 [ 555.207021][T12429] ? __fget_files+0x2a/0x420 [ 555.207035][T12429] ? __fget_files+0x3a6/0x420 [ 555.207055][T12429] __x64_sys_sendmsg+0x1c3/0x2a0 [ 555.207075][T12429] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 555.207099][T12429] ? __pfx_ksys_write+0x10/0x10 [ 555.207122][T12429] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.207136][T12429] do_syscall_64+0x174/0x580 [ 555.207155][T12429] ? trace_irq_disable+0x3b/0x140 [ 555.207170][T12429] ? clear_bhb_loop+0x40/0x90 [ 555.207185][T12429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.207198][T12429] RIP: 0033:0x7fd7b1edce59 [ 555.207211][T12429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.207223][T12429] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 555.207243][T12429] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 555.207260][T12429] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 555.207274][T12429] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 555.207288][T12429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.207303][T12429] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 555.207337][T12429] [ 555.548271][T12432] FAULT_INJECTION: forcing a failure. [ 555.548271][T12432] name failslab, interval 1, probability 0, space 0, times 0 [ 555.548316][T12432] CPU: 0 UID: 0 PID: 12432 Comm: syz.3.2470 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 555.548349][T12432] Tainted: [L]=SOFTLOCKUP [ 555.548358][T12432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 555.548372][T12432] Call Trace: [ 555.548381][T12432] [ 555.548391][T12432] dump_stack_lvl+0xe8/0x150 [ 555.548427][T12432] should_fail_ex+0x46b/0x600 [ 555.548467][T12432] should_failslab+0xa8/0x100 [ 555.548500][T12432] __kmalloc_noprof+0xdf/0x7b0 [ 555.548528][T12432] ? tomoyo_encode+0x28b/0x550 [ 555.548561][T12432] tomoyo_encode+0x28b/0x550 [ 555.548592][T12432] tomoyo_realpath_from_path+0x58d/0x5d0 [ 555.548631][T12432] ? tomoyo_path_number_perm+0x219/0x630 [ 555.548667][T12432] tomoyo_path_number_perm+0x246/0x630 [ 555.548706][T12432] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 555.548745][T12432] ? __lock_acquire+0x6b5/0x2d10 [ 555.548776][T12432] ? do_raw_spin_lock+0x12b/0x2f0 [ 555.548843][T12432] ? __fget_files+0x2a/0x420 [ 555.548874][T12432] ? __fget_files+0x2a/0x420 [ 555.548900][T12432] ? __fget_files+0x3a6/0x420 [ 555.548926][T12432] ? __fget_files+0x2a/0x420 [ 555.548958][T12432] security_file_ioctl+0xc3/0x2a0 [ 555.548993][T12432] __se_sys_ioctl+0x47/0x170 [ 555.549026][T12432] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.549052][T12432] do_syscall_64+0x174/0x580 [ 555.549086][T12432] ? trace_irq_disable+0x3b/0x140 [ 555.549111][T12432] ? clear_bhb_loop+0x40/0x90 [ 555.549139][T12432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.549162][T12432] RIP: 0033:0x7fd7b1edce59 [ 555.549184][T12432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.549204][T12432] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 555.549229][T12432] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 555.549247][T12432] RDX: 0000200000000340 RSI: 00000000c08c5332 RDI: 0000000000000004 [ 555.549262][T12432] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 555.549276][T12432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.549289][T12432] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 555.549322][T12432] [ 555.549358][T12432] ERROR: Out of memory at tomoyo_realpath_from_path. [ 556.194680][ T5699] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 556.404489][ T5699] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 556.404520][ T5699] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 556.439735][ T5699] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 556.439768][ T5699] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 556.439787][ T5699] usb 4-1: SerialNumber: syz [ 556.443712][ T5618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 556.474505][ T5618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 556.476895][T12436] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2467'. [ 556.478399][ T5618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 556.569962][ T5618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 556.599320][ T5618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 557.044193][ T5699] usb 4-1: skipping empty audio interface (v1) [ 557.329182][ T5699] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 557.407410][ T5699] usb 4-1: USB disconnect, device number 6 [ 557.476424][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 557.796179][T12451] FAULT_INJECTION: forcing a failure. [ 557.796179][T12451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 557.796222][T12451] CPU: 1 UID: 0 PID: 12451 Comm: syz.3.2477 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 557.796251][T12451] Tainted: [L]=SOFTLOCKUP [ 557.796260][T12451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 557.796273][T12451] Call Trace: [ 557.796282][T12451] [ 557.796292][T12451] dump_stack_lvl+0xe8/0x150 [ 557.796324][T12451] should_fail_ex+0x46b/0x600 [ 557.796362][T12451] _copy_from_user+0x2d/0xb0 [ 557.796389][T12451] sctp_getsockopt_associnfo+0xde/0x500 [ 557.796423][T12451] ? __pfx_sctp_getsockopt_associnfo+0x10/0x10 [ 557.796458][T12451] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 557.796490][T12451] ? lockdep_hardirqs_on+0x7a/0x110 [ 557.796527][T12451] sctp_getsockopt+0x7ca/0xb90 [ 557.796561][T12451] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 557.796588][T12451] do_sock_getsockopt+0x51d/0x7e0 [ 557.796627][T12451] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 557.796678][T12451] ? __fget_files+0x3a6/0x420 [ 557.796703][T12451] ? __fget_files+0x2a/0x420 [ 557.796738][T12451] __x64_sys_getsockopt+0x1aa/0x250 [ 557.796787][T12451] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.796813][T12451] do_syscall_64+0x174/0x580 [ 557.796845][T12451] ? trace_irq_disable+0x3b/0x140 [ 557.796871][T12451] ? clear_bhb_loop+0x40/0x90 [ 557.796905][T12451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.796927][T12451] RIP: 0033:0x7fd7b1edce59 [ 557.796949][T12451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.796969][T12451] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 557.796994][T12451] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 557.797011][T12451] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000004 [ 557.797025][T12451] RBP: 00007fd7b0136090 R08: 0000200000000100 R09: 0000000000000000 [ 557.797040][T12451] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 557.797054][T12451] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 557.797090][T12451] [ 558.011554][ T822] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 558.223032][ T822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.223073][ T822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.223118][ T822] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 558.223145][ T822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.249363][ T822] usb 3-1: config 0 descriptor?? [ 558.417073][T12465] tipc: Can't bind to reserved service type 1 [ 558.568780][ T5699] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 558.679756][ T822] hid_parser_main: 228 callbacks suppressed [ 558.679785][ T822] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 558.679820][ T822] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 558.679848][ T822] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 558.679875][ T822] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 558.679900][ T822] playstation 0003:054C:0DF2.001D: unknown main item tag 0x0 [ 558.748523][ T5699] usb 4-1: unable to get BOS descriptor or descriptor too short [ 558.755573][ T5699] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 558.755604][ T5699] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 558.772733][ T822] playstation 0003:054C:0DF2.001D: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 558.817055][ T5699] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 558.817092][ T5699] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.817114][ T5699] usb 4-1: Product: syz [ 558.817131][ T5699] usb 4-1: Manufacturer: syz [ 558.817147][ T5699] usb 4-1: SerialNumber: syz [ 558.902695][ T822] playstation 0003:054C:0DF2.001D: Invalid reportID received, expected 9 got 45 [ 558.902728][ T822] playstation 0003:054C:0DF2.001D: Failed to retrieve DualSense pairing info: -22 [ 558.902895][ T822] playstation 0003:054C:0DF2.001D: Failed to get MAC address from DualSense [ 558.902921][ T822] playstation 0003:054C:0DF2.001D: Failed to create dualsense. [ 558.909763][ T822] playstation 0003:054C:0DF2.001D: probe with driver playstation failed with error -22 [ 559.080691][T12463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.084563][T12463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.087511][T12463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.092062][T12463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.093243][ T4932] Bluetooth: hci3: command tx timeout [ 559.142668][ T5699] usb 4-1: selecting invalid altsetting 1 [ 559.146667][ T5699] usb 4-1: unit 3 not found! [ 559.146691][ T5699] usb 4-1: unit 6 not found! [ 559.152338][T12449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.153169][T12449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.288970][ T5699] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 559.295588][ T5699] usb 4-1: USB disconnect, device number 7 [ 559.409863][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 559.440064][ T32] usb 3-1: USB disconnect, device number 103 [ 559.977915][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 560.018312][T12435] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.018821][T12435] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.019572][T12435] bridge_slave_0: entered allmulticast mode [ 560.023625][T12435] bridge_slave_0: entered promiscuous mode [ 560.070653][T12435] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.070971][T12435] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.071202][T12435] bridge_slave_1: entered allmulticast mode [ 560.075403][T12435] bridge_slave_1: entered promiscuous mode [ 560.142425][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 560.142454][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 560.143942][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 560.143972][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 560.143992][ T10] usb 4-1: SerialNumber: syz [ 560.337577][T12435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.376800][T12435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.441628][ T10] usb 4-1: skipping empty audio interface (v1) [ 560.543955][ T10] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 560.558314][ T10] usb 4-1: USB disconnect, device number 8 [ 560.630693][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 560.669155][T12435] team0: Port device team_slave_0 added [ 560.697192][T12435] team0: Port device team_slave_1 added [ 560.876986][T12508] netlink: 'syz.1.2492': attribute type 11 has an invalid length. [ 561.025939][T12435] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 561.025961][T12435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 561.025992][T12435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.041948][T12435] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.041966][T12435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 561.041993][T12435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.169079][ T4932] Bluetooth: hci3: command tx timeout [ 561.191133][T12517] FAULT_INJECTION: forcing a failure. [ 561.191133][T12517] name failslab, interval 1, probability 0, space 0, times 0 [ 561.191176][T12517] CPU: 0 UID: 0 PID: 12517 Comm: syz.2.2495 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 561.191208][T12517] Tainted: [L]=SOFTLOCKUP [ 561.191216][T12517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 561.191235][T12517] Call Trace: [ 561.191244][T12517] [ 561.191254][T12517] dump_stack_lvl+0xe8/0x150 [ 561.191285][T12517] should_fail_ex+0x46b/0x600 [ 561.191325][T12517] should_failslab+0xa8/0x100 [ 561.191357][T12517] __kmalloc_noprof+0xdf/0x7b0 [ 561.191385][T12517] ? tomoyo_encode+0x28b/0x550 [ 561.191418][T12517] tomoyo_encode+0x28b/0x550 [ 561.191451][T12517] tomoyo_realpath_from_path+0x58d/0x5d0 [ 561.191490][T12517] ? tomoyo_path_number_perm+0x219/0x630 [ 561.191524][T12517] tomoyo_path_number_perm+0x246/0x630 [ 561.191563][T12517] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 561.191609][T12517] ? __lock_acquire+0x6b5/0x2d10 [ 561.191641][T12517] ? do_raw_spin_lock+0x12b/0x2f0 [ 561.191699][T12517] ? __fget_files+0x2a/0x420 [ 561.191731][T12517] ? __fget_files+0x2a/0x420 [ 561.191756][T12517] ? __fget_files+0x3a6/0x420 [ 561.191781][T12517] ? __fget_files+0x2a/0x420 [ 561.191812][T12517] security_file_ioctl+0xc3/0x2a0 [ 561.191845][T12517] __se_sys_ioctl+0x47/0x170 [ 561.191878][T12517] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.191904][T12517] do_syscall_64+0x174/0x580 [ 561.191937][T12517] ? trace_irq_disable+0x3b/0x140 [ 561.191962][T12517] ? clear_bhb_loop+0x40/0x90 [ 561.191991][T12517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.192015][T12517] RIP: 0033:0x7fab1683ce59 [ 561.192038][T12517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 561.192059][T12517] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.192085][T12517] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 561.192103][T12517] RDX: 0000200000000080 RSI: 00000000c0245720 RDI: 0000000000000003 [ 561.192118][T12517] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 561.192133][T12517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.192148][T12517] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 561.192184][T12517] [ 561.192278][T12517] ERROR: Out of memory at tomoyo_realpath_from_path. [ 561.288276][T12519] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2496'. [ 561.350553][T12522] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2496'. [ 561.353689][T12522] netlink: 'syz.1.2496': attribute type 4 has an invalid length. [ 561.671675][T12435] hsr_slave_0: entered promiscuous mode [ 561.673542][T12435] hsr_slave_1: entered promiscuous mode [ 561.674729][T12435] debugfs: 'hsr0' already exists in 'hsr' [ 561.674764][T12435] Cannot create hsr debugfs directory [ 561.798036][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 561.834232][ T32] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 561.957950][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 561.960382][ T10] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 561.960414][ T10] usb 4-1: config 0 has no interface number 0 [ 561.960464][ T10] usb 4-1: config 0 interface 184 has no altsetting 0 [ 561.963505][ T10] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 561.963539][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.963562][ T10] usb 4-1: Product: syz [ 561.963579][ T10] usb 4-1: Manufacturer: syz [ 561.963596][ T10] usb 4-1: SerialNumber: syz [ 561.987487][ T32] usb 3-1: unable to get BOS descriptor or descriptor too short [ 561.988389][ T32] usb 3-1: not running at top speed; connect to a high speed hub [ 561.990592][ T32] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 4 [ 561.990625][ T32] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 1023 [ 561.994882][ T32] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 561.994913][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.994934][ T32] usb 3-1: Product: syz [ 561.994949][ T32] usb 3-1: Manufacturer: syz [ 561.994964][ T32] usb 3-1: SerialNumber: syz [ 562.112151][ T10] usb 4-1: config 0 descriptor?? [ 562.385634][ T32] usb 3-1: 1:1: invalid format type 0x1002 is detected, processed as PCM [ 562.385668][ T32] usb 3-1: 1:1 : invalid UAC_FORMAT_TYPE desc [ 562.388288][ T32] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 562.388315][ T32] usb 3-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 562.388339][ T32] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 562.388356][ T32] usb 3-1: 2:1 : invalid channels 0 [ 562.461761][ T32] usb 3-1: USB disconnect, device number 104 [ 562.622454][T10082] udevd[10082]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 562.642148][ T822] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 562.734936][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 562.734974][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 562.802689][ T822] usb 2-1: Using ep0 maxpacket: 16 [ 562.821029][ T822] usb 2-1: config 0 has an invalid interface number: 187 but max is 0 [ 562.821064][ T822] usb 2-1: config 0 has no interface number 0 [ 562.821102][ T822] usb 2-1: config 0 interface 187 has no altsetting 0 [ 562.824676][ T822] usb 2-1: New USB device found, idVendor=04b4, idProduct=5500, bcdDevice=48.8d [ 562.824710][ T822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.824733][ T822] usb 2-1: Product: syz [ 562.824749][ T822] usb 2-1: Manufacturer: syz [ 562.824764][ T822] usb 2-1: SerialNumber: syz [ 562.839941][ T822] usb 2-1: config 0 descriptor?? [ 563.044561][T12545] FAULT_INJECTION: forcing a failure. [ 563.044561][T12545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.044604][T12545] CPU: 0 UID: 0 PID: 12545 Comm: syz.2.2506 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 563.044633][T12545] Tainted: [L]=SOFTLOCKUP [ 563.044640][T12545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 563.044652][T12545] Call Trace: [ 563.044660][T12545] [ 563.044668][T12545] dump_stack_lvl+0xe8/0x150 [ 563.044697][T12545] should_fail_ex+0x46b/0x600 [ 563.044729][T12545] _copy_to_user+0x31/0xb0 [ 563.044754][T12545] simple_read_from_buffer+0xe1/0x170 [ 563.044779][T12545] proc_fail_nth_read+0x1be/0x230 [ 563.044803][T12545] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.044835][T12545] ? rw_verify_area+0x2ac/0x4e0 [ 563.044863][T12545] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.044886][T12545] vfs_read+0x212/0xa80 [ 563.044917][T12545] ? __pfx_vfs_read+0x10/0x10 [ 563.044943][T12545] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 563.044971][T12545] ? lockdep_hardirqs_on+0x7a/0x110 [ 563.044996][T12545] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 563.045022][T12545] ? mutex_lock_nested+0x152/0x1d0 [ 563.045042][T12545] ? fdget_pos+0x252/0x320 [ 563.045071][T12545] ksys_read+0x156/0x270 [ 563.045098][T12545] ? __pfx_ksys_read+0x10/0x10 [ 563.045131][T12545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.045151][T12545] do_syscall_64+0x174/0x580 [ 563.045177][T12545] ? trace_irq_disable+0x3b/0x140 [ 563.045199][T12545] ? clear_bhb_loop+0x40/0x90 [ 563.045223][T12545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.045242][T12545] RIP: 0033:0x7fab167fd68e [ 563.045262][T12545] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 563.045278][T12545] RSP: 002b:00007fab14a95fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 563.045298][T12545] RAX: ffffffffffffffda RBX: 00007fab14a966c0 RCX: 00007fab167fd68e [ 563.045311][T12545] RDX: 000000000000000f RSI: 00007fab14a960a0 RDI: 0000000000000007 [ 563.045323][T12545] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 563.045333][T12545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.045366][T12545] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 563.045395][T12545] [ 563.074353][T12543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.076580][T12543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.096740][T12543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.113737][T12543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.121899][T12543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.125718][T12543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.136949][T12543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.193362][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.193649][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.247980][ T4932] Bluetooth: hci3: command tx timeout [ 563.329021][T12543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.352523][T12543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.353810][T12543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.913931][T12542] 9p: Bad value for 'rfdno' [ 563.959522][T12551] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2507'. [ 564.018160][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 564.018195][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 564.018217][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 564.018515][ T10] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 564.079940][ T10] usb 4-1: USB disconnect, device number 9 [ 564.253323][ T822] cypress_m8 2-1:0.187: HID->COM RS232 Adapter converter detected [ 564.258660][ T822] cyphidcom ttyUSB0: required endpoint is missing [ 564.277528][ T822] usb 2-1: USB disconnect, device number 74 [ 564.281676][ T822] cypress_m8 2-1:0.187: device disconnected [ 564.522674][T12435] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.667316][T12556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2508'. [ 564.818698][ T10] IPVS: starting estimator thread 0... [ 564.827636][T12565] FAULT_INJECTION: forcing a failure. [ 564.827636][T12565] name failslab, interval 1, probability 0, space 0, times 0 [ 564.842857][T12565] CPU: 1 UID: 0 PID: 12565 Comm: syz.2.2513 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 564.842892][T12565] Tainted: [L]=SOFTLOCKUP [ 564.842899][T12565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 564.842912][T12565] Call Trace: [ 564.842920][T12565] [ 564.842930][T12565] dump_stack_lvl+0xe8/0x150 [ 564.842961][T12565] should_fail_ex+0x46b/0x600 [ 564.842995][T12565] should_failslab+0xa8/0x100 [ 564.843023][T12565] __kmalloc_cache_noprof+0x84/0x690 [ 564.843048][T12565] ? lockdep_hardirqs_on+0x7a/0x110 [ 564.843077][T12565] ? ip_vs_add_dest+0x112a/0x1bd0 [ 564.843108][T12565] ip_vs_add_dest+0x112a/0x1bd0 [ 564.843141][T12565] ? ip_vs_add_dest+0x2b2/0x1bd0 [ 564.843175][T12565] ? __pfx_ip_vs_add_dest+0x10/0x10 [ 564.843220][T12565] do_ip_vs_set_ctl+0x9b8/0xb00 [ 564.843250][T12565] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 564.843298][T12565] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 564.843327][T12565] ? rt_mutex_slowunlock+0x1cb/0x300 [ 564.843350][T12565] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 564.843386][T12565] nf_setsockopt+0x26f/0x290 [ 564.843414][T12565] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 564.843442][T12565] do_sock_setsockopt+0x17c/0x1b0 [ 564.843475][T12565] __x64_sys_setsockopt+0x143/0x1b0 [ 564.843506][T12565] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.843528][T12565] do_syscall_64+0x174/0x580 [ 564.843556][T12565] ? trace_irq_disable+0x3b/0x140 [ 564.843578][T12565] ? clear_bhb_loop+0x40/0x90 [ 564.843602][T12565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.843622][T12565] RIP: 0033:0x7fab1683ce59 [ 564.843642][T12565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 564.843659][T12565] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 564.843683][T12565] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 564.843697][T12565] RDX: 0000000000000487 RSI: 0000000000000000 RDI: 0000000000000005 [ 564.843710][T12565] RBP: 00007fab14a96090 R08: 0000000000000044 R09: 0000000000000000 [ 564.843723][T12565] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 564.843743][T12565] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 564.843774][T12565] [ 564.908845][T12567] IPVS: using max 8 ests per chain, 19200 per kthread [ 565.183391][T12577] FAULT_INJECTION: forcing a failure. [ 565.183391][T12577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.183429][T12577] CPU: 0 UID: 0 PID: 12577 Comm: syz.1.2518 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 565.183449][T12577] Tainted: [L]=SOFTLOCKUP [ 565.183454][T12577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 565.183462][T12577] Call Trace: [ 565.183467][T12577] [ 565.183474][T12577] dump_stack_lvl+0xe8/0x150 [ 565.183494][T12577] should_fail_ex+0x46b/0x600 [ 565.183517][T12577] _copy_to_user+0x31/0xb0 [ 565.183534][T12577] simple_read_from_buffer+0xe1/0x170 [ 565.183553][T12577] proc_fail_nth_read+0x1be/0x230 [ 565.183572][T12577] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.183592][T12577] ? rw_verify_area+0x2ac/0x4e0 [ 565.183609][T12577] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.183625][T12577] vfs_read+0x212/0xa80 [ 565.183647][T12577] ? __pfx_vfs_read+0x10/0x10 [ 565.183666][T12577] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 565.183686][T12577] ? lockdep_hardirqs_on+0x7a/0x110 [ 565.183705][T12577] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 565.183724][T12577] ? mutex_lock_nested+0x152/0x1d0 [ 565.183738][T12577] ? fdget_pos+0x252/0x320 [ 565.183758][T12577] ksys_read+0x156/0x270 [ 565.183777][T12577] ? __pfx_ksys_read+0x10/0x10 [ 565.183799][T12577] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.183813][T12577] do_syscall_64+0x174/0x580 [ 565.183840][T12577] ? trace_irq_disable+0x3b/0x140 [ 565.183855][T12577] ? clear_bhb_loop+0x40/0x90 [ 565.183871][T12577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.183883][T12577] RIP: 0033:0x7f4e7d2fd68e [ 565.183897][T12577] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 565.183908][T12577] RSP: 002b:00007f4e7b58dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 565.183923][T12577] RAX: ffffffffffffffda RBX: 00007f4e7b58e6c0 RCX: 00007f4e7d2fd68e [ 565.183934][T12577] RDX: 000000000000000f RSI: 00007f4e7b58e0a0 RDI: 0000000000000003 [ 565.183942][T12577] RBP: 00007f4e7b58e090 R08: 0000000000000000 R09: 0000000000000000 [ 565.183950][T12577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.183958][T12577] R13: 00007f4e7d5b6038 R14: 00007f4e7d5b5fa0 R15: 00007ffcf0df5708 [ 565.183976][T12577] [ 565.351824][ T4932] Bluetooth: hci3: command tx timeout [ 565.482640][T12435] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.569118][ T822] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 565.680911][T12588] 9p: Bad value for 'rfdno' [ 565.702735][ T822] usb 2-1: device descriptor read/64, error -71 [ 565.938282][ T822] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 565.997945][ T32] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 566.026273][T12435] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.068577][ T822] usb 2-1: device descriptor read/64, error -71 [ 566.147998][ T32] usb 4-1: Using ep0 maxpacket: 16 [ 566.150631][ T32] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 566.150693][ T32] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 566.152050][ T32] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 566.152084][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 566.152097][ T32] usb 4-1: SerialNumber: syz [ 566.174972][ T5720] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 566.178297][ T822] usb usb2-port1: attempt power cycle [ 566.378177][ T5720] usb 3-1: Using ep0 maxpacket: 16 [ 566.432419][ T5699] usb 4-1: USB disconnect, device number 10 [ 566.439171][ T5720] usb 3-1: unable to get BOS descriptor or descriptor too short [ 566.440323][ T5720] usb 3-1: config 0 has an invalid interface number: 237 but max is 0 [ 566.440351][ T5720] usb 3-1: config 0 has no interface number 0 [ 566.440401][ T5720] usb 3-1: config 0 interface 237 altsetting 93 endpoint 0x83 has invalid wMaxPacketSize 0 [ 566.440420][ T5720] usb 3-1: config 0 interface 237 altsetting 93 bulk endpoint 0x83 has invalid maxpacket 0 [ 566.440436][ T5720] usb 3-1: config 0 interface 237 has no altsetting 0 [ 566.442711][ T5720] usb 3-1: New USB device found, idVendor=045e, idProduct=0445, bcdDevice=87.ed [ 566.442740][ T5720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.442754][ T5720] usb 3-1: Product: syz [ 566.442763][ T5720] usb 3-1: Manufacturer: syz [ 566.442773][ T5720] usb 3-1: SerialNumber: syz [ 566.449170][ T5720] usb 3-1: config 0 descriptor?? [ 566.558125][ T822] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 566.592620][ T822] usb 2-1: device descriptor read/8, error -71 [ 566.615809][T12435] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.680887][ T5720] ipaq 3-1:0.237: PocketPC PDA converter detected [ 566.681099][ T5720] usb 3-1: active config #0 != 1 ?? [ 566.729532][ T5720] usb 3-1: USB disconnect, device number 105 [ 566.828780][ T822] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 566.848556][ T822] usb 2-1: device descriptor read/8, error -71 [ 566.966906][ T822] usb usb2-port1: unable to enumerate USB device [ 567.294253][T12435] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 567.365051][T12435] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 567.385789][T12435] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 567.485937][T12435] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 567.492465][T12435] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 567.513658][T12604] FAULT_INJECTION: forcing a failure. [ 567.513658][T12604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.513686][T12604] CPU: 0 UID: 0 PID: 12604 Comm: syz.2.2529 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 567.513706][T12604] Tainted: [L]=SOFTLOCKUP [ 567.513710][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 567.513719][T12604] Call Trace: [ 567.513726][T12604] [ 567.513733][T12604] dump_stack_lvl+0xe8/0x150 [ 567.513754][T12604] should_fail_ex+0x46b/0x600 [ 567.513777][T12604] _copy_from_iter+0x1d3/0x1670 [ 567.513790][T12604] ? aa_file_perm+0x192/0x15f0 [ 567.513811][T12604] ? __pfx__copy_from_iter+0x10/0x10 [ 567.513825][T12604] ? __pfx_aa_file_perm+0x10/0x10 [ 567.513842][T12604] ? iov_iter_advance+0x8b/0x1c0 [ 567.513856][T12604] vhost_chr_write_iter+0x2aa/0xae0 [ 567.513874][T12604] ? __lock_acquire+0x6b5/0x2d10 [ 567.513890][T12604] ? __pfx_vhost_chr_write_iter+0x10/0x10 [ 567.513912][T12604] vfs_write+0x629/0xba0 [ 567.513935][T12604] ? __pfx_vfs_write+0x10/0x10 [ 567.513958][T12604] ? __fget_files+0x2a/0x420 [ 567.513978][T12604] ksys_write+0x156/0x270 [ 567.513996][T12604] ? __pfx_ksys_write+0x10/0x10 [ 567.514018][T12604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.514032][T12604] do_syscall_64+0x174/0x580 [ 567.514050][T12604] ? trace_irq_disable+0x3b/0x140 [ 567.514064][T12604] ? clear_bhb_loop+0x40/0x90 [ 567.514080][T12604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.514093][T12604] RIP: 0033:0x7fab1683ce59 [ 567.514106][T12604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 567.514118][T12604] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 567.514133][T12604] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 567.514143][T12604] RDX: 0000000000000036 RSI: 00002000000003c0 RDI: 0000000000000003 [ 567.514151][T12604] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 567.514159][T12604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.514167][T12604] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 567.514186][T12604] [ 567.557986][ T5719] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 567.561001][T12435] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 567.562660][T12435] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 567.607289][T12435] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 567.712227][ T5719] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 567.712257][ T5719] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 567.713533][ T5719] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 567.713560][ T5719] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 567.713581][ T5719] usb 4-1: SerialNumber: syz [ 567.951258][ T5719] usb 4-1: 0:2 : does not exist [ 568.074392][ T5719] usb 4-1: USB disconnect, device number 11 [ 568.076431][T12435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.130130][T12435] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.160234][ T2205] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.160420][ T2205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.222770][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 568.265066][ T5982] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.265255][ T5982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 568.425075][T12614] xt_l2tp: missing protocol rule (udp|l2tpip) [ 568.777800][T12621] FAULT_INJECTION: forcing a failure. [ 568.777800][T12621] name failslab, interval 1, probability 0, space 0, times 0 [ 568.777838][T12621] CPU: 0 UID: 0 PID: 12621 Comm: syz.3.2534 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 568.777865][T12621] Tainted: [L]=SOFTLOCKUP [ 568.777872][T12621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 568.777883][T12621] Call Trace: [ 568.777891][T12621] [ 568.777899][T12621] dump_stack_lvl+0xe8/0x150 [ 568.777927][T12621] should_fail_ex+0x46b/0x600 [ 568.777958][T12621] should_failslab+0xa8/0x100 [ 568.777983][T12621] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 568.778008][T12621] ? __alloc_skb+0x1d0/0x7d0 [ 568.778031][T12621] ? lockdep_hardirqs_on+0x7a/0x110 [ 568.778063][T12621] __alloc_skb+0x1d0/0x7d0 [ 568.778087][T12621] ? do_raw_spin_lock+0x12b/0x2f0 [ 568.778108][T12621] pfkey_sendmsg+0x212/0x1120 [ 568.778137][T12621] ? rcu_is_watching+0x15/0xb0 [ 568.778161][T12621] ? trace_hrtimer_start+0x82/0x200 [ 568.778186][T12621] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 568.778220][T12621] ? aa_sk_perm+0x703/0x950 [ 568.778245][T12621] ? __pfx_aa_sk_perm+0x10/0x10 [ 568.778261][T12621] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 568.778287][T12621] ? aa_sock_msg_perm+0x122/0x200 [ 568.778308][T12621] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 568.778332][T12621] sock_sendmsg_nosec+0x13a/0x180 [ 568.778357][T12621] ____sys_sendmsg+0x55c/0x870 [ 568.778390][T12621] ? __pfx_____sys_sendmsg+0x10/0x10 [ 568.778427][T12621] ? import_iovec+0x73/0xa0 [ 568.778452][T12621] ___sys_sendmsg+0x2a5/0x360 [ 568.778480][T12621] ? __lock_acquire+0x6b5/0x2d10 [ 568.778505][T12621] ? __pfx____sys_sendmsg+0x10/0x10 [ 568.778573][T12621] ? __fget_files+0x2a/0x420 [ 568.778595][T12621] ? __fget_files+0x3a6/0x420 [ 568.778625][T12621] __x64_sys_sendmsg+0x1c3/0x2a0 [ 568.778655][T12621] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 568.778690][T12621] ? __pfx_ksys_write+0x10/0x10 [ 568.778722][T12621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.778741][T12621] do_syscall_64+0x174/0x580 [ 568.778767][T12621] ? trace_irq_disable+0x3b/0x140 [ 568.778797][T12621] ? clear_bhb_loop+0x40/0x90 [ 568.778819][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.778838][T12621] RIP: 0033:0x7fd7b1edce59 [ 568.778857][T12621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.778875][T12621] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.778897][T12621] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 568.778911][T12621] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 568.778923][T12621] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 568.778934][T12621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.778944][T12621] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 568.778973][T12621] [ 569.258010][ T5699] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 569.319026][T12634] FAULT_INJECTION: forcing a failure. [ 569.319026][T12634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.319073][T12634] CPU: 1 UID: 0 PID: 12634 Comm: syz.3.2536 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 569.319105][T12634] Tainted: [L]=SOFTLOCKUP [ 569.319120][T12634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 569.319133][T12634] Call Trace: [ 569.319142][T12634] [ 569.319153][T12634] dump_stack_lvl+0xe8/0x150 [ 569.319189][T12634] should_fail_ex+0x46b/0x600 [ 569.319229][T12634] _copy_from_iter+0x1d3/0x1670 [ 569.319267][T12634] ? __pfx__copy_from_iter+0x10/0x10 [ 569.319288][T12634] ? trace_kmalloc+0x2a/0xf0 [ 569.319320][T12634] ? rcu_is_watching+0x15/0xb0 [ 569.319363][T12634] file_tty_write+0x4c9/0xa10 [ 569.319399][T12634] vfs_write+0x629/0xba0 [ 569.319449][T12634] ? __pfx_vfs_write+0x10/0x10 [ 569.319493][T12634] ? __fget_files+0x2a/0x420 [ 569.319542][T12634] ksys_write+0x156/0x270 [ 569.319576][T12634] ? __pfx_ksys_write+0x10/0x10 [ 569.319616][T12634] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.319642][T12634] do_syscall_64+0x174/0x580 [ 569.319675][T12634] ? trace_irq_disable+0x3b/0x140 [ 569.319699][T12634] ? clear_bhb_loop+0x40/0x90 [ 569.319728][T12634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.319751][T12634] RIP: 0033:0x7fd7b1edce59 [ 569.319773][T12634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.319792][T12634] RSP: 002b:00007fd7b0115028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 569.319818][T12634] RAX: ffffffffffffffda RBX: 00007fd7b2156090 RCX: 00007fd7b1edce59 [ 569.319837][T12634] RDX: 000000000000045c RSI: 00002000000004c0 RDI: 0000000000000004 [ 569.319853][T12634] RBP: 00007fd7b0115090 R08: 0000000000000000 R09: 0000000000000000 [ 569.319867][T12634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.319880][T12634] R13: 00007fd7b2156128 R14: 00007fd7b2156090 R15: 00007ffee6a81038 [ 569.319915][T12634] [ 569.321093][T12631] input: syz0 as /devices/virtual/input/input38 [ 569.528500][ T5699] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 569.528533][ T5699] usb 2-1: config 0 has no interface number 0 [ 569.528586][ T5699] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 569.528616][ T5699] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 569.528659][ T5699] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 569.528686][ T5699] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.640662][ T5699] usb 2-1: config 0 descriptor?? [ 569.704048][ T5719] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 569.863489][ T5719] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 569.863525][ T5719] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.863547][ T5719] usb 3-1: Product: syz [ 569.863564][ T5719] usb 3-1: Manufacturer: syz [ 569.863580][ T5719] usb 3-1: SerialNumber: syz [ 570.072782][ T5699] uclogic 0003:28BD:0905.001E: Interface probing failed: -22 [ 570.072855][ T5699] uclogic 0003:28BD:0905.001E: interface is invalid, ignoring [ 570.158627][ T822] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 570.321108][ T822] usb 4-1: device descriptor read/64, error -71 [ 570.406440][T12435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 570.437015][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 570.437087][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 570.568502][ T822] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 570.707930][ T822] usb 4-1: device descriptor read/64, error -71 [ 570.819136][ T822] usb usb4-port1: attempt power cycle [ 570.863825][T12435] veth0_vlan: entered promiscuous mode [ 570.939351][T12435] veth1_vlan: entered promiscuous mode [ 571.112933][T12435] veth0_macvtap: entered promiscuous mode [ 571.134349][T12435] veth1_macvtap: entered promiscuous mode [ 571.198004][ T822] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 571.218001][T12435] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 571.226167][ T822] usb 4-1: device descriptor read/8, error -71 [ 571.319199][T12435] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 571.395286][ T5706] usb 2-1: USB disconnect, device number 79 [ 571.409926][ T2205] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 571.415808][ T2205] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 571.417375][ T2205] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 571.458104][ T822] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 571.486550][ T822] usb 4-1: device descriptor read/8, error -71 [ 571.583826][ T2205] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 571.591274][ T822] usb usb4-port1: unable to enumerate USB device [ 571.691819][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 571.916998][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001000. ret = -EPROTO [ 571.917609][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 571.917881][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 571.919101][ T5719] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 571.978627][ T5719] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 572.085622][ T5719] usb 3-1: USB disconnect, device number 106 [ 573.290575][ T822] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 573.458976][ T822] usb 2-1: Using ep0 maxpacket: 8 [ 573.464395][ T822] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 573.475572][ T822] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 573.475603][ T822] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 573.475625][ T822] usb 2-1: Product: syz [ 573.475641][ T822] usb 2-1: Manufacturer: syz [ 573.475655][ T822] usb 2-1: SerialNumber: syz [ 573.572585][ T5975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.572610][ T5975] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 573.627951][ T5720] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 573.711521][T12655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.737497][T12655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.743720][ T822] usb 2-1: Handspring Visor / Palm OS: No valid connect info available [ 573.743747][ T822] usb 2-1: Handspring Visor / Palm OS: port 147, is for Debugger use [ 573.743769][ T822] usb 2-1: Handspring Visor / Palm OS: port 211, is for unknown use [ 573.743810][ T822] usb 2-1: Handspring Visor / Palm OS: Number of ports: 2 [ 573.791321][ T5720] usb 3-1: Using ep0 maxpacket: 32 [ 573.815402][ T5720] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 573.815435][ T5720] usb 3-1: config 0 has no interface number 0 [ 573.815489][ T5720] usb 3-1: config 0 interface 184 has no altsetting 0 [ 573.846553][ T5720] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 573.846591][ T5720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.846614][ T5720] usb 3-1: Product: syz [ 573.846630][ T5720] usb 3-1: Manufacturer: syz [ 573.846647][ T5720] usb 3-1: SerialNumber: syz [ 573.896444][ T5720] usb 3-1: config 0 descriptor?? [ 573.959482][ T822] visor 2-1:1.0: Handspring Visor / Palm OS converter detected [ 573.979786][T12655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.980132][T12663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.994678][T12655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.996119][T12663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.011451][ T822] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 574.343838][ T822] usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 574.363368][ T822] usb 2-1: USB disconnect, device number 80 [ 574.375010][ T5720] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 574.375043][ T5720] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 574.375065][ T5720] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 574.375398][ T5720] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61 [ 574.460484][ T822] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 574.530862][ T822] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 574.534120][ T822] visor 2-1:1.0: device disconnected [ 574.695745][ T5975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 574.695768][ T5975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.279878][T11053] usb 3-1: USB disconnect, device number 107 [ 575.383288][T12679] netlink: 'syz.1.2547': attribute type 1 has an invalid length. [ 575.415637][T12682] FAULT_INJECTION: forcing a failure. [ 575.415637][T12682] name failslab, interval 1, probability 0, space 0, times 0 [ 575.415668][T12682] CPU: 1 UID: 0 PID: 12682 Comm: syz.2.2548 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 575.415689][T12682] Tainted: [L]=SOFTLOCKUP [ 575.415698][T12682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 575.415709][T12682] Call Trace: [ 575.415717][T12682] [ 575.415728][T12682] dump_stack_lvl+0xe8/0x150 [ 575.415773][T12682] should_fail_ex+0x46b/0x600 [ 575.415809][T12682] should_failslab+0xa8/0x100 [ 575.415838][T12682] __kmalloc_noprof+0xdf/0x7b0 [ 575.415863][T12682] ? tomoyo_encode+0x28b/0x550 [ 575.415894][T12682] tomoyo_encode+0x28b/0x550 [ 575.415921][T12682] tomoyo_realpath_from_path+0x58d/0x5d0 [ 575.415942][T12682] ? tomoyo_path_number_perm+0x219/0x630 [ 575.415962][T12682] tomoyo_path_number_perm+0x246/0x630 [ 575.415983][T12682] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 575.416003][T12682] ? __lock_acquire+0x6b5/0x2d10 [ 575.416020][T12682] ? do_raw_spin_lock+0x12b/0x2f0 [ 575.416050][T12682] ? __fget_files+0x2a/0x420 [ 575.416067][T12682] ? __fget_files+0x2a/0x420 [ 575.416081][T12682] ? __fget_files+0x3a6/0x420 [ 575.416095][T12682] ? __fget_files+0x2a/0x420 [ 575.416156][T12682] security_file_ioctl+0xc3/0x2a0 [ 575.416176][T12682] __se_sys_ioctl+0x47/0x170 [ 575.416195][T12682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.416210][T12682] do_syscall_64+0x174/0x580 [ 575.416230][T12682] ? trace_irq_disable+0x3b/0x140 [ 575.416244][T12682] ? clear_bhb_loop+0x40/0x90 [ 575.416260][T12682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.416273][T12682] RIP: 0033:0x7fab1683ce59 [ 575.416287][T12682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 575.416298][T12682] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 575.416315][T12682] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 575.416325][T12682] RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000003 [ 575.416334][T12682] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 575.416342][T12682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 575.416350][T12682] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 575.416369][T12682] [ 575.416384][T12682] ERROR: Out of memory at tomoyo_realpath_from_path. [ 576.311393][T12706] netlink: 'syz.1.2559': attribute type 5 has an invalid length. [ 576.394084][T12710] FAULT_INJECTION: forcing a failure. [ 576.394084][T12710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 576.394129][T12710] CPU: 1 UID: 0 PID: 12710 Comm: syz.1.2561 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 576.394163][T12710] Tainted: [L]=SOFTLOCKUP [ 576.394172][T12710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 576.394187][T12710] Call Trace: [ 576.394197][T12710] [ 576.394209][T12710] dump_stack_lvl+0xe8/0x150 [ 576.394245][T12710] should_fail_ex+0x46b/0x600 [ 576.394285][T12710] _copy_from_user+0x2d/0xb0 [ 576.394315][T12710] kstrtouint_from_user+0xd6/0x180 [ 576.394354][T12710] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 576.394408][T12710] proc_fail_nth_write+0x8e/0x210 [ 576.394437][T12710] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 576.394480][T12710] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 576.394510][T12710] vfs_write+0x2a3/0xba0 [ 576.394553][T12710] ? __pfx_vfs_write+0x10/0x10 [ 576.394588][T12710] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 576.394623][T12710] ? lockdep_hardirqs_on+0x7a/0x110 [ 576.394657][T12710] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 576.394691][T12710] ? mutex_lock_nested+0x152/0x1d0 [ 576.394715][T12710] ? fdget_pos+0x252/0x320 [ 576.394750][T12710] ksys_write+0x156/0x270 [ 576.394785][T12710] ? __pfx_ksys_write+0x10/0x10 [ 576.394826][T12710] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.394852][T12710] do_syscall_64+0x174/0x580 [ 576.394885][T12710] ? trace_irq_disable+0x3b/0x140 [ 576.394911][T12710] ? clear_bhb_loop+0x40/0x90 [ 576.394940][T12710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.394963][T12710] RIP: 0033:0x7f4e7d2fd68e [ 576.394986][T12710] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 576.395006][T12710] RSP: 002b:00007f4e7b58dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 576.395032][T12710] RAX: ffffffffffffffda RBX: 00007f4e7b58e6c0 RCX: 00007f4e7d2fd68e [ 576.395048][T12710] RDX: 0000000000000001 RSI: 00007f4e7b58e0a0 RDI: 0000000000000003 [ 576.395063][T12710] RBP: 00007f4e7b58e090 R08: 0000000000000000 R09: 0000000000000000 [ 576.395078][T12710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 576.395093][T12710] R13: 00007f4e7d5b6038 R14: 00007f4e7d5b5fa0 R15: 00007ffcf0df5708 [ 576.395130][T12710] [ 576.567957][ T822] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 576.722307][ T822] usb 1-1: config 0 has an invalid interface number: 106 but max is 0 [ 576.722339][ T822] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 576.722359][ T822] usb 1-1: config 0 has no interface number 0 [ 576.723747][ T822] usb 1-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 576.723766][ T822] usb 1-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 576.723799][ T822] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 576.723814][ T822] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.737404][ T822] usb 1-1: config 0 descriptor?? [ 576.779155][ T32] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 576.852353][ T822] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 576.957882][ T32] usb 2-1: Using ep0 maxpacket: 32 [ 576.974456][ T32] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 576.974571][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.974589][ T32] usb 2-1: Product: syz [ 576.974599][ T32] usb 2-1: Manufacturer: syz [ 576.974608][ T32] usb 2-1: SerialNumber: syz [ 577.030521][ T5972] usb 1-1: Failed to submit usb control message: -71 [ 577.030566][ T5972] usb 1-1: unable to send the bmi data to the device: -71 [ 577.030588][ T5972] usb 1-1: unable to get target info from device [ 577.030605][ T5972] usb 1-1: could not get target info (-71) [ 577.030627][ T5972] usb 1-1: could not probe fw (-71) [ 577.049057][ T822] usb 1-1: USB disconnect, device number 127 [ 577.055472][ T32] usb 2-1: config 0 descriptor?? [ 577.312001][ T4932] Bluetooth: hci1: Malformed Event: 0x13 [ 577.450316][T10292] usb 3-1: new low-speed USB device number 108 using dummy_hcd [ 577.468842][ T32] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 081 [ 577.587865][T10292] usb 3-1: device descriptor read/64, error -71 [ 577.785687][T12731] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2568'. [ 577.828015][T10292] usb 3-1: new low-speed USB device number 109 using dummy_hcd [ 577.977893][T10292] usb 3-1: device descriptor read/64, error -71 [ 578.088164][T10292] usb usb3-port1: attempt power cycle [ 578.428537][T10292] usb 3-1: new low-speed USB device number 110 using dummy_hcd [ 578.448817][T10292] usb 3-1: device descriptor read/8, error -71 [ 578.481270][T12738] FAULT_INJECTION: forcing a failure. [ 578.481270][T12738] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 578.481308][T12738] CPU: 0 UID: 0 PID: 12738 Comm: syz.3.2571 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 578.481335][T12738] Tainted: [L]=SOFTLOCKUP [ 578.481341][T12738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 578.481353][T12738] Call Trace: [ 578.481361][T12738] [ 578.481369][T12738] dump_stack_lvl+0xe8/0x150 [ 578.481408][T12738] should_fail_ex+0x46b/0x600 [ 578.481442][T12738] _copy_from_user+0x2d/0xb0 [ 578.481464][T12738] kstrtouint_from_user+0xd6/0x180 [ 578.481493][T12738] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 578.481535][T12738] proc_fail_nth_write+0x8e/0x210 [ 578.481557][T12738] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 578.481583][T12738] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 578.481606][T12738] vfs_write+0x2a3/0xba0 [ 578.481639][T12738] ? __pfx_vfs_write+0x10/0x10 [ 578.481668][T12738] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 578.481696][T12738] ? lockdep_hardirqs_on+0x7a/0x110 [ 578.481723][T12738] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 578.481749][T12738] ? mutex_lock_nested+0x152/0x1d0 [ 578.481768][T12738] ? fdget_pos+0x252/0x320 [ 578.481797][T12738] ksys_write+0x156/0x270 [ 578.481824][T12738] ? __pfx_ksys_write+0x10/0x10 [ 578.481856][T12738] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.481876][T12738] do_syscall_64+0x174/0x580 [ 578.481901][T12738] ? trace_irq_disable+0x3b/0x140 [ 578.481922][T12738] ? clear_bhb_loop+0x40/0x90 [ 578.481945][T12738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.481969][T12738] RIP: 0033:0x7fd7b1e9d68e [ 578.481988][T12738] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 578.482004][T12738] RSP: 002b:00007fd7b0135fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 578.482025][T12738] RAX: ffffffffffffffda RBX: 00007fd7b01366c0 RCX: 00007fd7b1e9d68e [ 578.482039][T12738] RDX: 0000000000000001 RSI: 00007fd7b01360a0 RDI: 0000000000000005 [ 578.482050][T12738] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 578.482061][T12738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.482071][T12738] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 578.482101][T12738] [ 578.747902][T10292] usb 3-1: new low-speed USB device number 111 using dummy_hcd [ 578.769189][T10292] usb 3-1: device descriptor read/8, error -71 [ 578.886542][T10292] usb usb3-port1: unable to enumerate USB device [ 579.016409][T12741] netlink: 'syz.0.2572': attribute type 4 has an invalid length. [ 579.448522][ T5886] bridge_slave_1: left allmulticast mode [ 579.448803][ T5886] bridge_slave_1: left promiscuous mode [ 579.482453][ T5886] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.626249][T12752] FAULT_INJECTION: forcing a failure. [ 579.626249][T12752] name failslab, interval 1, probability 0, space 0, times 0 [ 579.626278][T12752] CPU: 1 UID: 0 PID: 12752 Comm: syz.3.2576 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 579.626298][T12752] Tainted: [L]=SOFTLOCKUP [ 579.626303][T12752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 579.626312][T12752] Call Trace: [ 579.626317][T12752] [ 579.626323][T12752] dump_stack_lvl+0xe8/0x150 [ 579.626344][T12752] should_fail_ex+0x46b/0x600 [ 579.626370][T12752] should_failslab+0xa8/0x100 [ 579.626391][T12752] __kmalloc_noprof+0xdf/0x7b0 [ 579.626430][T12752] ? tomoyo_encode+0x28b/0x550 [ 579.626463][T12752] tomoyo_encode+0x28b/0x550 [ 579.626494][T12752] tomoyo_realpath_from_path+0x58d/0x5d0 [ 579.626522][T12752] ? tomoyo_domain+0xd7/0x130 [ 579.626554][T12752] ? tomoyo_path_number_perm+0x219/0x630 [ 579.626589][T12752] tomoyo_path_number_perm+0x246/0x630 [ 579.626624][T12752] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 579.626656][T12752] ? __lock_acquire+0x6b5/0x2d10 [ 579.626682][T12752] ? do_raw_spin_lock+0x12b/0x2f0 [ 579.626712][T12752] ? __fget_files+0x2a/0x420 [ 579.626729][T12752] ? __fget_files+0x2a/0x420 [ 579.626743][T12752] ? __fget_files+0x3a6/0x420 [ 579.626757][T12752] ? __fget_files+0x2a/0x420 [ 579.626774][T12752] security_file_ioctl+0xc3/0x2a0 [ 579.626794][T12752] __se_sys_ioctl+0x47/0x170 [ 579.626813][T12752] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.626827][T12752] do_syscall_64+0x174/0x580 [ 579.626847][T12752] ? trace_irq_disable+0x3b/0x140 [ 579.626862][T12752] ? clear_bhb_loop+0x40/0x90 [ 579.626878][T12752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.626891][T12752] RIP: 0033:0x7fd7b1edce59 [ 579.626904][T12752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 579.626916][T12752] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 579.626932][T12752] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 579.626942][T12752] RDX: 0000200000002400 RSI: 000000004048aecb RDI: 0000000000000005 [ 579.626950][T12752] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 579.626958][T12752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 579.626966][T12752] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 579.626985][T12752] [ 579.626999][T12752] ERROR: Out of memory at tomoyo_realpath_from_path. [ 579.636385][T10292] usb 2-1: USB disconnect, device number 81 [ 579.933617][ T5886] bridge_slave_0: left allmulticast mode [ 579.933646][ T5886] bridge_slave_0: left promiscuous mode [ 579.933977][ T5886] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.397933][ T5720] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 580.453716][T12763] FAULT_INJECTION: forcing a failure. [ 580.453716][T12763] name failslab, interval 1, probability 0, space 0, times 0 [ 580.453761][T12763] CPU: 0 UID: 0 PID: 12763 Comm: syz.2.2581 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 580.453793][T12763] Tainted: [L]=SOFTLOCKUP [ 580.453801][T12763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 580.453814][T12763] Call Trace: [ 580.453823][T12763] [ 580.453833][T12763] dump_stack_lvl+0xe8/0x150 [ 580.453868][T12763] should_fail_ex+0x46b/0x600 [ 580.453908][T12763] should_failslab+0xa8/0x100 [ 580.453941][T12763] __kmalloc_cache_noprof+0x84/0x690 [ 580.453970][T12763] ? tipc_group_create+0xa1/0x500 [ 580.454000][T12763] tipc_group_create+0xa1/0x500 [ 580.454029][T12763] tipc_sk_join+0x256/0x6a0 [ 580.454067][T12763] ? __pfx_tipc_sk_join+0x10/0x10 [ 580.454099][T12763] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 580.454137][T12763] ? lockdep_hardirqs_on+0x7a/0x110 [ 580.454176][T12763] tipc_setsockopt+0x73e/0x990 [ 580.454213][T12763] ? __pfx_tipc_setsockopt+0x10/0x10 [ 580.454243][T12763] ? aa_sock_opt_perm+0x131/0x1f0 [ 580.454274][T12763] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 580.454302][T12763] ? __pfx_tipc_setsockopt+0x10/0x10 [ 580.454334][T12763] do_sock_setsockopt+0x17c/0x1b0 [ 580.454374][T12763] __x64_sys_setsockopt+0x143/0x1b0 [ 580.454408][T12763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.454434][T12763] do_syscall_64+0x174/0x580 [ 580.454478][T12763] ? trace_irq_disable+0x3b/0x140 [ 580.454503][T12763] ? clear_bhb_loop+0x40/0x90 [ 580.454532][T12763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.454555][T12763] RIP: 0033:0x7fab1683ce59 [ 580.454577][T12763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 580.454597][T12763] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 580.454624][T12763] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 580.454641][T12763] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 580.454655][T12763] RBP: 00007fab14a96090 R08: 0000000000000010 R09: 0000000000000000 [ 580.454670][T12763] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 580.454684][T12763] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 580.454718][T12763] [ 580.697795][ T5720] usb 4-1: Using ep0 maxpacket: 32 [ 580.722041][ T5720] usb 4-1: config 0 has no interfaces? [ 580.725159][ T5720] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 580.725192][ T5720] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.725214][ T5720] usb 4-1: Product: syz [ 580.725230][ T5720] usb 4-1: Manufacturer: syz [ 580.725266][ T5720] usb 4-1: SerialNumber: syz [ 580.785618][ T5720] usb 4-1: config 0 descriptor?? [ 580.870958][T12769] FAULT_INJECTION: forcing a failure. [ 580.870958][T12769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 580.870997][T12769] CPU: 1 UID: 0 PID: 12769 Comm: syz.2.2583 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 580.871027][T12769] Tainted: [L]=SOFTLOCKUP [ 580.871036][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 580.871048][T12769] Call Trace: [ 580.871056][T12769] [ 580.871063][T12769] dump_stack_lvl+0xe8/0x150 [ 580.871085][T12769] should_fail_ex+0x46b/0x600 [ 580.871108][T12769] _copy_to_iter+0x404/0x17d0 [ 580.871128][T12769] ? snd_info_seq_show+0xd9/0x100 [ 580.871146][T12769] ? __pfx__copy_to_iter+0x10/0x10 [ 580.871158][T12769] ? single_next+0xd/0x40 [ 580.871170][T12769] ? single_stop+0x9/0x10 [ 580.871181][T12769] ? traverse+0x544/0x580 [ 580.871207][T12769] seq_read_iter+0x2ea/0xe20 [ 580.871232][T12769] ? __asan_memset+0x22/0x50 [ 580.871249][T12769] seq_read+0x36a/0x490 [ 580.871267][T12769] ? kstrtoull+0x12f/0x1d0 [ 580.871289][T12769] ? __pfx_seq_read+0x10/0x10 [ 580.871318][T12769] ? apparmor_file_permission+0x1f4/0x300 [ 580.871343][T12769] ? __pfx_seq_read+0x10/0x10 [ 580.871360][T12769] proc_reg_read+0x1f6/0x2f0 [ 580.871380][T12769] vfs_readv+0x597/0x850 [ 580.871395][T12769] ? __pfx_proc_reg_read+0x10/0x10 [ 580.871415][T12769] ? __pfx_vfs_readv+0x10/0x10 [ 580.871438][T12769] ? __fget_files+0x2a/0x420 [ 580.871461][T12769] ? __fget_files+0x3a6/0x420 [ 580.871475][T12769] ? __fget_files+0x2a/0x420 [ 580.871495][T12769] __x64_sys_preadv+0x1a2/0x2b0 [ 580.871516][T12769] ? __pfx___x64_sys_preadv+0x10/0x10 [ 580.871540][T12769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.871554][T12769] do_syscall_64+0x174/0x580 [ 580.871573][T12769] ? trace_irq_disable+0x3b/0x140 [ 580.871588][T12769] ? clear_bhb_loop+0x40/0x90 [ 580.871604][T12769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.871617][T12769] RIP: 0033:0x7fab1683ce59 [ 580.871631][T12769] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 580.871643][T12769] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 580.871659][T12769] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 580.871668][T12769] RDX: 0000000000000001 RSI: 0000200000000940 RDI: 0000000000000003 [ 580.871677][T12769] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 580.871685][T12769] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 580.871693][T12769] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 580.871720][T12769] [ 581.173560][T10292] usb 4-1: USB disconnect, device number 16 [ 581.240685][T12775] FAULT_INJECTION: forcing a failure. [ 581.240685][T12775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 581.240722][T12775] CPU: 0 UID: 0 PID: 12775 Comm: syz.2.2586 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 581.240750][T12775] Tainted: [L]=SOFTLOCKUP [ 581.240756][T12775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 581.240768][T12775] Call Trace: [ 581.240775][T12775] [ 581.240783][T12775] dump_stack_lvl+0xe8/0x150 [ 581.240811][T12775] should_fail_ex+0x46b/0x600 [ 581.240841][T12775] _copy_from_iter+0x1d3/0x1670 [ 581.240867][T12775] ? trace_kmem_cache_alloc+0x29/0xe0 [ 581.240888][T12775] ? __alloc_skb+0x27d/0x7d0 [ 581.240912][T12775] ? __pfx__copy_from_iter+0x10/0x10 [ 581.240930][T12775] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 581.240951][T12775] ? __alloc_skb+0x27d/0x7d0 [ 581.240981][T12775] ? netlink_sendmsg+0x650/0xb40 [ 581.240998][T12775] ? skb_put+0x11b/0x210 [ 581.241026][T12775] netlink_sendmsg+0x6c0/0xb40 [ 581.241053][T12775] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.241073][T12775] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 581.241100][T12775] ? aa_sock_msg_perm+0x122/0x200 [ 581.241121][T12775] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.241138][T12775] sock_sendmsg_nosec+0x13a/0x180 [ 581.241163][T12775] sock_write_iter+0x308/0x410 [ 581.241186][T12775] ? __pfx_sock_write_iter+0x10/0x10 [ 581.241227][T12775] do_iter_readv_writev+0x62b/0x8d0 [ 581.241257][T12775] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 581.241293][T12775] ? rw_verify_area+0x25b/0x4e0 [ 581.241320][T12775] vfs_writev+0x345/0x9a0 [ 581.241348][T12775] ? __pfx_vfs_writev+0x10/0x10 [ 581.241381][T12775] ? __fget_files+0x2a/0x420 [ 581.241419][T12775] ? __fget_files+0x3a6/0x420 [ 581.241438][T12775] ? __fget_files+0x2a/0x420 [ 581.241471][T12775] do_writev+0x15a/0x2e0 [ 581.241492][T12775] ? __pfx_do_writev+0x10/0x10 [ 581.241517][T12775] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.241538][T12775] do_syscall_64+0x174/0x580 [ 581.241563][T12775] ? trace_irq_disable+0x3b/0x140 [ 581.241583][T12775] ? clear_bhb_loop+0x40/0x90 [ 581.241605][T12775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.241622][T12775] RIP: 0033:0x7fab1683ce59 [ 581.241640][T12775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.241656][T12775] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 581.241680][T12775] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 581.241696][T12775] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 581.241710][T12775] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 581.241723][T12775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 581.241735][T12775] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 581.241764][T12775] [ 581.644514][T12779] netlink: 'syz.1.2588': attribute type 10 has an invalid length. [ 582.097917][ T32] usb 2-1: new full-speed USB device number 82 using dummy_hcd [ 582.252750][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid maxpacket 3840, setting to 64 [ 582.257451][ T32] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 582.257496][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.257519][ T32] usb 2-1: Product: syz [ 582.257536][ T32] usb 2-1: Manufacturer: syz [ 582.257559][ T32] usb 2-1: SerialNumber: syz [ 582.312869][ T32] usb 2-1: config 0 descriptor?? [ 582.838535][ T5886] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.899101][ T5886] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 582.953311][ T5886] bond0 (unregistering): Released all slaves [ 583.129926][T12779] macvlan1: entered promiscuous mode [ 583.129961][T12779] macvlan1: entered allmulticast mode [ 583.172838][T12779] veth1_vlan: entered allmulticast mode [ 583.363880][T12793] FAULT_INJECTION: forcing a failure. [ 583.363880][T12793] name failslab, interval 1, probability 0, space 0, times 0 [ 583.363922][T12793] CPU: 1 UID: 0 PID: 12793 Comm: syz.0.2594 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 583.363955][T12793] Tainted: [L]=SOFTLOCKUP [ 583.363963][T12793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 583.363977][T12793] Call Trace: [ 583.363987][T12793] [ 583.363998][T12793] dump_stack_lvl+0xe8/0x150 [ 583.364038][T12793] should_fail_ex+0x46b/0x600 [ 583.364078][T12793] should_failslab+0xa8/0x100 [ 583.364111][T12793] __kmalloc_noprof+0xdf/0x7b0 [ 583.364139][T12793] ? tomoyo_encode+0x28b/0x550 [ 583.364170][T12793] tomoyo_encode+0x28b/0x550 [ 583.364204][T12793] tomoyo_realpath_from_path+0x58d/0x5d0 [ 583.364244][T12793] ? tomoyo_path_number_perm+0x219/0x630 [ 583.364281][T12793] tomoyo_path_number_perm+0x246/0x630 [ 583.364318][T12793] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 583.364352][T12793] ? __lock_acquire+0x6b5/0x2d10 [ 583.364385][T12793] ? do_raw_spin_lock+0x12b/0x2f0 [ 583.364443][T12793] ? __fget_files+0x2a/0x420 [ 583.364473][T12793] ? __fget_files+0x2a/0x420 [ 583.364499][T12793] ? __fget_files+0x3a6/0x420 [ 583.364524][T12793] ? __fget_files+0x2a/0x420 [ 583.364556][T12793] security_file_ioctl+0xc3/0x2a0 [ 583.364591][T12793] __se_sys_ioctl+0x47/0x170 [ 583.364626][T12793] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.364651][T12793] do_syscall_64+0x174/0x580 [ 583.364697][T12793] ? clear_bhb_loop+0x40/0x90 [ 583.364798][T12793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.364822][T12793] RIP: 0033:0x7f34d2e5ce59 [ 583.364844][T12793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.364875][T12793] RSP: 002b:00007f34d10ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 583.364900][T12793] RAX: ffffffffffffffda RBX: 00007f34d30d5fa0 RCX: 00007f34d2e5ce59 [ 583.364960][T12793] RDX: 0000200000000240 RSI: 00000000403c6f2b RDI: 0000000000000003 [ 583.364976][T12793] RBP: 00007f34d10ae090 R08: 0000000000000000 R09: 0000000000000000 [ 583.364991][T12793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.365005][T12793] R13: 00007f34d30d6038 R14: 00007f34d30d5fa0 R15: 00007ffd3abd2f88 [ 583.365049][T12793] [ 583.400732][T12793] ERROR: Out of memory at tomoyo_realpath_from_path. [ 583.406661][T12779] team0: Port device macvlan1 added [ 584.108079][ T5719] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 584.287385][ T5719] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 584.287418][ T5719] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.287446][ T5719] usb 1-1: Product: syz [ 584.287461][ T5719] usb 1-1: Manufacturer: syz [ 584.287475][ T5719] usb 1-1: SerialNumber: syz [ 584.537551][ T5719] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 584.537614][ T5719] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32 [ 584.537635][ T5719] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 584.622994][ T5719] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -32 [ 584.725368][ T5720] usb 2-1: USB disconnect, device number 82 [ 584.837955][ T5820] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 585.003544][ T5820] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 585.003577][ T5820] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 585.005305][ T5820] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 585.005337][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 585.005357][ T5820] usb 4-1: SerialNumber: syz [ 585.252899][ T5820] usb 4-1: 0:2 : does not exist [ 585.344109][ T5820] usb 4-1: USB disconnect, device number 17 [ 585.421931][ T9376] udevd[9376]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 585.576864][T12824] FAULT_INJECTION: forcing a failure. [ 585.576864][T12824] name failslab, interval 1, probability 0, space 0, times 0 [ 585.576908][T12824] CPU: 0 UID: 0 PID: 12824 Comm: syz.2.2604 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 585.576941][T12824] Tainted: [L]=SOFTLOCKUP [ 585.576949][T12824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 585.576963][T12824] Call Trace: [ 585.576972][T12824] [ 585.576982][T12824] dump_stack_lvl+0xe8/0x150 [ 585.577013][T12824] should_fail_ex+0x46b/0x600 [ 585.577052][T12824] should_failslab+0xa8/0x100 [ 585.577085][T12824] __kmalloc_noprof+0xdf/0x7b0 [ 585.577120][T12824] ? tomoyo_encode+0x28b/0x550 [ 585.577150][T12824] tomoyo_encode+0x28b/0x550 [ 585.577182][T12824] tomoyo_realpath_from_path+0x58d/0x5d0 [ 585.577220][T12824] ? tomoyo_path_number_perm+0x219/0x630 [ 585.577253][T12824] tomoyo_path_number_perm+0x246/0x630 [ 585.577290][T12824] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 585.577324][T12824] ? __lock_acquire+0x6b5/0x2d10 [ 585.577363][T12824] ? do_raw_spin_lock+0x12b/0x2f0 [ 585.577420][T12824] ? __fget_files+0x2a/0x420 [ 585.577451][T12824] ? __fget_files+0x2a/0x420 [ 585.577475][T12824] ? __fget_files+0x3a6/0x420 [ 585.577500][T12824] ? __fget_files+0x2a/0x420 [ 585.577532][T12824] security_file_ioctl+0xc3/0x2a0 [ 585.577565][T12824] __se_sys_ioctl+0x47/0x170 [ 585.577594][T12824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.577612][T12824] do_syscall_64+0x174/0x580 [ 585.577641][T12824] ? trace_irq_disable+0x3b/0x140 [ 585.577661][T12824] ? clear_bhb_loop+0x40/0x90 [ 585.577683][T12824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.577701][T12824] RIP: 0033:0x7fab1683ce59 [ 585.577719][T12824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 585.577735][T12824] RSP: 002b:00007fab14a96028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 585.577755][T12824] RAX: ffffffffffffffda RBX: 00007fab16ab5fa0 RCX: 00007fab1683ce59 [ 585.577769][T12824] RDX: 0000200000000040 RSI: 00000000c0185500 RDI: 0000000000000004 [ 585.577781][T12824] RBP: 00007fab14a96090 R08: 0000000000000000 R09: 0000000000000000 [ 585.577792][T12824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 585.577803][T12824] R13: 00007fab16ab6038 R14: 00007fab16ab5fa0 R15: 00007fff5e3f40b8 [ 585.577832][T12824] [ 585.615767][T12824] ERROR: Out of memory at tomoyo_realpath_from_path. [ 586.731174][T12838] netlink: 'syz.2.2608': attribute type 4 has an invalid length. [ 587.043642][ T5820] usb 1-1: USB disconnect, device number 2 [ 587.532820][T12845] netlink: 'syz.2.2610': attribute type 10 has an invalid length. [ 587.866805][T12856] FAULT_INJECTION: forcing a failure. [ 587.866805][T12856] name failslab, interval 1, probability 0, space 0, times 0 [ 587.866835][T12856] CPU: 0 UID: 0 PID: 12856 Comm: syz.3.2613 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 587.866854][T12856] Tainted: [L]=SOFTLOCKUP [ 587.866860][T12856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 587.866868][T12856] Call Trace: [ 587.866874][T12856] [ 587.866881][T12856] dump_stack_lvl+0xe8/0x150 [ 587.866902][T12856] should_fail_ex+0x46b/0x600 [ 587.866925][T12856] should_failslab+0xa8/0x100 [ 587.866944][T12856] __kmalloc_noprof+0xdf/0x7b0 [ 587.866961][T12856] ? tomoyo_encode+0x28b/0x550 [ 587.866980][T12856] tomoyo_encode+0x28b/0x550 [ 587.866998][T12856] tomoyo_realpath_from_path+0x58d/0x5d0 [ 587.867014][T12856] ? tomoyo_domain+0xd7/0x130 [ 587.867038][T12856] tomoyo_path_perm+0x283/0x560 [ 587.867058][T12856] ? tomoyo_path_perm+0x251/0x560 [ 587.867078][T12856] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 587.867113][T12856] ? __pfx_vfs_write+0x10/0x10 [ 587.867133][T12856] ? do_sys_openat2+0x14e/0x200 [ 587.867147][T12856] ? kmem_cache_free+0x187/0x6c0 [ 587.867163][T12856] ? do_sys_openat2+0x14e/0x200 [ 587.867181][T12856] security_file_truncate+0xa9/0x240 [ 587.867201][T12856] do_ftruncate+0x270/0x550 [ 587.867222][T12856] ? __pfx_do_ftruncate+0x10/0x10 [ 587.867241][T12856] ? __pfx_ksys_write+0x10/0x10 [ 587.867259][T12856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.867275][T12856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.867288][T12856] __x64_sys_ftruncate+0x8f/0xe0 [ 587.867308][T12856] do_syscall_64+0x174/0x580 [ 587.867327][T12856] ? trace_irq_disable+0x3b/0x140 [ 587.867342][T12856] ? clear_bhb_loop+0x40/0x90 [ 587.867358][T12856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.867371][T12856] RIP: 0033:0x7fd7b1edce59 [ 587.867396][T12856] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.867407][T12856] RSP: 002b:00007fd7b0136028 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 587.867422][T12856] RAX: ffffffffffffffda RBX: 00007fd7b2155fa0 RCX: 00007fd7b1edce59 [ 587.867432][T12856] RDX: 0000000000000000 RSI: 00000000051a9497 RDI: 0000000000000003 [ 587.867440][T12856] RBP: 00007fd7b0136090 R08: 0000000000000000 R09: 0000000000000000 [ 587.867455][T12856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.867463][T12856] R13: 00007fd7b2156038 R14: 00007fd7b2155fa0 R15: 00007ffee6a81038 [ 587.867483][T12856] [ 587.867528][T12856] ERROR: Out of memory at tomoyo_realpath_from_path. [ 587.987941][ T5820] usb 3-1: new full-speed USB device number 112 using dummy_hcd [ 588.141392][ T5820] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 588.162569][ T5820] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 588.162602][ T5820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.162622][ T5820] usb 3-1: Product: syz [ 588.162638][ T5820] usb 3-1: Manufacturer: syz [ 588.162659][ T5820] usb 3-1: SerialNumber: syz [ 588.180576][ T5820] usb 3-1: config 0 descriptor?? [ 588.349456][T12845] macvlan1: entered promiscuous mode [ 588.349508][T12845] macvlan1: entered allmulticast mode [ 588.373171][T12845] veth1_vlan: entered allmulticast mode [ 588.385650][T12845] team0: Port device macvlan1 added [ 588.387493][T12852] : renamed from bond_slave_0 (while UP) [ 588.537359][ T5820] usb 3-1: USB disconnect, device number 112 [ 588.589083][ T5720] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 588.618263][ T5886] hsr_slave_0: left promiscuous mode [ 588.672868][ T5886] hsr_slave_1: left promiscuous mode [ 588.731280][ T5886] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 588.731571][ T5886] batman_adv: batadv0: Remo[ 588.731571][ T5886] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 588.740289][ T5720] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 588.740320][ T5720] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 588.741884][ T5720] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 588.741915][ T5720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 588.741938][ T5720] usb 4-1: SerialNumber: syz [ 588.754245][ T5820] ================================================================== [ 588.754263][ T5820] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 [ 588.754311][ T5820] Read of size 8 at addr ffffc9000f657008 by task kworker/0:6/5820 [ 588.754327][ T5820] [ 588.754340][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 588.754366][ T5820] Tainted: [L]=SOFTLOCKUP [ 588.754373][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 588.754385][ T5820] Workqueue: usb_hub_wq hub_event [ 588.754405][ T5820] Call Trace: [ 588.754413][ T5820] [ 588.754420][ T5820] dump_stack_lvl+0xe8/0x150 [ 588.754442][ T5820] print_address_description+0x55/0x1e0 [ 588.754464][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.754490][ T5820] print_report+0x58/0x70 [ 588.754510][ T5820] kasan_report+0x117/0x150 [ 588.754534][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.754563][ T5820] __list_add_valid_or_report+0x4e/0x130 [ 588.754590][ T5820] kcov_remote_stop+0x457/0x680 [ 588.754618][ T5820] hub_event+0x49d8/0x4f60 [ 588.754651][ T5820] ? __pfx_hub_event+0x10/0x10 [ 588.754667][ T5820] ? process_one_work+0x8be/0x1630 [ 588.754694][ T5820] ? process_one_work+0x8be/0x1630 [ 588.754716][ T5820] process_one_work+0x98b/0x1630 [ 588.754746][ T5820] ? __pfx_process_one_work+0x10/0x10 [ 588.754768][ T5820] ? do_raw_spin_lock+0x12b/0x2f0 [ 588.754791][ T5820] worker_thread+0xb49/0x1140 [ 588.754818][ T5820] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 588.754848][ T5820] kthread+0x388/0x470 [ 588.754866][ T5820] ? __pfx_worker_thread+0x10/0x10 [ 588.754889][ T5820] ? __pfx_kthread+0x10/0x10 [ 588.754907][ T5820] ret_from_fork+0x514/0xb70 [ 588.754928][ T5820] ? __pfx_ret_from_fork+0x10/0x10 [ 588.754947][ T5820] ? __switch_to+0xc79/0x1410 [ 588.754964][ T5820] ? __pfx_kthread+0x10/0x10 [ 588.754981][ T5820] ret_from_fork_asm+0x1a/0x30 [ 588.755008][ T5820] [ 588.755014][ T5820] [ 588.755019][ T5820] The buggy address belongs to a vmalloc virtual mapping [ 588.755035][ T5820] Memory state around the buggy address: [ 588.755045][ T5820] ffffc9000f656f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 588.755058][ T5820] ffffc9000f656f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 588.755070][ T5820] >ffffc9000f657000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 588.755079][ T5820] ^ [ 588.755088][ T5820] ffffc9000f657080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 588.755100][ T5820] ffffc9000f657100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 588.755108][ T5820] ================================================================== [ 588.755120][ T5820] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 588.755134][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: kworker/0:6 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 588.755158][ T5820] Tainted: [L]=SOFTLOCKUP [ 588.755165][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 588.755176][ T5820] Workqueue: usb_hub_wq hub_event [ 588.755192][ T5820] Call Trace: [ 588.755198][ T5820] [ 588.755204][ T5820] vpanic+0x56c/0xa60 [ 588.755229][ T5820] ? __pfx_vpanic+0x10/0x10 [ 588.755255][ T5820] panic+0xc5/0xd0 [ 588.755278][ T5820] ? __pfx_panic+0x10/0x10 [ 588.755301][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.755326][ T5820] ? rcu_is_watching+0x15/0xb0 [ 588.755351][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.755377][ T5820] check_panic_on_warn+0x89/0xb0 [ 588.755397][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.755423][ T5820] end_report+0x73/0x170 [ 588.755444][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.755468][ T5820] kasan_report+0x128/0x150 [ 588.755490][ T5820] ? __list_add_valid_or_report+0x4e/0x130 [ 588.755525][ T5820] __list_add_valid_or_report+0x4e/0x130 [ 588.755552][ T5820] kcov_remote_stop+0x457/0x680 [ 588.755571][ T5820] hub_event+0x49d8/0x4f60 [ 588.755613][ T5820] ? __pfx_hub_event+0x10/0x10 [ 588.755631][ T5820] ? process_one_work+0x8be/0x1630 [ 588.755659][ T5820] ? process_one_work+0x8be/0x1630 [ 588.755682][ T5820] process_one_work+0x98b/0x1630 [ 588.755715][ T5820] ? __pfx_process_one_work+0x10/0x10 [ 588.755739][ T5820] ? do_raw_spin_lock+0x12b/0x2f0 [ 588.755763][ T5820] worker_thread+0xb49/0x1140 [ 588.755792][ T5820] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 588.755823][ T5820] kthread+0x388/0x470 [ 588.755842][ T5820] ? __pfx_worker_thread+0x10/0x10 [ 588.755866][ T5820] ? __pfx_kthread+0x10/0x10 [ 588.755885][ T5820] ret_from_fork+0x514/0xb70 [ 588.755907][ T5820] ? __pfx_ret_from_fork+0x10/0x10 [ 588.755927][ T5820] ? __switch_to+0xc79/0x1410 [ 588.755944][ T5820] ? __pfx_kthread+0x10/0x10 [ 588.755963][ T5820] ret_from_fork_asm+0x1a/0x30 [ 588.755993][ T5820] [ 588.758841][ T5820] Kernel Offset: disabled