last executing test programs: 10.752565092s ago: executing program 0 (id=2062): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) ioctl$XFS_IOC_SWAPEXT(r1, 0xc0a4586d, &(0x7f00000007c0)={0x0, 0xffffffffffffffff, r0, 0x94, 0x3, '\x00', {0x3, 0x1, 0x5, 0x100, 0x6, 0x1, 0xfffff747, 0x1, {0x10000, 0x4}, {0x0, 0xfffffff9}, {0xdba, 0x78f}, 0x81, 0x7, 0x2, 0xffffffc0, 0x235b, 0x6, 0x6, 0x100, 0x7, 0x6, '\x00', 0x7, 0x200000, 0x5, 0xe3a}}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="700000001000030500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="35c60100ef000000500012800e0001006970366772657461700000003c00028014000600fe88000000000000000000000000010114000700ff8000000000000000000000000000bb060002000700000008000100", @ANYRESHEX=0x0], 0x70}, 0x1, 0x0, 0x0, 0x240488c0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) fsopen(&(0x7f0000000180)='proc\x00', 0x1) socket$inet6(0xa, 0x1, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f00000001c0)={0x1, @sliced={0x957, [0x6, 0x9, 0x4, 0xc62, 0x0, 0x7ff, 0x2, 0x3, 0x8, 0x400, 0x4, 0x4d5, 0xbd0, 0x0, 0x3, 0xb, 0xf, 0xfff, 0x3, 0x8e, 0xa64c, 0x6025, 0xbad5, 0x7, 0x43, 0x5, 0xbefd, 0x3, 0x6, 0x1, 0x8869, 0x4, 0xfffc, 0x76f, 0x4, 0x8001, 0x9, 0x81, 0x7fff, 0x8, 0x9, 0x8, 0xffff, 0x0, 0x1, 0xa, 0x3], 0xf}}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) setxattr$trusted_overlay_opaque(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), &(0x7f0000000700), 0x2, 0x3) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r7 = openat$cgroup_procs(r5, 0x0, 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) preadv(r7, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/183, 0xb7}], 0x1, 0x21, 0x0) 8.774654296s ago: executing program 0 (id=2068): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f0000000100)={r1}) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x101402) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) fstat(r3, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000b40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000160001810200268004006a8000"/28], 0x1c}}, 0x0) 7.726516021s ago: executing program 0 (id=2073): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002d80), 0x8100, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) unshare(0x24040400) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r2) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x20, 0x140c, 0x2, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendto$packet(r6, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc9119f992e83de525", 0x1c, 0x22008001, &(0x7f0000000080)={0x11, 0x88a8, 0x0, 0x1, 0xda, 0x6, @multicast}, 0x14) 7.327866215s ago: executing program 0 (id=2075): sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000010000)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffffff, 'xfrm0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x49}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0xcb, 0x3, 'kmp\x00', "00000100cbd047da9ca965f96ad58a1f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bf0bc37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x79}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x9, 0x2, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, {0x0, [0x6, 0x0, 0x0, 0x0, 0x1], 0x0, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x358) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000140)="be", 0x1}, {0x0}], 0x2, &(0x7f00000002c0)=ANY=[@ANYBLOB="300000000000000018718510"], 0x10}, 0x0) ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000040)={&(0x7f0000000100)=[{0x3, 0x0, 0x2, &(0x7f0000000180)="132b"}], 0x1}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x4}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc858}, 0x80) ioctl$XFS_IOC_SET_RESBLKS(r4, 0xc0105872, &(0x7f00000006c0)={0x100000001, 0x6}) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@gettfilter={0x2c, 0x2e, 0x205, 0x70bd2d, 0x25dfdafd, {0x0, 0x0, 0x0, r9, {0x3, 0xc}, {0x0, 0xfff1}, {0x6}}, [{0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) sendmsg$nl_route_sched(r6, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f00000003c0)=@newqdisc={0x280, 0x24, 0x2, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0xfff1, 0xffff}, {0x1, 0xfff3}, {0x6, 0xc}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @qdisc_kind_options=@q_codel={{0xa}, {0x2c, 0x2, [@TCA_CODEL_LIMIT={0x8, 0x2, 0x7}, @TCA_CODEL_ECN={0x8, 0x4, 0x1}, @TCA_CODEL_ECN={0x8}, @TCA_CODEL_TARGET={0x8, 0x1, 0x8817bf5}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x5e}]}}, @qdisc_kind_options=@q_red={{0x8}, {0x138, 0x2, [@TCA_RED_STAB={0x104, 0x2, "eb90d0ed00dd1a0287607d2199ce9bbf11042312906085906dda388bce75583326cfa818324c46dc48e710024682c476070325d2c3962e9abed6edb97424307ba2f3e74cdd5beeb80027c79e7e0c309d675e4aa32528bb4acf1ffa37d43f14723bd399a17a9a39067eaf73097f035a6a25838be1268963485836b736169fd642f8a5d839bfd39839f9a422c279912d3ca4b43fed105866a8b0f2b3125f2a1562f3dc5a094504d28dd9f8032a4908ee5458f990f7fc0d0826e28d2ebc3a55a25af01ef2d91dfc11c1bed898fa8d7c4323638755509eb2124c12693ee516d742d685b7f4947796a8a6322a02a834189830dd8afeae4692de0651f2a5d17c7b856f"}, @TCA_RED_FLAGS={0xc, 0x4, {0x7, 0xf}}, @TCA_RED_MARK_BLOCK={0x8, 0x6, 0x1}, @TCA_RED_FLAGS={0xc}, @TCA_RED_MARK_BLOCK={0x8, 0x6, 0x2}, @TCA_RED_MARK_BLOCK={0x8, 0x6, 0x9}]}}, @TCA_STAB={0xc4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x7, 0x391b, 0x4, 0x2, 0x8, 0xf, 0x5}}, {0xe, 0x2, [0x5, 0x8, 0x4, 0x8000, 0x6]}}, {{0x1c, 0x1, {0x3e, 0x4, 0xffff, 0x8, 0x0, 0x1, 0xe3f6, 0x4}}, {0xc, 0x2, [0x81, 0x2, 0x3, 0x5b69]}}, {{0x1c, 0x1, {0x7f, 0x6, 0xfff8, 0x10001, 0x1, 0xeb, 0x9, 0x2}}, {0x8, 0x2, [0x6a8, 0x7]}}, {{0x1c, 0x1, {0x1, 0x1, 0x6, 0x80, 0x2, 0x9}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x15, 0xf6b, 0x8, 0x0, 0x1ffe000, 0x7ff, 0x3}}, {0xa, 0x2, [0x9, 0xa, 0xb1]}}]}, @qdisc_kind_options=@q_drr={0x8}, @TCA_RATE={0x6, 0x5, {0x2}}, @TCA_RATE={0x6, 0x5, {0x9, 0x3}}]}, 0x280}, 0x1, 0x0, 0x0, 0x40000}, 0x40) write$uinput_user_dev(r6, &(0x7f0000000f80)={'syz0\x00', {0x5, 0xfff7, 0x3, 0x7}, 0x50, [0x800006, 0x9, 0x0, 0x1, 0x8, 0xea45, 0xd, 0x1, 0x63, 0x0, 0x7f, 0xc, 0x2, 0x9, 0x1, 0x4, 0x8001000, 0x80000002, 0x1, 0x200008, 0x7fd, 0xa4d, 0x3ff, 0x5, 0x6, 0x10001, 0xffff, 0x0, 0x4, 0x6, 0x401, 0xc, 0x9, 0x4, 0x2, 0x1, 0x2, 0x4, 0x1, 0x0, 0xb, 0x6, 0x3, 0x9, 0x804d7f, 0x2, 0x8c00, 0x6, 0x939, 0x5, 0x9, 0x2, 0x2, 0x8, 0xfffffff7, 0x7fff, 0x6, 0x5, 0x80000001, 0xd77, 0x5, 0x2a, 0x1, 0x23], [0x8, 0x401, 0x9, 0x9, 0x8, 0x12, 0x7fc, 0xc, 0x0, 0x2729, 0xfd8, 0x5, 0x7, 0x5, 0x0, 0x24a, 0x2, 0xfffffff7, 0x2, 0x3, 0x5, 0x4009, 0x0, 0xb, 0x8001, 0x40, 0xa1, 0x10000, 0xffffffff, 0x1, 0x10004, 0x9e, 0x8, 0x7ff, 0x6, 0x7, 0x0, 0x6, 0xffff3f16, 0xa, 0x2, 0x9, 0xa, 0x5, 0xfffffeff, 0x7, 0x800, 0x5, 0xc5, 0x3, 0x1, 0x9, 0x8, 0x3, 0xffff7ff7, 0x3, 0x24c, 0x1ff, 0x2a0, 0x5, 0x6, 0x6, 0x200007, 0x8], [0x2, 0x9, 0xa9, 0xfffffffc, 0x8, 0x9, 0x3, 0x6, 0x7aae, 0x80000000, 0x2, 0x7ffffff7, 0x80008000, 0x1, 0x1, 0x5, 0x400, 0x80000002, 0x2b0, 0xfffffff4, 0x97f82544, 0x8, 0x7f, 0x0, 0x9, 0x5, 0x4, 0x9, 0xc80, 0xffffff3c, 0xd, 0x13, 0x4, 0xff, 0x140, 0xb639, 0x2, 0x1000000c, 0x0, 0x6, 0x3, 0x8007c12, 0x5, 0x1, 0x17, 0x8000, 0xe, 0xf3, 0x4, 0x8, 0x1, 0xffffff00, 0x100, 0x1fff80, 0x3, 0x0, 0x8, 0x3, 0x1, 0x9, 0xc3, 0x20ffff, 0x79c], [0x9, 0x3a8d, 0xffff9a7f, 0x200, 0x6, 0x2001, 0x6, 0xfffffff5, 0xd077, 0x2, 0xffffffff, 0x21, 0x1ff, 0x7, 0x6, 0x2, 0x1ff, 0xfe, 0x2, 0x66608000, 0x5e82, 0x7fb, 0x6, 0x0, 0x4, 0x5, 0x80000001, 0x10001, 0xd, 0x40, 0xfffffffd, 0x3, 0x10001, 0x61, 0x10, 0x1000, 0xc, 0x80000001, 0x8, 0x20000000, 0x8, 0x15, 0xb32a, 0xec000000, 0x8001, 0x1900, 0x4, 0xc, 0x8, 0x7ff, 0x280, 0x5, 0xffffffff, 0x7, 0x6e79, 0x0, 0xc, 0x9371, 0x20004f89, 0x7, 0x580, 0x2d1, 0x83, 0x8]}, 0x45c) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) sendmsg$can_raw(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x1d, r5}, 0x10, &(0x7f0000000140)={&(0x7f0000000200)=@can={{}, 0x2, 0x1, 0x4, 0x0, "e97072091000"}, 0x10}, 0x2, 0x0, 0x0, 0x40080}, 0x4000855) 6.417546974s ago: executing program 4 (id=2078): syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000001100)) io_setup(0x3ff, &(0x7f0000000500)=0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x7) io_submit(r4, 0xf000, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) 6.00800663s ago: executing program 4 (id=2084): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x20, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) (fail_nth: 3) 5.678967953s ago: executing program 4 (id=2085): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002d80), 0x8100, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) unshare(0x24040400) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r2) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x20, 0x140c, 0x2, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendto$packet(r6, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc9119f992e83de525", 0x1c, 0x22008001, &(0x7f0000000080)={0x11, 0x88a8, 0x0, 0x1, 0xda, 0x6, @multicast}, 0x14) 5.263165656s ago: executing program 4 (id=2087): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x230}, 0x1}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x800) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000000}, 0x40810) 4.896998811s ago: executing program 3 (id=2090): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x77, 0x7ffc0002}]}) socket$nl_generic(0x10, 0x3, 0x10) ioprio_get$pid(0x2, 0x0) 4.482890382s ago: executing program 3 (id=2091): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0}) r1 = syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f0510660548020003010902120001049570810904008100ffffff02"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x101402) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) fstat(r2, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000b40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000160001810200268004006a8000"/28], 0x1c}}, 0x0) 4.254422238s ago: executing program 0 (id=2092): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[], &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) kexec_load(0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) 3.706657517s ago: executing program 1 (id=2096): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000b40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000051}, 0x0) 3.337858774s ago: executing program 2 (id=2098): r0 = syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0xfffffffe, 0x0, 0x3, 0x2000b5}, &(0x7f00000000c0), &(0x7f0000000000)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r1, 0x0, 0x8, &(0x7f0000000000)=""/3, &(0x7f0000000040)=0x3) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x2, &(0x7f0000000180), 0xfe) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r2, &(0x7f0000000a40)={0x2020}, 0x2020) 3.260968877s ago: executing program 2 (id=2099): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000040), 0x4) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'pim6reg0\x00', 0x2}) ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0x3) ioctl$SIOCGIFHWADDR(r4, 0x8927, &(0x7f0000000040)={'bridge_slave_0\x00'}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x66, &(0x7f0000000080)={0x0, 0xfffffffffffffe43}, &(0x7f0000000000)=0x8) sendmsg$can_raw(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{0x2, 0x0, 0x1, 0x1}, 0x8, 0x1}, 0x10}}, 0xd209f6d814827b13) socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x13}, 0x10) sendmsg$nl_route(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x4, 0x7ffe, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfffffffe, 0xffffffff}, 0x0) r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x22102, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r8, 0xc008aec1, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[], 0xb4}, 0x1, 0x0, 0x0, 0x400a091}, 0x20000024) 3.125211989s ago: executing program 2 (id=2100): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000003c0)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034888a81200050000001400000060000000080033"], 0xfdef) (fail_nth: 8) 2.745847393s ago: executing program 2 (id=2101): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x77, 0x7ffc0002}]}) ioprio_get$pid(0x2, 0x0) 2.619122765s ago: executing program 2 (id=2102): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000380)={{0xd9, 0xfff, 0x4b, 0x8009}, 'syz0\x00', 0x11}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2) r2 = dup3(r1, r0, 0x80000) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x50, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5}, 0x4c) syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f0000000380)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$hiddev(r2, &(0x7f0000000400)=""/203, 0xcb) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r7, r8, 0x9, 0x7, 0x800009, 0x808, {0xac7c, 0x0, 0x3, 0x67, 0xf4b, 0x1, 0x2, 0x5, 0x8, 0xe116, 0x6, 0x7f, 0x6, 0xffffffff, "fe1d00003413000000000020b42717e47f00"}}) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r10 = accept4(r9, 0x0, 0x0, 0x800) sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000000380)="d3", 0x1}], 0x1, 0x0, 0x0, 0x20000814}], 0x1, 0x8045) writev(r0, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b456", 0x10}], 0x1) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000240)) write$UHID_CREATE2(r2, &(0x7f00000000c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x57, 0xd, 0x8, 0x7f, 0xb, 0x627, "f84a3ef70d742456bcd10bc01376820b5f2706c39572c1a5fbd08ecac64085dff2a31ec1f43bf7c6e6999c7693313b40465c0bd75a3769b11c9073a21573224801a64ce5f4e5d1d15d297799f11e396f29b28c1d7d5dfc"}}, 0x16f) 2.5045427s ago: executing program 4 (id=2103): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2100000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="8dc47f04d47592718d5193057d51096a84560f92000adde4c88ae5cebd5d100a4a04c3ab1a57510bc13c3cd33441d9ac44d6f5c8f5bb1a8694b1b0222234595975fe1041a5b75ebee9941ffb422402db4df14428a2528c3cf4b5e1a51670134cb1823c73683cee9af9da2296e701ed609af94ddb18e2c2a7dd03b230d89062f210247623a07eb7027b9b3140c7d0ea795493bfa50a5825485bb7e9d4caa5b0d47fff243d9dae46fef340a823afb481f1e9171ff8ff2dde57490be76cc439148ac25ebeac2a"], 0x44}, 0x1, 0xba01}, 0x810) 2.403378663s ago: executing program 4 (id=2104): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x200088d0) r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f00000001c0)=[{0x2, 0x8411, 0x22, &(0x7f00000006c0)="0203204bdcc36cda8907f47563863d1428f47b34551c000bce0f6bc6584f11a7489c"}], 0x1}) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x34be00) syz_open_dev$vim2m(&(0x7f00000013c0), 0x8, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x60, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x59, 0xb, 0xfffffffd, 0x0, 0x7, 0xfffffe0001000002, 0xfa0d}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r5, 0x4068aea3, &(0x7f0000000200)={0x74, 0x0, 0x10}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRESOCT=0x0, @ANYBLOB="01000000000000000000030000004000011400010002004e220000000000000000000000001400020002000000c00000020000e2ff000000000d0001007564703a73b81e0000000000"], 0x54}, 0x1, 0x0, 0x0, 0x2c040004}, 0x0) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="58000000eb3794962e4e880578d132f429925b0df6aed0b4cc6193c8ab93cccaac7f4994547715b8bd7e164b271dafd19b49c12ce61e61280414db77539ba68c56", @ANYRES16=r8, @ANYBLOB="010000000000000000001700000044000180080003000200000038000400200001000a004e240000000500000000000000000000ffffac1414aad90000001400020002004e21ffffffff0000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) 2.271248089s ago: executing program 1 (id=2105): r0 = syz_open_dev$vim2m(&(0x7f00000013c0), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x37, 0x68, 0x40, "100000df00000002000000000000000000000000000000000000000000000010", 0x34325241}) 2.18428804s ago: executing program 1 (id=2106): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x8}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) ioctl$XFS_IOC_SWAPEXT(r1, 0xc0a4586d, &(0x7f00000007c0)={0x0, 0xffffffffffffffff, r0, 0x94, 0x3, '\x00', {0x3, 0x1, 0x5, 0x100, 0x6, 0x1, 0xfffff747, 0x1, {0x10000, 0x4}, {0x0, 0xfffffff9}, {0xdba, 0x78f}, 0x81, 0x7, 0x2, 0xffffffc0, 0x235b, 0x6, 0x6, 0x100, 0x7, 0x6, '\x00', 0x7, 0x200000, 0x5, 0xe3a}}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="700000001000030500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="35c60100ef000000500012800e0001006970366772657461700000003c00028014000600fe88000000000000000000000000010114000700ff8000000000000000000000000000bb060002000700000008000100", @ANYRESHEX=0x0], 0x70}, 0x1, 0x0, 0x0, 0x240488c0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) fsopen(&(0x7f0000000180)='proc\x00', 0x1) socket$inet6(0xa, 0x1, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f00000001c0)={0x1, @sliced={0x957, [0x6, 0x9, 0x4, 0xc62, 0x0, 0x7ff, 0x2, 0x3, 0x8, 0x400, 0x4, 0x4d5, 0xbd0, 0x0, 0x3, 0xb, 0xf, 0xfff, 0x3, 0x8e, 0xa64c, 0x6025, 0xbad5, 0x7, 0x43, 0x5, 0xbefd, 0x3, 0x6, 0x1, 0x8869, 0x4, 0xfffc, 0x76f, 0x4, 0x8001, 0x9, 0x81, 0x7fff, 0x8, 0x9, 0x8, 0xffff, 0x0, 0x1, 0xa, 0x3], 0xf}}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) setxattr$trusted_overlay_opaque(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), &(0x7f0000000700), 0x2, 0x3) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r7 = openat$cgroup_procs(r5, 0x0, 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) preadv(r7, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/183, 0xb7}], 0x1, 0x21, 0x0) 1.877736256s ago: executing program 3 (id=2107): syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f00000007c0)={0x0, "d6309093fa7936fc7ab4ce479e5fad975b89ed15c642c6c537e7baf08da1630d", 0x4, 0x1}) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "0d5011f02b7fab96e0aa834d3a9e7cfc12178ac0ab1e6227c2b6ddaa5effda90", 0x5, 0x16, 0xfffffffe, 0x1}, 0x3c) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000140)=0x3, 0x4) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x8, 0xe, 0x3, 0x0, 0x1}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x4, 0x0, 0x1, 0x3, {0xa, 0x4e21, 0x6, @mcast2, 0x200000}}}, 0x32) 1.782072991s ago: executing program 3 (id=2108): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002d80), 0x8100, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) unshare(0x24040400) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r2) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x20, 0x140c, 0x2, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000240)="bad33075218151db00316f3a277f953286ddd1dc9119f992e83de525", 0x1c, 0x22008001, &(0x7f0000000080)={0x11, 0x88a8, r7, 0x1, 0xda, 0x6, @multicast}, 0x14) 1.115813772s ago: executing program 3 (id=2109): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)={0x60, r1, 0x1, 0x30000, 0x0, {}, [@WGDEVICE_A_PEERS={0x38, 0x8, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xff2e}, @WGPEER_A_ALLOWEDIPS={0x4}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 1.115485817s ago: executing program 0 (id=2110): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) r2 = syz_io_uring_setup(0x1238, &(0x7f0000000240)={0x0, 0x80fd, 0x80, 0x2, 0xabc}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x1, 0x0, 0x10, 0x0, r2}, &(0x7f0000000380)=0x0, &(0x7f0000000580)) syz_io_uring_submit(r5, r4, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x6, 0x0, @fd_index=0x2, 0x0, {}, 0x2, 0x0, 0x1, {0x0, 0x0, r2}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000280)={0x2, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x3b2, @time={0x65757100, 0x75653100}, 0x0, {0x3}}) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48) r7 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080)={0x4}) (fail_nth: 3) sendmsg$sock(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)='M+', 0x2}], 0x1}, 0x4000880) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f0000000080)=0x400, 0x4) sendmmsg$inet(r0, &(0x7f0000004700)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)='#', 0x1}], 0x1}}], 0x1, 0x20008800) r8 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r8, 0x28, 0x1, &(0x7f0000000040), 0x8) 871.473226ms ago: executing program 3 (id=2111): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f00000002c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa1\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x88m\x10L\xec\xfdWF\x7fj\x19\xb8<\xd2\x9d\xf0\xe9Qy\xe32\xed\x16f\xfe&\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6g', 0x3) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x5, 0x11, r2, 0x5401000) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fa, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) ioctl$KVM_RUN(r3, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x1c, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x23c, 0xd0, 0x11, 0x148, 0xd0, 0x0, 0x1a8, 0x2a8, 0x2a8, 0x1a8, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010102, @multicast2, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {}, {0xff}, 0x67, 0x3, 0x2}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x2, 0x1, 0x3, 0x3, 0x3], 0x1}, {0x3, [0x1, 0x7, 0x0, 0x7, 0x1, 0x4], 0x2, 0x7}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffffff, 'macvtap0\x00', 'netdevsim0\x00'}, 0x0, 0xb8, 0xd8, 0x0, {}, [@inet=@rpfilter={{}, {0x2}}, @common=@icmp={{0x24}, {0x8, '1c'}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2eb) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSET={0x108, 0xb, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_USERDATA={0xe8, 0xd, 0x1, 0x0, "23cbaa5237825426d43332df696989d109bedec6f0a436f696fb5bfb9857061eafb4a5e7d900e8832b2910c28fbe0e80ef03d9cd47a2b7b131b0e0bd4e03c275458b0169bd1efa510fb463e30e1d5d0e3dc7d49a7eb46e9e66461898b91a7c465b8a25e7a5f5b67dad1017c10481d40dc0de0dacda495adf87de0541779b1e9a4d1910f55b733249d30da36d3fbed11958b6a5eb9803205cec39ea720b50b0690ea582941e6a82352eee7e97a99315eed22ae0cffee3b54fa8118e2cd84318d451a1514205abb6b6d9181bdc9e065d1495ecf4f9ecb71ac8964a89c1993f8ea1737ce6b0"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x130}, 0x1, 0x0, 0x0, 0x20040800}, 0x4800) setsockopt$inet6_buf(r4, 0x29, 0xcd, &(0x7f0000000080)="d68b692f9a3127badd6b8246247142f72d396047a0725c3ff8000000ddb05eb86b2ade00085718b1e883316e4cde4b1d26474c6d068195d097bb40f0020000000000000070e2ed8a264832986dff2a3c140acda404d26f00e77d6cb707fe9aef90ffbc4c6ea07b509327d9d04cc81bca1659a77cd3", 0x75) 457.358816ms ago: executing program 1 (id=2112): ioprio_get$pid(0x2, 0x0) 312.66627ms ago: executing program 2 (id=2113): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x230}, 0x1}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x800) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000000}, 0x40810) 215.818811ms ago: executing program 1 (id=2114): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2100000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="8dc47f04d47592718d5193057d51096a84560f92000adde4c88ae5cebd5d100a4a04c3ab1a57510bc13c3cd33441d9ac44d6f5c8f5bb1a8694b1b0222234595975fe1041a5b75ebee9941ffb422402db4df14428a2528c3cf4b5e1a51670134cb1823c73683cee9af9da2296e701ed609af94ddb18e2c2a7dd03b230d89062f210247623a07eb7027b9b3140c7d0ea795493bfa50a5825485bb7e9d4caa5b0d47fff243d9dae46fef340a823afb481f1e9171ff8ff2dde57490be76cc439148ac25ebeac2a"], 0x44}, 0x1, 0xba01}, 0x810) 0s ago: executing program 1 (id=2115): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000b40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000051}, 0x0) kernel console output (not intermixed with test programs): 230158][ T5920] hid-led 0003:27B8:01ED.0025: unbalanced collection at end of report description [ 547.247162][ T5920] hid-led 0003:27B8:01ED.0025: probe with driver hid-led failed with error -22 [ 547.370609][ T5920] usb 4-1: USB disconnect, device number 60 [ 547.520732][ T30] audit: type=1326 audit(1774475459.017:15409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.601913][ T30] audit: type=1326 audit(1774475459.037:15410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.652865][ T30] audit: type=1326 audit(1774475459.037:15411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.727148][ T30] audit: type=1326 audit(1774475459.037:15412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.779094][ T30] audit: type=1326 audit(1774475459.037:15413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.806679][ T30] audit: type=1326 audit(1774475459.037:15414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.835473][ T30] audit: type=1326 audit(1774475459.037:15415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.929838][ T30] audit: type=1326 audit(1774475459.037:15416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 547.975099][T11747] FAULT_INJECTION: forcing a failure. [ 547.975099][T11747] name failslab, interval 1, probability 0, space 0, times 0 [ 548.009879][ T980] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 548.021771][T11747] CPU: 0 UID: 0 PID: 11747 Comm: syz.0.1726 Tainted: G L syzkaller #0 PREEMPT(full) [ 548.021804][T11747] Tainted: [L]=SOFTLOCKUP [ 548.021812][T11747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.021825][T11747] Call Trace: [ 548.021834][T11747] [ 548.021850][T11747] dump_stack_lvl+0xe8/0x150 [ 548.021877][T11747] should_fail_ex+0x412/0x560 [ 548.021904][T11747] should_failslab+0xa8/0x100 [ 548.021926][T11747] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 548.021944][T11747] ? __alloc_skb+0x1d0/0x7d0 [ 548.021959][T11747] ? __local_bh_enable_ip+0xd0/0x130 [ 548.021983][T11747] __alloc_skb+0x1d0/0x7d0 [ 548.021997][T11747] ? netlink_ack_tlv_len+0x6c/0x210 [ 548.022023][T11747] netlink_ack+0x146/0xa50 [ 548.022044][T11747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.022061][T11747] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 548.022081][T11747] ? __pfx_nl80211_post_doit+0x10/0x10 [ 548.022099][T11747] ? __lock_acquire+0x6b5/0x2cf0 [ 548.022127][T11747] netlink_rcv_skb+0x2b6/0x4b0 [ 548.022151][T11747] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.022194][T11747] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 548.022244][T11747] ? down_read+0x272/0x2e0 [ 548.022271][T11747] ? genl_rcv+0xd/0x40 [ 548.022299][T11747] genl_rcv+0x28/0x40 [ 548.022322][T11747] netlink_unicast+0x80f/0x9b0 [ 548.022350][T11747] ? __pfx_netlink_unicast+0x10/0x10 [ 548.022373][T11747] ? netlink_sendmsg+0x650/0xb40 [ 548.022386][T11747] ? skb_put+0x11b/0x210 [ 548.022405][T11747] netlink_sendmsg+0x813/0xb40 [ 548.022427][T11747] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.022444][T11747] ? aa_sock_msg_perm+0xf1/0x1b0 [ 548.022469][T11747] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 548.022489][T11747] ____sys_sendmsg+0x972/0x9f0 [ 548.022515][T11747] ? __pfx_____sys_sendmsg+0x10/0x10 [ 548.022536][T11747] ? kstrtoull+0x12f/0x1d0 [ 548.022564][T11747] ___sys_sendmsg+0x2a5/0x360 [ 548.022586][T11747] ? __pfx____sys_sendmsg+0x10/0x10 [ 548.022606][T11747] ? get_pid_task+0x20/0x1f0 [ 548.022620][T11747] ? get_pid_task+0x20/0x1f0 [ 548.022633][T11747] ? get_pid_task+0x20/0x1f0 [ 548.022667][T11747] ? __fget_files+0x2a/0x420 [ 548.022690][T11747] ? __fget_files+0x3a0/0x420 [ 548.022725][T11747] __sys_sendmsg+0x183/0x260 [ 548.022745][T11747] ? __pfx___sys_sendmsg+0x10/0x10 [ 548.022779][T11747] __do_fast_syscall_32+0x20d/0x640 [ 548.022800][T11747] ? do_fast_syscall_32+0x33/0x70 [ 548.022818][T11747] ? asm_int80_emulation+0x1a/0x20 [ 548.022833][T11747] ? do_int80_emulation+0x274/0x4d0 [ 548.022851][T11747] ? trace_irq_disable+0x3b/0x150 [ 548.022877][T11747] do_fast_syscall_32+0x33/0x70 [ 548.022896][T11747] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 548.022915][T11747] RIP: 0023:0xf70aef6c [ 548.022929][T11747] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 548.022943][T11747] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 548.022960][T11747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 548.022970][T11747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 548.022979][T11747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 548.022988][T11747] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 548.022998][T11747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 548.023020][T11747] [ 548.729876][ T980] usb 2-1: Using ep0 maxpacket: 16 [ 548.735577][T11748] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1725'. [ 548.748062][ T980] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 548.767605][ T980] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 548.804333][ T980] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 548.813610][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.826950][T11752] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1727'. [ 548.836228][ T980] usb 2-1: Product: syz [ 548.842555][ T980] usb 2-1: Manufacturer: syz [ 548.862156][ T980] usb 2-1: SerialNumber: syz [ 549.185941][ T980] usb 2-1: 0:2 : does not exist [ 549.191085][ T980] usb 2-1: unit 9 not found! [ 549.204483][ T980] usb 2-1: 4:0: cannot get min/max values for control 2 (id 4) [ 549.237081][ T980] usb 2-1: 4:0: cannot get min/max values for control 3 (id 4) [ 549.380676][ T980] usb 2-1: USB disconnect, device number 73 [ 549.439479][ T5877] udevd[5877]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 549.486564][T11769] FAULT_INJECTION: forcing a failure. [ 549.486564][T11769] name failslab, interval 1, probability 0, space 0, times 0 [ 549.505024][T11769] CPU: 0 UID: 0 PID: 11769 Comm: syz.4.1730 Tainted: G L syzkaller #0 PREEMPT(full) [ 549.505073][T11769] Tainted: [L]=SOFTLOCKUP [ 549.505083][T11769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 549.505096][T11769] Call Trace: [ 549.505106][T11769] [ 549.505116][T11769] dump_stack_lvl+0xe8/0x150 [ 549.505155][T11769] should_fail_ex+0x412/0x560 [ 549.505194][T11769] should_failslab+0xa8/0x100 [ 549.505223][T11769] ? skb_clone+0x212/0x3a0 [ 549.505250][T11769] kmem_cache_alloc_noprof+0x87/0x650 [ 549.505273][T11769] ? __netlink_lookup+0xc6/0x8b0 [ 549.505303][T11769] skb_clone+0x212/0x3a0 [ 549.505337][T11769] __netlink_deliver_tap+0x404/0x850 [ 549.505384][T11769] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.505418][T11769] netlink_deliver_tap+0x19c/0x1b0 [ 549.505455][T11769] netlink_unicast+0x7e3/0x9b0 [ 549.505494][T11769] ? __pfx_netlink_unicast+0x10/0x10 [ 549.505528][T11769] ? netlink_sendmsg+0x650/0xb40 [ 549.505547][T11769] ? skb_put+0x11b/0x210 [ 549.505574][T11769] netlink_sendmsg+0x813/0xb40 [ 549.505606][T11769] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.505630][T11769] ? kstrtouint+0x6e/0xe0 [ 549.505658][T11769] ? aa_sock_msg_perm+0xf1/0x1b0 [ 549.505693][T11769] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 549.505720][T11769] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.505740][T11769] sock_write_iter+0x49b/0x4f0 [ 549.505773][T11769] ? __pfx_sock_write_iter+0x10/0x10 [ 549.505814][T11769] ? bpf_lsm_file_permission+0x9/0x20 [ 549.505842][T11769] ? security_file_permission+0x75/0x260 [ 549.505879][T11769] vfs_write+0x61d/0xb90 [ 549.505913][T11769] ? __pfx_vfs_write+0x10/0x10 [ 549.505948][T11769] ? __fget_files+0x2a/0x420 [ 549.505991][T11769] ksys_write+0x150/0x270 [ 549.506017][T11769] ? __pfx_ksys_write+0x10/0x10 [ 549.506060][T11769] __do_fast_syscall_32+0x20d/0x640 [ 549.506091][T11769] ? do_fast_syscall_32+0x33/0x70 [ 549.506116][T11769] ? asm_int80_emulation+0x1a/0x20 [ 549.506137][T11769] ? do_int80_emulation+0x274/0x4d0 [ 549.506162][T11769] ? trace_irq_disable+0x3b/0x150 [ 549.506198][T11769] do_fast_syscall_32+0x33/0x70 [ 549.506227][T11769] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 549.506255][T11769] RIP: 0023:0xf7f96f6c [ 549.506277][T11769] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 549.506296][T11769] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 549.506319][T11769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 549.506334][T11769] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000000 [ 549.506347][T11769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 549.506359][T11769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 549.506372][T11769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 549.506404][T11769] [ 550.730054][T11056] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 550.892094][T11056] usb 2-1: config index 0 descriptor too short (expected 64776, got 68) [ 550.902808][T11056] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 550.916541][T11056] usb 2-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 550.936570][T11056] usb 2-1: config index 1 descriptor too short (expected 64776, got 68) [ 551.005974][T11056] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 551.032560][T11787] hub 9-0:1.0: USB hub found [ 551.045762][T11056] usb 2-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 551.064615][T11787] hub 9-0:1.0: 1 port detected [ 551.117269][T11780] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1735'. [ 551.305417][T11791] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1738'. [ 551.520042][T11793] program syz.3.1738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 553.230574][ T30] kauditd_printk_skb: 94 callbacks suppressed [ 553.230594][ T30] audit: type=1326 audit(1774475464.727:15511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.287072][ T30] audit: type=1326 audit(1774475464.727:15512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.312276][ T30] audit: type=1326 audit(1774475464.727:15513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.337141][ T30] audit: type=1326 audit(1774475464.727:15514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.389872][T11056] usb 2-1: string descriptor 0 read error: -71 [ 553.396437][T11056] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 553.425088][T11056] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.607279][ T30] audit: type=1326 audit(1774475464.727:15515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.709846][ T30] audit: type=1326 audit(1774475464.727:15516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.760096][ T30] audit: type=1326 audit(1774475464.727:15517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.829874][ T30] audit: type=1326 audit(1774475464.727:15518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.900524][T11056] usb 2-1: can't set config #1, error -71 [ 553.906868][ T30] audit: type=1326 audit(1774475464.727:15519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 553.968119][T11056] usb 2-1: USB disconnect, device number 74 [ 554.029185][ T30] audit: type=1326 audit(1774475464.727:15520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.2.1746" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 554.259823][ T5929] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 554.429889][ T5929] usb 3-1: Using ep0 maxpacket: 16 [ 554.448092][ T5929] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 554.480139][ T5929] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 554.505614][ T5929] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 554.522668][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.545205][ T5929] usb 3-1: Product: syz [ 554.555356][ T5929] usb 3-1: Manufacturer: syz [ 554.569887][ T5929] usb 3-1: SerialNumber: syz [ 554.683797][T11829] hsr0: entered promiscuous mode [ 554.691091][T11829] xfrm0: entered promiscuous mode [ 554.696160][T11829] xfrm0: entered allmulticast mode [ 554.820592][ T5929] usb 3-1: 0:2 : does not exist [ 554.841019][ T5929] usb 3-1: unit 9 not found! [ 554.885052][ T5929] usb 3-1: 4:0: cannot get min/max values for control 2 (id 4) [ 554.910586][ T980] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 554.924262][ T5929] usb 3-1: 4:0: cannot get min/max values for control 3 (id 4) [ 555.010158][T11835] hsr0: entered promiscuous mode [ 555.019195][T11837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1755'. [ 555.031353][T11835] xfrm0: entered promiscuous mode [ 555.036445][T11835] xfrm0: entered allmulticast mode [ 555.042156][T11837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1755'. [ 555.053659][ T5929] usb 3-1: USB disconnect, device number 94 [ 555.079860][ T980] usb 5-1: Using ep0 maxpacket: 8 [ 555.092919][ T980] usb 5-1: unable to get BOS descriptor or descriptor too short [ 555.122515][ T980] usb 5-1: config 4 interface 0 has no altsetting 0 [ 555.133185][ T980] usb 5-1: string descriptor 0 read error: -22 [ 555.139796][ T980] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 555.140286][ T5877] udevd[5877]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 555.151419][ T980] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 555.204954][ T980] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 555.225148][ T980] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 555.268669][ T980] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 555.281365][ T980] usb 5-1: media controller created [ 555.332616][ T980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 555.484156][T11848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1759'. [ 555.495583][T11848] veth1_macvtap: left promiscuous mode [ 555.692603][T11854] FAULT_INJECTION: forcing a failure. [ 555.692603][T11854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 555.709942][T11854] CPU: 1 UID: 0 PID: 11854 Comm: syz.3.1762 Tainted: G L syzkaller #0 PREEMPT(full) [ 555.709980][T11854] Tainted: [L]=SOFTLOCKUP [ 555.709989][T11854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 555.710003][T11854] Call Trace: [ 555.710013][T11854] [ 555.710024][T11854] dump_stack_lvl+0xe8/0x150 [ 555.710063][T11854] should_fail_ex+0x412/0x560 [ 555.710102][T11854] _copy_from_user+0x2d/0xb0 [ 555.710129][T11854] get_compat_msghdr+0xb3/0x4c0 [ 555.710155][T11854] ? __lock_acquire+0x6b5/0x2cf0 [ 555.710188][T11854] ? __pfx_get_compat_msghdr+0x10/0x10 [ 555.710222][T11854] ? kstrtoull+0x12f/0x1d0 [ 555.710262][T11854] ___sys_sendmsg+0x201/0x360 [ 555.710296][T11854] ? __pfx____sys_sendmsg+0x10/0x10 [ 555.710325][T11854] ? get_pid_task+0x20/0x1f0 [ 555.710346][T11854] ? get_pid_task+0x20/0x1f0 [ 555.710365][T11854] ? get_pid_task+0x20/0x1f0 [ 555.710413][T11854] ? __fget_files+0x2a/0x420 [ 555.710447][T11854] ? __fget_files+0x3a0/0x420 [ 555.710489][T11854] __sys_sendmsg+0x183/0x260 [ 555.710518][T11854] ? __pfx___sys_sendmsg+0x10/0x10 [ 555.710567][T11854] __do_fast_syscall_32+0x20d/0x640 [ 555.710598][T11854] ? do_fast_syscall_32+0x33/0x70 [ 555.710624][T11854] ? asm_int80_emulation+0x1a/0x20 [ 555.710645][T11854] ? do_int80_emulation+0x274/0x4d0 [ 555.710672][T11854] ? trace_irq_disable+0x3b/0x150 [ 555.710708][T11854] do_fast_syscall_32+0x33/0x70 [ 555.710736][T11854] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 555.710764][T11854] RIP: 0023:0xf703ef6c [ 555.710784][T11854] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 555.710805][T11854] RSP: 002b:00000000f542d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 555.710829][T11854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 555.710844][T11854] RDX: 0000000020040000 RSI: 0000000000000000 RDI: 0000000000000000 [ 555.710858][T11854] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 555.710871][T11854] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 555.710884][T11854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 555.710918][T11854] [ 556.322932][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1765'. [ 556.432315][ T980] zl10353_read_register: readreg error (reg=127, ret==0) [ 556.539197][ T980] usb 5-1: USB disconnect, device number 58 [ 556.638044][T11868] hub 9-0:1.0: USB hub found [ 556.643148][ T5929] usb 4-1: new full-speed USB device number 61 using dummy_hcd [ 556.652547][T11868] hub 9-0:1.0: 1 port detected [ 556.816175][ T5929] usb 4-1: config 128 interface 0 has no altsetting 0 [ 556.824794][ T5929] usb 4-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 556.842958][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.709823][ T5920] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 557.820311][ T796] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 557.859381][ T5929] usb 4-1: string descriptor 0 read error: -71 [ 557.871868][ T5920] usb 5-1: Using ep0 maxpacket: 16 [ 557.888801][ T5920] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 557.906229][ T5929] usb 4-1: selecting invalid altsetting 3 [ 557.930025][ T5920] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 557.943998][ T5929] comedi comedi5: could not set alternate setting 3 in high speed [ 557.963060][ T5920] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 557.969292][ T5929] usbduxsigma 4-1:128.0: driver 'usbduxsigma' failed to auto-configure device. [ 557.972450][ T796] usb 3-1: device descriptor read/64, error -71 [ 558.019836][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.025346][ T5929] usbduxsigma 4-1:128.0: probe with driver usbduxsigma failed with error -22 [ 558.027902][ T5920] usb 5-1: Product: syz [ 558.027930][ T5920] usb 5-1: Manufacturer: syz [ 558.027949][ T5920] usb 5-1: SerialNumber: syz [ 558.086715][ T5929] usb 4-1: USB disconnect, device number 61 [ 558.250459][ T796] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 558.387394][T11903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1777'. [ 558.400343][ T30] kauditd_printk_skb: 198 callbacks suppressed [ 558.400363][ T30] audit: type=1326 audit(1774475469.897:15719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11877 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96f6c code=0x7ffc0000 [ 558.459808][ T796] usb 3-1: device descriptor read/64, error -71 [ 558.469981][ T5920] usb 5-1: 0:2 : does not exist [ 558.474913][ T5920] usb 5-1: unit 9 not found! [ 558.496566][ T30] audit: type=1326 audit(1774475469.917:15720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11877 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96f6c code=0x7ffc0000 [ 558.522227][ T5920] usb 5-1: 4:0: cannot get min/max values for control 2 (id 4) [ 558.536105][ T5920] usb 5-1: 4:0: cannot get min/max values for control 3 (id 4) [ 559.181790][ T796] usb usb3-port1: attempt power cycle [ 559.314555][ T5920] usb 5-1: USB disconnect, device number 59 [ 559.373959][ T5877] udevd[5877]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 559.513373][T11908] netlink: 'syz.0.1782': attribute type 1 has an invalid length. [ 559.524486][T11908] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 559.539854][ T796] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 559.572647][ T796] usb 3-1: device descriptor read/8, error -71 [ 559.761204][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.777756][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.800452][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.809832][ T796] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 559.830575][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.842159][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.856849][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.861903][ T796] usb 3-1: device descriptor read/8, error -71 [ 559.879132][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.888366][ T5929] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 559.904927][T11917] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1786'. [ 559.981428][ T796] usb usb3-port1: unable to enumerate USB device [ 560.046126][ T5929] usb 2-1: config index 0 descriptor too short (expected 64776, got 68) [ 560.076356][ T5929] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 560.111505][ T5929] usb 2-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 560.144760][ T5929] usb 2-1: config index 1 descriptor too short (expected 64776, got 68) [ 560.168404][ T5929] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 560.193476][ T5929] usb 2-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 560.794959][T11929] xfrm0: entered promiscuous mode [ 560.803806][T11929] xfrm0: entered allmulticast mode [ 561.020555][ T30] audit: type=1326 audit(1774475472.517:15721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11934 comm="syz.2.1792" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x0 [ 561.393497][T11944] IPVS: Unknown mcast interface: nicvf0 [ 561.822991][T11956] __nla_validate_parse: 26 callbacks suppressed [ 561.823043][T11956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1800'. [ 561.838411][T11956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1800'. [ 562.084883][T11960] hsr0: entered promiscuous mode [ 562.098403][T11960] xfrm0: entered promiscuous mode [ 562.129697][T11960] xfrm0: entered allmulticast mode [ 562.151968][T11960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1801'. [ 562.625680][T11973] FAULT_INJECTION: forcing a failure. [ 562.625680][T11973] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 562.679440][T11973] CPU: 1 UID: 0 PID: 11973 Comm: syz.2.1807 Tainted: G L syzkaller #0 PREEMPT(full) [ 562.679478][T11973] Tainted: [L]=SOFTLOCKUP [ 562.679488][T11973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 562.679502][T11973] Call Trace: [ 562.679511][T11973] [ 562.679521][T11973] dump_stack_lvl+0xe8/0x150 [ 562.679560][T11973] should_fail_ex+0x412/0x560 [ 562.679601][T11973] _copy_from_user+0x2d/0xb0 [ 562.679629][T11973] get_compat_msghdr+0xb3/0x4c0 [ 562.679653][T11973] ? kstrtoull+0x12f/0x1d0 [ 562.679688][T11973] ? __pfx_get_compat_msghdr+0x10/0x10 [ 562.679728][T11973] ___sys_recvmsg+0x1dd/0x590 [ 562.679754][T11973] ? get_pid_task+0x20/0x1f0 [ 562.679780][T11973] ? __pfx____sys_recvmsg+0x10/0x10 [ 562.679833][T11973] ? __pfx_vfs_write+0x10/0x10 [ 562.679866][T11973] __sys_recvmsg+0x180/0x250 [ 562.679895][T11973] ? __pfx___sys_recvmsg+0x10/0x10 [ 562.679943][T11973] __do_fast_syscall_32+0x20d/0x640 [ 562.679972][T11973] ? do_fast_syscall_32+0x33/0x70 [ 562.679997][T11973] ? asm_int80_emulation+0x1a/0x20 [ 562.680018][T11973] ? do_int80_emulation+0x274/0x4d0 [ 562.680043][T11973] ? trace_irq_disable+0x3b/0x150 [ 562.680088][T11973] do_fast_syscall_32+0x33/0x70 [ 562.680116][T11973] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 562.680143][T11973] RIP: 0023:0xf701ef6c [ 562.680162][T11973] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 562.680180][T11973] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000174 [ 562.680224][T11973] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000ac0 [ 562.680240][T11973] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000000 [ 562.680254][T11973] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 562.680266][T11973] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 562.680278][T11973] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 562.680307][T11973] [ 563.143625][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.151231][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.157795][ T5929] usb 2-1: string descriptor 0 read error: -71 [ 563.176345][ T5929] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 563.220692][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.259968][ T5929] usb 2-1: can't set config #1, error -71 [ 563.310142][ T5929] usb 2-1: USB disconnect, device number 75 [ 564.001022][T12000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1816'. [ 564.774520][T12017] syzkaller0: Caught tx_queue_len zero misconfig [ 565.361299][T12028] FAULT_INJECTION: forcing a failure. [ 565.361299][T12028] name failslab, interval 1, probability 0, space 0, times 0 [ 565.428004][T12034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1828'. [ 565.467625][T12028] CPU: 0 UID: 0 PID: 12028 Comm: syz.1.1825 Tainted: G L syzkaller #0 PREEMPT(full) [ 565.467660][T12028] Tainted: [L]=SOFTLOCKUP [ 565.467668][T12028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 565.467681][T12028] Call Trace: [ 565.467691][T12028] [ 565.467699][T12028] dump_stack_lvl+0xe8/0x150 [ 565.467736][T12028] should_fail_ex+0x412/0x560 [ 565.467775][T12028] should_failslab+0xa8/0x100 [ 565.467807][T12028] __kmalloc_noprof+0xe8/0x760 [ 565.467833][T12028] ? tomoyo_encode+0x28b/0x550 [ 565.467873][T12028] tomoyo_encode+0x28b/0x550 [ 565.467923][T12028] tomoyo_realpath_from_path+0x58d/0x5d0 [ 565.467969][T12028] ? tomoyo_path_number_perm+0x219/0x630 [ 565.467999][T12028] tomoyo_path_number_perm+0x246/0x630 [ 565.468032][T12028] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 565.468065][T12028] ? __lock_acquire+0x6b5/0x2cf0 [ 565.468129][T12028] ? __fget_files+0x2a/0x420 [ 565.468165][T12028] ? __fget_files+0x3a0/0x420 [ 565.468197][T12028] ? __fget_files+0x2a/0x420 [ 565.468234][T12028] security_file_ioctl_compat+0xc3/0x2a0 [ 565.468266][T12028] __ia32_compat_sys_ioctl+0x139/0x950 [ 565.468298][T12028] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 565.468329][T12028] ? __fget_files+0x3a0/0x420 [ 565.468368][T12028] ? fput+0xa0/0xd0 [ 565.468415][T12028] __do_fast_syscall_32+0x20d/0x640 [ 565.468446][T12028] ? do_fast_syscall_32+0x33/0x70 [ 565.468470][T12028] ? asm_int80_emulation+0x1a/0x20 [ 565.468492][T12028] ? do_int80_emulation+0x274/0x4d0 [ 565.468516][T12028] ? trace_irq_disable+0x3b/0x150 [ 565.468553][T12028] do_fast_syscall_32+0x33/0x70 [ 565.468579][T12028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 565.468605][T12028] RIP: 0023:0xf6feef6c [ 565.468625][T12028] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 565.468645][T12028] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 565.468670][T12028] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1 [ 565.468685][T12028] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 565.468699][T12028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 565.468712][T12028] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 565.468725][T12028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 565.468756][T12028] [ 565.468796][T12028] ERROR: Out of memory at tomoyo_realpath_from_path. [ 567.315263][ T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 567.469861][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 567.477181][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.488737][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.498980][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 567.508258][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.530444][ T24] usb 2-1: config 0 descriptor?? [ 567.547527][ T24] hub 2-1:0.0: USB hub found [ 567.747876][ T24] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 568.056159][T12067] binder: BINDER_SET_CONTEXT_MGR already set [ 568.062895][T12067] binder: 12052:12067 ioctl 4018620d 80004a80 returned -16 [ 568.098626][ T24] usbhid 2-1:0.0: can't add hid device: -71 [ 568.104779][ T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 568.183921][ T24] usb 2-1: USB disconnect, device number 76 [ 568.918565][T12080] hub 9-0:1.0: USB hub found [ 568.924811][T12080] hub 9-0:1.0: 1 port detected [ 569.655076][ T30] audit: type=1326 audit(1774475481.147:15722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 569.723067][ T30] audit: type=1326 audit(1774475481.147:15723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 569.776306][ T30] audit: type=1326 audit(1774475481.147:15724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 569.831728][ T30] audit: type=1326 audit(1774475481.147:15725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 569.886392][ T30] audit: type=1326 audit(1774475481.147:15726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 569.943117][ T30] audit: type=1326 audit(1774475481.147:15727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 570.002206][ T9] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 570.175003][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.187397][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.199835][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 570.211431][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.233047][ T9] usb 5-1: config 0 descriptor?? [ 570.411916][T12107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1852'. [ 570.461849][T12099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.470766][T12099] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.481904][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 570.488181][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 570.499979][ T9] usb 5-1: USB disconnect, device number 60 [ 570.571903][T12108] ptrace attach of "./syz-executor exec"[6750] was attempted by "./syz-executor exec"[12108] [ 570.930033][ T24] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 571.109803][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 571.123938][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.148572][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.171901][ T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 571.201484][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.235951][ T24] usb 5-1: config 0 descriptor?? [ 571.684468][ T24] hid_parser_main: 28 callbacks suppressed [ 571.684496][ T24] mcp2221 0003:04D8:00DD.0026: unknown main item tag 0x0 [ 571.727542][ T24] mcp2221 0003:04D8:00DD.0026: USB HID v0.00 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 571.738401][ T30] audit: type=1326 audit(1774475483.217:15728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 571.789811][ T30] audit: type=1326 audit(1774475483.217:15729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12090 comm="syz.1.1847" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 571.884029][ T24] usb 5-1: USB disconnect, device number 61 [ 572.501334][T12125] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1857'. [ 572.510752][T12125] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1857'. [ 572.849567][T12130] hub 9-0:1.0: USB hub found [ 572.858052][T12130] hub 9-0:1.0: 1 port detected [ 573.979576][T12144] hsr0: entered promiscuous mode [ 574.035384][ T30] audit: type=1326 audit(1774475485.527:15730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.1.1866" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 574.079849][ T30] audit: type=1326 audit(1774475485.527:15731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.1.1866" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 574.165356][T12154] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 574.178691][T12154] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1867'. [ 574.234935][T12154] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1867'. [ 574.399828][ T9] usb 3-1: new full-speed USB device number 99 using dummy_hcd [ 574.622323][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 574.631229][ T9] usb 3-1: not running at top speed; connect to a high speed hub [ 574.643816][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 574.655164][ T9] usb 3-1: string descriptor 0 read error: -22 [ 574.662045][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.40 [ 574.671680][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.478494][T12152] FAULT_INJECTION: forcing a failure. [ 575.478494][T12152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 575.499769][T12152] CPU: 0 UID: 0 PID: 12152 Comm: syz.2.1868 Tainted: G L syzkaller #0 PREEMPT(full) [ 575.499807][T12152] Tainted: [L]=SOFTLOCKUP [ 575.499816][T12152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 575.499830][T12152] Call Trace: [ 575.499840][T12152] [ 575.499849][T12152] dump_stack_lvl+0xe8/0x150 [ 575.499889][T12152] should_fail_ex+0x412/0x560 [ 575.499927][T12152] _copy_from_user+0x2d/0xb0 [ 575.499954][T12152] get_compat_msghdr+0xb3/0x4c0 [ 575.499979][T12152] ? __lock_acquire+0x6b5/0x2cf0 [ 575.500012][T12152] ? __pfx_get_compat_msghdr+0x10/0x10 [ 575.500038][T12152] ? kstrtoull+0x12f/0x1d0 [ 575.500076][T12152] ___sys_sendmsg+0x201/0x360 [ 575.500109][T12152] ? __pfx____sys_sendmsg+0x10/0x10 [ 575.500137][T12152] ? get_pid_task+0x20/0x1f0 [ 575.500159][T12152] ? get_pid_task+0x20/0x1f0 [ 575.500177][T12152] ? get_pid_task+0x20/0x1f0 [ 575.500225][T12152] ? __fget_files+0x2a/0x420 [ 575.500257][T12152] ? __fget_files+0x3a0/0x420 [ 575.500301][T12152] __sys_sendmsg+0x183/0x260 [ 575.500330][T12152] ? __pfx___sys_sendmsg+0x10/0x10 [ 575.500378][T12152] __do_fast_syscall_32+0x20d/0x640 [ 575.500409][T12152] ? do_fast_syscall_32+0x33/0x70 [ 575.500435][T12152] ? asm_int80_emulation+0x1a/0x20 [ 575.500456][T12152] ? do_int80_emulation+0x274/0x4d0 [ 575.500482][T12152] ? trace_irq_disable+0x3b/0x150 [ 575.500518][T12152] do_fast_syscall_32+0x33/0x70 [ 575.500546][T12152] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 575.500573][T12152] RIP: 0023:0xf701ef6c [ 575.500593][T12152] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 575.500613][T12152] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 575.500636][T12152] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000080 [ 575.500652][T12152] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000 [ 575.500665][T12152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 575.500679][T12152] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 575.500691][T12152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 575.500722][T12152] [ 575.770983][T12158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 575.781819][T12158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.797497][ T9] usbhid 3-1:1.0: can't add hid device: -71 [ 575.803680][ T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 575.815664][ T9] usb 3-1: USB disconnect, device number 99 [ 575.999844][ T24] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 576.009898][ T5920] usb 5-1: new full-speed USB device number 62 using dummy_hcd [ 576.151653][ T24] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 576.161022][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.173770][ T24] usb 4-1: config 0 descriptor?? [ 576.178893][ T5920] usb 5-1: unable to get BOS descriptor or descriptor too short [ 576.194539][ T5920] usb 5-1: not running at top speed; connect to a high speed hub [ 576.205779][ T5920] usb 5-1: config 1 interface 0 has no altsetting 0 [ 576.215770][ T5920] usb 5-1: string descriptor 0 read error: -22 [ 576.222251][ T5920] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.40 [ 576.231387][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.506045][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 576.506065][ T30] audit: type=1400 audit(1774475487.997:15738): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12164 comm="syz.3.1869" [ 576.800682][T12170] syzkaller0: entered promiscuous mode [ 576.825315][T12170] syzkaller0: entered allmulticast mode [ 576.866462][T12178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.895677][T12178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 576.934273][T12181] FAULT_INJECTION: forcing a failure. [ 576.934273][T12181] name failslab, interval 1, probability 0, space 0, times 0 [ 576.979869][T12181] CPU: 1 UID: 0 PID: 12181 Comm: syz.0.1874 Tainted: G L syzkaller #0 PREEMPT(full) [ 576.979906][T12181] Tainted: [L]=SOFTLOCKUP [ 576.979915][T12181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 576.979929][T12181] Call Trace: [ 576.979938][T12181] [ 576.979948][T12181] dump_stack_lvl+0xe8/0x150 [ 576.979986][T12181] should_fail_ex+0x412/0x560 [ 576.980025][T12181] should_failslab+0xa8/0x100 [ 576.980058][T12181] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 576.980084][T12181] ? __alloc_skb+0x186/0x7d0 [ 576.980106][T12181] ? __alloc_skb+0x1d0/0x7d0 [ 576.980125][T12181] ? __local_bh_enable_ip+0xd0/0x130 [ 576.980158][T12181] __alloc_skb+0x1d0/0x7d0 [ 576.980182][T12181] ? netlink_ack_tlv_len+0x6c/0x210 [ 576.980218][T12181] netlink_ack+0x146/0xa50 [ 576.980247][T12181] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 576.980279][T12181] ? ref_tracker_free+0x693/0x840 [ 576.980310][T12181] ? __copy_skb_header+0xa3/0x4a0 [ 576.980338][T12181] ? __pfx_ref_tracker_free+0x10/0x10 [ 576.980382][T12181] netlink_rcv_skb+0x2b6/0x4b0 [ 576.980415][T12181] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 576.980451][T12181] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 576.980495][T12181] ? netlink_deliver_tap+0x2e/0x1b0 [ 576.980544][T12181] netlink_unicast+0x80f/0x9b0 [ 576.980584][T12181] ? __pfx_netlink_unicast+0x10/0x10 [ 576.980617][T12181] ? netlink_sendmsg+0x650/0xb40 [ 576.980636][T12181] ? skb_put+0x11b/0x210 [ 576.980661][T12181] netlink_sendmsg+0x813/0xb40 [ 576.980691][T12181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 576.980714][T12181] ? aa_sock_msg_perm+0xf1/0x1b0 [ 576.980745][T12181] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 576.980769][T12181] ____sys_sendmsg+0x972/0x9f0 [ 576.980801][T12181] ? __pfx_____sys_sendmsg+0x10/0x10 [ 576.980831][T12181] ? kstrtoull+0x12f/0x1d0 [ 576.980869][T12181] ___sys_sendmsg+0x2a5/0x360 [ 576.980901][T12181] ? __pfx____sys_sendmsg+0x10/0x10 [ 576.980929][T12181] ? get_pid_task+0x20/0x1f0 [ 576.980949][T12181] ? get_pid_task+0x20/0x1f0 [ 576.980967][T12181] ? get_pid_task+0x20/0x1f0 [ 576.981014][T12181] ? __fget_files+0x2a/0x420 [ 576.981047][T12181] ? __fget_files+0x3a0/0x420 [ 576.981089][T12181] __sys_sendmsg+0x183/0x260 [ 576.981117][T12181] ? __pfx___sys_sendmsg+0x10/0x10 [ 576.981165][T12181] __do_fast_syscall_32+0x20d/0x640 [ 576.981195][T12181] ? do_fast_syscall_32+0x33/0x70 [ 576.981220][T12181] ? asm_int80_emulation+0x1a/0x20 [ 576.981242][T12181] ? do_int80_emulation+0x274/0x4d0 [ 576.981268][T12181] ? trace_irq_disable+0x3b/0x150 [ 576.981305][T12181] do_fast_syscall_32+0x33/0x70 [ 576.981333][T12181] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 576.981359][T12181] RIP: 0023:0xf70aef6c [ 576.981380][T12181] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 576.981401][T12181] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 576.981425][T12181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 576.981441][T12181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 576.981454][T12181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 576.981467][T12181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 576.981481][T12181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 576.981511][T12181] [ 577.464060][ T30] audit: type=1326 audit(1774475488.957:15739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.508137][ T5920] usbhid 5-1:1.0: can't add hid device: -71 [ 577.514356][ T5920] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 577.528885][ T5920] usb 5-1: USB disconnect, device number 62 [ 577.586764][ T30] audit: type=1326 audit(1774475488.997:15740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.651289][ T30] audit: type=1326 audit(1774475488.997:15741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.675286][ T30] audit: type=1326 audit(1774475488.997:15742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.698341][ T30] audit: type=1326 audit(1774475488.997:15743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.721820][ T30] audit: type=1326 audit(1774475488.997:15744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.745983][ T30] audit: type=1326 audit(1774475488.997:15745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.788665][ T30] audit: type=1326 audit(1774475488.997:15746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.821056][ T30] audit: type=1326 audit(1774475488.997:15747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.0.1876" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 577.909826][ T9] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 578.069799][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 578.082188][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 578.092703][ T9] usb 2-1: config 4 interface 0 has no altsetting 0 [ 578.103594][ T9] usb 2-1: string descriptor 0 read error: -22 [ 578.111086][ T9] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 578.132568][ T9] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 578.182433][ T9] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 578.259683][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 578.340993][ T9] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 578.348334][ T9] usb 2-1: media controller created [ 578.438073][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 578.739845][ T980] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 578.874034][ T24] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 578.910051][ T980] usb 5-1: device descriptor read/64, error -71 [ 578.913373][ T24] [drm:udl_init] *ERROR* Selecting channel failed [ 579.088839][ T24] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 579.119534][ T24] [drm] Initialized udl on minor 2 [ 579.146972][ T24] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 579.183226][ T24] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 579.197688][T11056] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 579.199969][ T980] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 579.239457][ T24] usb 4-1: USB disconnect, device number 62 [ 579.256602][T11056] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 579.288468][T11056] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 579.359867][ T980] usb 5-1: device descriptor read/64, error -71 [ 579.400866][ T9] zl10353_read_register: readreg error (reg=127, ret==0) [ 579.490479][ T980] usb usb5-port1: attempt power cycle [ 579.510518][ T9] usb 2-1: USB disconnect, device number 77 [ 579.670114][ T24] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 579.832385][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.843995][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 579.858927][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 579.870727][ T980] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 579.873555][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.911051][ T980] usb 5-1: device descriptor read/8, error -71 [ 579.974060][ T24] usb 4-1: config 0 descriptor?? [ 580.166109][T12213] netlink: 'syz.0.1886': attribute type 30 has an invalid length. [ 580.177450][T12213] tipc: Enabled bearer , priority 0 [ 580.180276][ T980] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 580.220564][ T980] usb 5-1: device descriptor read/8, error -71 [ 580.228196][T12213] syzkaller0: entered promiscuous mode [ 580.234662][T12213] syzkaller0: entered allmulticast mode [ 580.267065][T12213] tipc: Resetting bearer [ 580.277077][T12212] tipc: Resetting bearer [ 580.297052][T12212] tipc: Disabling bearer [ 580.331602][ T980] usb usb5-port1: unable to enumerate USB device [ 580.428173][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.435651][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.447000][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.459803][T11056] usb 2-1: new full-speed USB device number 78 using dummy_hcd [ 580.467787][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.477660][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.489154][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.498445][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.505756][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.519186][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.526875][ T24] logitech 0003:046D:C293.0027: unknown main item tag 0x0 [ 580.543309][ T24] logitech 0003:046D:C293.0027: hidraw0: USB HID v0.04 Device [HID 046d:c293] on usb-dummy_hcd.3-1/input0 [ 580.554886][ T24] logitech 0003:046D:C293.0027: no inputs found [ 580.600169][T11056] usb 2-1: device descriptor read/64, error -71 [ 580.636273][ T980] usb 4-1: USB disconnect, device number 63 [ 580.694033][T12219] FAULT_INJECTION: forcing a failure. [ 580.694033][T12219] name failslab, interval 1, probability 0, space 0, times 0 [ 580.706917][T12219] CPU: 0 UID: 0 PID: 12219 Comm: syz.0.1888 Tainted: G L syzkaller #0 PREEMPT(full) [ 580.706952][T12219] Tainted: [L]=SOFTLOCKUP [ 580.706962][T12219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 580.706977][T12219] Call Trace: [ 580.706987][T12219] [ 580.706996][T12219] dump_stack_lvl+0xe8/0x150 [ 580.707034][T12219] should_fail_ex+0x412/0x560 [ 580.707072][T12219] should_failslab+0xa8/0x100 [ 580.707103][T12219] __kmalloc_node_noprof+0xf0/0x7c0 [ 580.707130][T12219] ? load_msg+0x41/0x3b0 [ 580.707231][T12219] load_msg+0x41/0x3b0 [ 580.707259][T12219] do_msgsnd+0x1a9/0x1530 [ 580.707288][T12219] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 580.707330][T12219] ? __pfx_do_msgsnd+0x10/0x10 [ 580.707356][T12219] ? __might_fault+0xaf/0x130 [ 580.707383][T12219] ? __ia32_compat_sys_msgsnd+0xed/0x120 [ 580.707412][T12219] __do_fast_syscall_32+0x20d/0x640 [ 580.707442][T12219] ? do_fast_syscall_32+0x33/0x70 [ 580.707467][T12219] ? asm_int80_emulation+0x1a/0x20 [ 580.707489][T12219] ? do_int80_emulation+0x274/0x4d0 [ 580.707514][T12219] ? trace_irq_disable+0x3b/0x150 [ 580.707552][T12219] do_fast_syscall_32+0x33/0x70 [ 580.707579][T12219] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 580.707607][T12219] RIP: 0023:0xf70aef6c [ 580.707628][T12219] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 580.707648][T12219] RSP: 002b:00000000f547c50c EFLAGS: 00000206 ORIG_RAX: 0000000000000190 [ 580.707671][T12219] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000080000340 [ 580.707688][T12219] RDX: 0000000000002000 RSI: 0000000000000000 RDI: 0000000000000000 [ 580.707701][T12219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 580.707714][T12219] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 580.707728][T12219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 580.707759][T12219] [ 580.969798][T11056] usb 2-1: new full-speed USB device number 79 using dummy_hcd [ 581.109943][T11056] usb 2-1: device descriptor read/64, error -71 [ 581.220587][T11056] usb usb2-port1: attempt power cycle [ 581.569741][T12226] syzkaller1: entered promiscuous mode [ 581.575063][T11056] usb 2-1: new full-speed USB device number 80 using dummy_hcd [ 581.575354][T12226] syzkaller1: entered allmulticast mode [ 581.600684][T11056] usb 2-1: device descriptor read/8, error -71 [ 581.812525][ T30] kauditd_printk_skb: 544 callbacks suppressed [ 581.812546][ T30] audit: type=1326 audit(1774475493.307:16292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.2.1883" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 581.843073][T11056] usb 2-1: new full-speed USB device number 81 using dummy_hcd [ 581.853282][ T30] audit: type=1326 audit(1774475493.307:16293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12202 comm="syz.2.1883" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 581.876600][T11056] usb 2-1: device descriptor read/8, error -71 [ 581.990222][T11056] usb usb2-port1: unable to enumerate USB device [ 582.597610][ T30] audit: type=1326 audit(1774475494.087:16294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.636877][ T30] audit: type=1326 audit(1774475494.087:16295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.704427][ T30] audit: type=1326 audit(1774475494.087:16296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.729102][ T30] audit: type=1326 audit(1774475494.087:16297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.769189][ T30] audit: type=1326 audit(1774475494.087:16298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.792082][ T30] audit: type=1326 audit(1774475494.087:16299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.817582][ T30] audit: type=1326 audit(1774475494.087:16300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.841642][ T30] audit: type=1326 audit(1774475494.087:16301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12252 comm="syz.2.1899" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 582.864560][T12261] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 583.122371][T12247] netlink: 'syz.3.1897': attribute type 10 has an invalid length. [ 583.137680][T12247] team0: Port device dummy0 added [ 583.941145][T12285] FAULT_INJECTION: forcing a failure. [ 583.941145][T12285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 583.954370][T12285] CPU: 0 UID: 0 PID: 12285 Comm: syz.1.1908 Tainted: G L syzkaller #0 PREEMPT(full) [ 583.954405][T12285] Tainted: [L]=SOFTLOCKUP [ 583.954414][T12285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 583.954428][T12285] Call Trace: [ 583.954439][T12285] [ 583.954449][T12285] dump_stack_lvl+0xe8/0x150 [ 583.954485][T12285] should_fail_ex+0x412/0x560 [ 583.954529][T12285] _copy_from_user+0x2d/0xb0 [ 583.954566][T12285] get_compat_msghdr+0xb3/0x4c0 [ 583.954591][T12285] ? __lock_acquire+0x6b5/0x2cf0 [ 583.954624][T12285] ? __pfx_get_compat_msghdr+0x10/0x10 [ 583.954649][T12285] ? kstrtoull+0x12f/0x1d0 [ 583.954688][T12285] ___sys_sendmsg+0x201/0x360 [ 583.954720][T12285] ? __pfx____sys_sendmsg+0x10/0x10 [ 583.954748][T12285] ? get_pid_task+0x20/0x1f0 [ 583.954769][T12285] ? get_pid_task+0x20/0x1f0 [ 583.954788][T12285] ? get_pid_task+0x20/0x1f0 [ 583.954842][T12285] ? __fget_files+0x2a/0x420 [ 583.954874][T12285] ? __fget_files+0x3a0/0x420 [ 583.954917][T12285] __sys_sendmsg+0x183/0x260 [ 583.954945][T12285] ? __pfx___sys_sendmsg+0x10/0x10 [ 583.954993][T12285] __do_fast_syscall_32+0x20d/0x640 [ 583.955024][T12285] ? do_fast_syscall_32+0x33/0x70 [ 583.955048][T12285] ? asm_int80_emulation+0x1a/0x20 [ 583.955071][T12285] ? do_int80_emulation+0x274/0x4d0 [ 583.955096][T12285] ? trace_irq_disable+0x3b/0x150 [ 583.955133][T12285] do_fast_syscall_32+0x33/0x70 [ 583.955160][T12285] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.955187][T12285] RIP: 0023:0xf6feef6c [ 583.955208][T12285] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 583.955227][T12285] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 583.955252][T12285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 583.955267][T12285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.955281][T12285] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.955294][T12285] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 583.955306][T12285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.955336][T12285] [ 584.723609][T12292] syzkaller0: entered promiscuous mode [ 584.729526][T12292] syzkaller0: entered allmulticast mode [ 584.963780][T12303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1913'. [ 585.149180][T12306] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1914'. [ 585.161692][T12306] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1914'. [ 585.170959][T12306] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1914'. [ 585.591681][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1918'. [ 585.893372][T12333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1925'. [ 587.172558][T12359] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 587.296962][T12364] FAULT_INJECTION: forcing a failure. [ 587.296962][T12364] name failslab, interval 1, probability 0, space 0, times 0 [ 587.317750][T12364] CPU: 0 UID: 0 PID: 12364 Comm: syz.1.1934 Tainted: G L syzkaller #0 PREEMPT(full) [ 587.317786][T12364] Tainted: [L]=SOFTLOCKUP [ 587.317795][T12364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 587.317809][T12364] Call Trace: [ 587.317819][T12364] [ 587.317829][T12364] dump_stack_lvl+0xe8/0x150 [ 587.317867][T12364] should_fail_ex+0x412/0x560 [ 587.317921][T12364] should_failslab+0xa8/0x100 [ 587.317956][T12364] __kmalloc_noprof+0xe8/0x760 [ 587.317974][T12364] ? tomoyo_encode+0x28b/0x550 [ 587.318003][T12364] tomoyo_encode+0x28b/0x550 [ 587.318032][T12364] tomoyo_realpath_from_path+0x58d/0x5d0 [ 587.318065][T12364] ? tomoyo_path2_perm+0x299/0x760 [ 587.318086][T12364] tomoyo_path2_perm+0x2e7/0x760 [ 587.318112][T12364] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 587.318161][T12364] ? __d_lookup+0x66/0x780 [ 587.318177][T12364] ? __d_lookup+0x6df/0x780 [ 587.318200][T12364] tomoyo_path_rename+0x121/0x1b0 [ 587.318220][T12364] ? __pfx_tomoyo_path_rename+0x10/0x10 [ 587.318238][T12364] ? do_raw_spin_unlock+0xf5/0x210 [ 587.318257][T12364] ? _raw_spin_unlock+0x28/0x50 [ 587.318334][T12364] security_path_rename+0x248/0x460 [ 587.318354][T12364] filename_renameat2+0x4c1/0x9c0 [ 587.318387][T12364] ? __pfx_filename_renameat2+0x10/0x10 [ 587.318421][T12364] ? strncpy_from_user+0x150/0x2b0 [ 587.318446][T12364] ? do_getname+0x151/0x250 [ 587.318470][T12364] __se_sys_renameat2+0x5a/0x2c0 [ 587.318495][T12364] __do_fast_syscall_32+0x20d/0x640 [ 587.318516][T12364] ? do_fast_syscall_32+0x33/0x70 [ 587.318534][T12364] ? asm_int80_emulation+0x1a/0x20 [ 587.318549][T12364] ? do_int80_emulation+0x274/0x4d0 [ 587.318567][T12364] ? trace_irq_disable+0x3b/0x150 [ 587.318594][T12364] do_fast_syscall_32+0x33/0x70 [ 587.318613][T12364] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 587.318633][T12364] RIP: 0023:0xf6feef6c [ 587.318648][T12364] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 587.318661][T12364] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000161 [ 587.318678][T12364] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 587.318689][T12364] RDX: 0000000000000004 RSI: 00000000800002c0 RDI: 0000000000000002 [ 587.318699][T12364] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 587.318708][T12364] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 587.318717][T12364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 587.318740][T12364] [ 587.318885][T12364] ERROR: Out of memory at tomoyo_realpath_from_path. [ 587.785075][T12370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1936'. [ 588.122896][T12380] input: syz1 as /devices/virtual/input/input26 [ 588.137263][ T30] kauditd_printk_skb: 85 callbacks suppressed [ 588.137296][ T30] audit: type=1326 audit(1774475499.627:16387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.207942][ T30] audit: type=1326 audit(1774475499.627:16388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.239194][ T30] audit: type=1326 audit(1774475499.647:16389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.379936][ T30] audit: type=1326 audit(1774475499.667:16390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.402403][ T9] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 588.412370][T12394] FAULT_INJECTION: forcing a failure. [ 588.412370][T12394] name failslab, interval 1, probability 0, space 0, times 0 [ 588.468509][ T30] audit: type=1326 audit(1774475499.677:16391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.491405][ T30] audit: type=1326 audit(1774475499.677:16392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 588.518339][T12394] CPU: 0 UID: 0 PID: 12394 Comm: syz.3.1943 Tainted: G L syzkaller #0 PREEMPT(full) [ 588.518375][T12394] Tainted: [L]=SOFTLOCKUP [ 588.518384][T12394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 588.518397][T12394] Call Trace: [ 588.518407][T12394] [ 588.518417][T12394] dump_stack_lvl+0xe8/0x150 [ 588.518457][T12394] should_fail_ex+0x412/0x560 [ 588.518495][T12394] should_failslab+0xa8/0x100 [ 588.518525][T12394] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 588.518551][T12394] ? __alloc_skb+0x1d0/0x7d0 [ 588.518572][T12394] ? __local_bh_enable_ip+0xd0/0x130 [ 588.518606][T12394] __alloc_skb+0x1d0/0x7d0 [ 588.518628][T12394] ? netlink_ack_tlv_len+0x6c/0x210 [ 588.518665][T12394] netlink_ack+0x146/0xa50 [ 588.518694][T12394] ? __pfx_genl_rcv_msg+0x10/0x10 [ 588.518720][T12394] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 588.518748][T12394] ? __pfx_nl80211_post_doit+0x10/0x10 [ 588.518781][T12394] ? __lock_acquire+0x6b5/0x2cf0 [ 588.518822][T12394] netlink_rcv_skb+0x2b6/0x4b0 [ 588.518856][T12394] ? __pfx_genl_rcv_msg+0x10/0x10 [ 588.518883][T12394] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 588.518933][T12394] ? down_read+0x272/0x2e0 [ 588.518960][T12394] ? genl_rcv+0xd/0x40 [ 588.518987][T12394] genl_rcv+0x28/0x40 [ 588.519010][T12394] netlink_unicast+0x80f/0x9b0 [ 588.519049][T12394] ? __pfx_netlink_unicast+0x10/0x10 [ 588.519081][T12394] ? netlink_sendmsg+0x650/0xb40 [ 588.519100][T12394] ? skb_put+0x11b/0x210 [ 588.519126][T12394] netlink_sendmsg+0x813/0xb40 [ 588.519158][T12394] ? __pfx_netlink_sendmsg+0x10/0x10 [ 588.519182][T12394] ? aa_sock_msg_perm+0xf1/0x1b0 [ 588.519218][T12394] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 588.519247][T12394] ____sys_sendmsg+0x972/0x9f0 [ 588.519284][T12394] ? __pfx_____sys_sendmsg+0x10/0x10 [ 588.519314][T12394] ? kstrtoull+0x12f/0x1d0 [ 588.519353][T12394] ___sys_sendmsg+0x2a5/0x360 [ 588.519385][T12394] ? __pfx____sys_sendmsg+0x10/0x10 [ 588.519413][T12394] ? get_pid_task+0x20/0x1f0 [ 588.519433][T12394] ? get_pid_task+0x20/0x1f0 [ 588.519452][T12394] ? get_pid_task+0x20/0x1f0 [ 588.519501][T12394] ? __fget_files+0x2a/0x420 [ 588.519532][T12394] ? __fget_files+0x3a0/0x420 [ 588.519575][T12394] __sys_sendmsg+0x183/0x260 [ 588.519603][T12394] ? __pfx___sys_sendmsg+0x10/0x10 [ 588.519653][T12394] __do_fast_syscall_32+0x20d/0x640 [ 588.519682][T12394] ? do_fast_syscall_32+0x33/0x70 [ 588.519707][T12394] ? asm_int80_emulation+0x1a/0x20 [ 588.519728][T12394] ? do_int80_emulation+0x274/0x4d0 [ 588.519753][T12394] ? trace_irq_disable+0x3b/0x150 [ 588.519798][T12394] do_fast_syscall_32+0x33/0x70 [ 588.519827][T12394] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 588.519854][T12394] RIP: 0023:0xf703ef6c [ 588.519875][T12394] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 588.519896][T12394] RSP: 002b:00000000f542d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 588.519919][T12394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340 [ 588.519933][T12394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 588.519946][T12394] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 588.519958][T12394] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 588.519971][T12394] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 588.520002][T12394] [ 589.359865][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 589.504470][ T9] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 589.548188][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.580593][ T9] usb 3-1: Product: syz [ 589.664527][ T9] usb 3-1: Manufacturer: syz [ 589.693375][ T9] usb 3-1: SerialNumber: syz [ 589.719090][T12397] netlink: 'syz.3.1944': attribute type 21 has an invalid length. [ 589.727791][ T9] usb 3-1: config 0 descriptor?? [ 589.755693][ T9] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 589.780251][T12397] IPv6: NLM_F_CREATE should be specified when creating new route [ 589.827841][T12397] netlink: 'syz.3.1944': attribute type 1 has an invalid length. [ 590.231223][ T30] audit: type=1326 audit(1774475501.727:16393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 590.295392][ T30] audit: type=1326 audit(1774475501.727:16394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12383 comm="syz.0.1942" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 591.113413][T12410] veth0_virt_wifi: Caught tx_queue_len zero misconfig [ 591.162839][T12410] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 591.317522][T12415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1950'. [ 591.391375][T12417] FAULT_INJECTION: forcing a failure. [ 591.391375][T12417] name failslab, interval 1, probability 0, space 0, times 0 [ 591.420112][T12417] CPU: 1 UID: 0 PID: 12417 Comm: syz.3.1951 Tainted: G L syzkaller #0 PREEMPT(full) [ 591.420150][T12417] Tainted: [L]=SOFTLOCKUP [ 591.420168][T12417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 591.420183][T12417] Call Trace: [ 591.420193][T12417] [ 591.420203][T12417] dump_stack_lvl+0xe8/0x150 [ 591.420242][T12417] should_fail_ex+0x412/0x560 [ 591.420281][T12417] should_failslab+0xa8/0x100 [ 591.420310][T12417] ? skb_clone+0x212/0x3a0 [ 591.420338][T12417] kmem_cache_alloc_noprof+0x87/0x650 [ 591.420362][T12417] ? __netlink_lookup+0xc6/0x8b0 [ 591.420391][T12417] skb_clone+0x212/0x3a0 [ 591.420422][T12417] __netlink_deliver_tap+0x404/0x850 [ 591.420469][T12417] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.420506][T12417] netlink_deliver_tap+0x19c/0x1b0 [ 591.420541][T12417] netlink_unicast+0x7e3/0x9b0 [ 591.420581][T12417] ? __pfx_netlink_unicast+0x10/0x10 [ 591.420611][T12417] ? __kvmalloc_node_noprof+0x393/0x8a0 [ 591.420640][T12417] ? netlink_sendmsg+0x650/0xb40 [ 591.420659][T12417] ? skb_put+0x11b/0x210 [ 591.420686][T12417] netlink_sendmsg+0x813/0xb40 [ 591.420718][T12417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.420743][T12417] ? aa_sock_msg_perm+0xf1/0x1b0 [ 591.420779][T12417] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 591.420808][T12417] ____sys_sendmsg+0x972/0x9f0 [ 591.420845][T12417] ? __pfx_____sys_sendmsg+0x10/0x10 [ 591.420876][T12417] ? kstrtoull+0x12f/0x1d0 [ 591.420916][T12417] ___sys_sendmsg+0x2a5/0x360 [ 591.420949][T12417] ? __pfx____sys_sendmsg+0x10/0x10 [ 591.420977][T12417] ? get_pid_task+0x20/0x1f0 [ 591.420998][T12417] ? get_pid_task+0x20/0x1f0 [ 591.421018][T12417] ? get_pid_task+0x20/0x1f0 [ 591.421067][T12417] ? __fget_files+0x2a/0x420 [ 591.421100][T12417] ? __fget_files+0x3a0/0x420 [ 591.421144][T12417] __sys_sendmsg+0x183/0x260 [ 591.421182][T12417] ? __pfx___sys_sendmsg+0x10/0x10 [ 591.421231][T12417] __do_fast_syscall_32+0x20d/0x640 [ 591.421262][T12417] ? do_fast_syscall_32+0x33/0x70 [ 591.421288][T12417] ? asm_int80_emulation+0x1a/0x20 [ 591.421309][T12417] ? do_int80_emulation+0x274/0x4d0 [ 591.421334][T12417] ? trace_irq_disable+0x3b/0x150 [ 591.421371][T12417] do_fast_syscall_32+0x33/0x70 [ 591.421398][T12417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 591.421425][T12417] RIP: 0023:0xf703ef6c [ 591.421445][T12417] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 591.421465][T12417] RSP: 002b:00000000f542d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 591.421489][T12417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 591.421505][T12417] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 591.421518][T12417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 591.421531][T12417] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 591.421544][T12417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 591.421576][T12417] [ 591.421774][T12417] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 592.099907][ T5929] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 592.225766][T11056] IPVS: starting estimator thread 0... [ 592.289811][ T5929] usb 5-1: Using ep0 maxpacket: 8 [ 592.300949][ T5929] usb 5-1: unable to get BOS descriptor or descriptor too short [ 592.310971][ T5929] usb 5-1: config 4 interface 0 has no altsetting 0 [ 592.326852][ T5929] usb 5-1: string descriptor 0 read error: -22 [ 592.337864][ T5929] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 592.350088][T12428] IPVS: using max 27 ests per chain, 64800 per kthread [ 592.364199][ T5929] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 592.380034][ T9] gspca_ov534_9: reg_w failed -110 [ 592.420968][ T5929] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 592.471325][ T5929] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 592.508175][ T5929] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 592.526346][ T30] audit: type=1326 audit(1774475504.017:16395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12429 comm="syz.0.1956" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 592.552919][ T5929] usb 5-1: media controller created [ 592.596018][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 592.616367][ T30] audit: type=1326 audit(1774475504.047:16396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12429 comm="syz.0.1956" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 592.638820][ T9] gspca_ov534_9: Unknown sensor 0000 [ 592.638899][ T9] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 592.946189][T11056] usb 3-1: USB disconnect, device number 100 [ 593.710478][ T5929] zl10353_read_register: readreg error (reg=127, ret==0) [ 593.815542][ T5929] usb 5-1: USB disconnect, device number 67 [ 594.611261][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 594.611279][ T30] audit: type=1326 audit(1774475506.107:16403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12429 comm="syz.0.1956" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 594.686519][T12452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1963'. [ 594.700027][ T30] audit: type=1326 audit(1774475506.107:16404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12429 comm="syz.0.1956" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 595.325709][T12471] fuse: Unknown parameter '0xffffffffffffffff' [ 595.369863][ T5929] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 595.531897][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.549995][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.570363][ T5929] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 595.590449][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.615375][ T5929] usb 5-1: config 0 descriptor?? [ 595.714946][T12484] syzkaller0: entered promiscuous mode [ 595.728629][T12484] syzkaller0: entered allmulticast mode [ 595.844708][T12462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.910413][T12462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.974501][ T5929] usbhid 5-1:0.0: can't add hid device: -71 [ 595.980594][ T5929] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 596.040044][ T5929] usb 5-1: USB disconnect, device number 68 [ 596.144660][T12491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1975'. [ 596.210688][T12493] syzkaller1: entered promiscuous mode [ 596.216239][T12493] syzkaller1: entered allmulticast mode [ 596.246864][T12493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1976'. [ 596.453275][ T5929] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 596.531351][ T30] audit: type=1326 audit(1774475508.027:16405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.563993][ T30] audit: type=1326 audit(1774475508.047:16406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.586826][ T30] audit: type=1326 audit(1774475508.057:16407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.610164][ T30] audit: type=1326 audit(1774475508.057:16408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.634137][ T30] audit: type=1326 audit(1774475508.057:16409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.657015][ T30] audit: type=1326 audit(1774475508.057:16410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 596.662568][ T5929] usb 5-1: Using ep0 maxpacket: 16 [ 596.700359][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.711516][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.725222][ T5929] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.40 [ 596.734758][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.749209][ T5929] usb 5-1: config 0 descriptor?? [ 596.829852][ T9] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 596.990214][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 596.999186][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 597.012856][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 597.022651][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 597.032702][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 597.042633][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 597.052821][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 597.062050][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.073326][ T9] usb 3-1: config 0 descriptor?? [ 597.083170][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 597.089217][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 597.112237][ T5144] Bluetooth: hci5: urb ffff888030b45a00 submission failed (90) [ 597.165834][ T5929] usbhid 5-1:0.0: can't add hid device: -71 [ 597.172334][ T5929] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 597.185284][ T5929] usb 5-1: USB disconnect, device number 69 [ 597.285373][T12505] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 597.295225][ T796] usb 3-1: USB disconnect, device number 101 [ 597.438404][T12514] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 597.455136][T12514] bond2: (slave lo): Enslaving as an active interface with an up link [ 597.466123][T12514] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 597.790401][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1987'. [ 597.962809][T12527] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 597.979102][T12527] bond1: (slave lo): Enslaving as an active interface with an up link [ 597.989427][T12527] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 598.181229][ T796] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 598.397076][T12538] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1991'. [ 598.430231][ T796] usb 5-1: device descriptor read/64, error -71 [ 598.610530][ T30] audit: type=1326 audit(1774475510.107:16411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 598.647179][ T30] audit: type=1326 audit(1774475510.107:16412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12503 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 598.690302][ T796] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 598.849874][ T796] usb 5-1: device descriptor read/64, error -71 [ 598.960230][ T796] usb usb5-port1: attempt power cycle [ 599.103326][T12552] input: syz1 as /devices/virtual/input/input27 [ 599.310025][ T796] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 599.330930][ T796] usb 5-1: device descriptor read/8, error -71 [ 599.429328][T12563] syzkaller0: entered promiscuous mode [ 599.435148][T12563] syzkaller0: entered allmulticast mode [ 599.589871][ T796] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 599.660011][ T796] usb 5-1: device descriptor read/8, error -71 [ 599.770452][ T796] usb usb5-port1: unable to enumerate USB device [ 599.916296][T12573] loop4: detected capacity change from 0 to 7 [ 600.064181][T12573] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 600.069852][T12573] loop4: partition table partially beyond EOD, truncated [ 600.079257][T12573] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 600.391484][T12579] fuse: blksize only supported for fuseblk [ 600.513966][T12580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2005'. [ 600.695439][ T30] audit: type=1326 audit(1774475512.187:16413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.754571][ T30] audit: type=1326 audit(1774475512.187:16414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.789904][ T30] audit: type=1326 audit(1774475512.217:16415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.815299][ T30] audit: type=1326 audit(1774475512.217:16416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.838805][ T30] audit: type=1326 audit(1774475512.217:16417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.863808][ T30] audit: type=1326 audit(1774475512.217:16418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.887151][ T30] audit: type=1326 audit(1774475512.217:16419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.911111][ T30] audit: type=1326 audit(1774475512.217:16420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.955383][ T30] audit: type=1326 audit(1774475512.217:16421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 600.987645][ T30] audit: type=1326 audit(1774475512.217:16422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.0.2006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf70aef6c code=0x7ffc0000 [ 601.423098][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.433418][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.443313][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.452246][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.461060][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.469437][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.482812][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.492806][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.502846][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.511671][T12602] netlink: 'syz.3.2012': attribute type 21 has an invalid length. [ 601.621307][T12606] xt_TCPMSS: Only works on TCP SYN packets [ 601.731444][T12613] syz.0.2016 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 601.742824][T12613] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 601.797235][T12614] syzkaller0: entered promiscuous mode [ 601.815447][T12614] syzkaller0: entered allmulticast mode [ 601.853609][T12619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2017'. [ 601.876123][T12621] lo: Caught tx_queue_len zero misconfig [ 602.226873][T12628] tap0: tun_chr_ioctl cmd 1074025677 [ 602.244485][T12628] tap0: linktype set to 0 [ 602.609882][ T796] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 602.659874][ T5929] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 602.771659][ T796] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 602.779971][ T796] usb 3-1: config 0 has no interface number 0 [ 602.788834][ T796] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 602.790057][ T5929] usb 4-1: device descriptor read/64, error -71 [ 602.799499][ T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.812908][ T796] usb 3-1: Product: syz [ 602.817200][ T796] usb 3-1: Manufacturer: syz [ 602.822878][ T796] usb 3-1: SerialNumber: syz [ 602.830986][ T796] usb 3-1: config 0 descriptor?? [ 603.045963][ T796] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 603.057168][ T796] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 603.059971][ T5929] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 603.069520][ T796] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 603.085300][ T796] usb 3-1: media controller created [ 603.100258][ T796] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 603.209849][ T5929] usb 4-1: device descriptor read/64, error -71 [ 603.330434][ T5929] usb usb4-port1: attempt power cycle [ 603.669897][ T5929] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 603.691680][ T5929] usb 4-1: device descriptor read/8, error -71 [ 603.949981][ T5929] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 604.000450][ T5929] usb 4-1: device descriptor read/8, error -71 [ 604.110677][ T5929] usb usb4-port1: unable to enumerate USB device [ 604.190363][ T796] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 604.286589][ T796] usb 3-1: USB disconnect, device number 102 [ 604.529836][ T5929] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 604.759854][ T5929] usb 2-1: Using ep0 maxpacket: 8 [ 604.766958][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.781214][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 58205, setting to 1024 [ 604.800147][ T5929] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 604.829861][ T5929] usb 2-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 604.838964][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.911407][ T5929] usb 2-1: config 0 descriptor?? [ 605.345838][ T5929] hid_parser_main: 28 callbacks suppressed [ 605.345857][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.374647][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.388098][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.406640][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.436469][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.455009][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.482918][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.506359][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.541003][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.559260][ T5929] dragonrise 0003:0079:0006.0028: unknown main item tag 0x0 [ 605.605320][ T5929] dragonrise 0003:0079:0006.0028: hidraw0: USB HID v0.0b Device [HID 0079:0006] on usb-dummy_hcd.1-1/input0 [ 605.653695][ T5929] dragonrise 0003:0079:0006.0028: no inputs found [ 605.671762][ T5929] dragonrise 0003:0079:0006.0028: force feedback init failed [ 605.693233][T12658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2031'. [ 605.931546][T12664] syzkaller0: entered promiscuous mode [ 605.939841][T12664] syzkaller0: entered allmulticast mode [ 606.021517][T12668] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2033'. [ 606.110182][T11056] usb 2-1: USB disconnect, device number 82 [ 606.307497][ T30] kauditd_printk_skb: 371 callbacks suppressed [ 606.307518][ T30] audit: type=1326 audit(1774475517.797:16794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.416638][ T30] audit: type=1326 audit(1774475517.797:16795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.498456][ T30] audit: type=1326 audit(1774475517.797:16796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.541065][ T30] audit: type=1326 audit(1774475517.817:16797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.563777][ T30] audit: type=1326 audit(1774475517.817:16798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.593435][T12682] veth0_to_hsr: entered allmulticast mode [ 606.600152][T12682] A link change request failed with some changes committed already. Interface veth0_to_hsr may have been left with an inconsistent configuration, please check. [ 606.622830][ T30] audit: type=1326 audit(1774475517.817:16799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.1.2036" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 606.733918][ T30] audit: type=1326 audit(1774475518.227:16800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.2.2040" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 606.778701][ T30] audit: type=1326 audit(1774475518.227:16801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.2.2040" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 606.801636][ T30] audit: type=1326 audit(1774475518.257:16802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.2.2040" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 606.825759][ T30] audit: type=1326 audit(1774475518.257:16803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.2.2040" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 607.273952][T12695] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2043'. [ 607.301996][T12697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2044'. [ 607.364619][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2044'. [ 607.540501][T12704] xt_TCPMSS: Only works on TCP SYN packets [ 608.667640][T12728] program syz.2.2052 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 608.709124][ T5929] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 608.832869][T12733] bond0: Device is already in use. [ 608.869822][ T5929] usb 4-1: Using ep0 maxpacket: 32 [ 608.892825][ T5929] usb 4-1: config 0 has an invalid interface number: 162 but max is 1 [ 608.919793][ T5929] usb 4-1: config 0 has an invalid interface number: 120 but max is 1 [ 608.937342][ T5929] usb 4-1: config 0 has no interface number 0 [ 608.953882][ T5929] usb 4-1: config 0 has no interface number 1 [ 608.969770][ T5929] usb 4-1: config 0 interface 120 has no altsetting 0 [ 608.989363][ T5929] usb 4-1: New USB device found, idVendor=1199, idProduct=9055, bcdDevice=25.32 [ 609.019094][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.037067][ T5929] usb 4-1: Product: syz [ 609.042398][ T5929] usb 4-1: Manufacturer: syz [ 609.047045][ T5929] usb 4-1: SerialNumber: syz [ 609.076793][ T5929] usb 4-1: config 0 descriptor?? [ 609.081960][T12737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2055'. [ 609.299898][T12749] loop4: detected capacity change from 0 to 7 [ 609.338944][ T5929] usb 4-1: USB disconnect, device number 68 [ 609.413970][T12749] loop4: [CUMANA/ADFS] p1 [ADFS] p1 [ 609.432202][T12749] loop4: partition table partially beyond EOD, truncated [ 609.551368][T12751] syzkaller0: entered promiscuous mode [ 609.556869][T12751] syzkaller0: entered allmulticast mode [ 609.564060][T12749] loop4: p1 size 2989602745 extends beyond EOD, truncated [ 609.844398][T12753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2060'. [ 609.967001][T12757] FAULT_INJECTION: forcing a failure. [ 609.967001][T12757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.317870][T12757] CPU: 0 UID: 0 PID: 12757 Comm: syz.3.2061 Tainted: G L syzkaller #0 PREEMPT(full) [ 610.317907][T12757] Tainted: [L]=SOFTLOCKUP [ 610.317915][T12757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 610.317930][T12757] Call Trace: [ 610.317940][T12757] [ 610.317949][T12757] dump_stack_lvl+0xe8/0x150 [ 610.317987][T12757] should_fail_ex+0x412/0x560 [ 610.318023][T12757] _copy_to_user+0x31/0xb0 [ 610.318049][T12757] simple_read_from_buffer+0xe1/0x170 [ 610.318087][T12757] proc_fail_nth_read+0x1bb/0x230 [ 610.318124][T12757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.318169][T12757] ? rw_verify_area+0x2a6/0x4d0 [ 610.318192][T12757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.318226][T12757] vfs_read+0x20c/0xa70 [ 610.318247][T12757] ? fdget_pos+0x246/0x320 [ 610.318272][T12757] ? __pfx___mutex_lock+0x10/0x10 [ 610.318301][T12757] ? __pfx_vfs_read+0x10/0x10 [ 610.318326][T12757] ? __fget_files+0x2a/0x420 [ 610.318362][T12757] ? __fget_files+0x3a0/0x420 [ 610.318396][T12757] ? __fget_files+0x2a/0x420 [ 610.318438][T12757] ksys_read+0x150/0x270 [ 610.318464][T12757] ? __pfx_ksys_read+0x10/0x10 [ 610.318494][T12757] ? asm_int80_emulation+0x1a/0x20 [ 610.318521][T12757] do_int80_emulation+0x173/0x4d0 [ 610.318548][T12757] ? trace_irq_disable+0x3b/0x150 [ 610.318582][T12757] ? asm_int80_emulation+0x1a/0x20 [ 610.318603][T12757] ? clear_bhb_loop+0x40/0x90 [ 610.318625][T12757] ? clear_bhb_loop+0x40/0x90 [ 610.318653][T12757] asm_int80_emulation+0x1a/0x20 [ 610.318675][T12757] RIP: 0023:0xf7175cab [ 610.318695][T12757] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 610.318715][T12757] RSP: 002b:00000000f542d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 610.318739][T12757] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542d5d0 [ 610.318755][T12757] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 610.318768][T12757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 610.318781][T12757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 610.318794][T12757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 610.318826][T12757] [ 611.462205][ T30] kauditd_printk_skb: 64 callbacks suppressed [ 611.462227][ T30] audit: type=1326 audit(1774475522.957:16868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12767 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 611.554100][ T30] audit: type=1326 audit(1774475522.957:16869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12767 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 611.631217][ T796] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 611.669459][ T30] audit: type=1326 audit(1774475522.957:16870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12767 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 611.749211][ T30] audit: type=1326 audit(1774475522.957:16871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12767 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 611.814176][ T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.849817][ T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.920116][ T30] audit: type=1326 audit(1774475522.957:16872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12767 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 611.948098][ T796] usb 4-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.ba [ 611.965795][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2069'. [ 611.985128][ T796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.012213][ T30] audit: type=1326 audit(1774475523.277:16873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.1.2067" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 612.041397][ T796] usb 4-1: config 0 descriptor?? [ 612.069866][ T30] audit: type=1326 audit(1774475523.287:16874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.1.2067" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 612.119853][ T30] audit: type=1326 audit(1774475523.287:16875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.1.2067" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 612.169801][ T30] audit: type=1326 audit(1774475523.287:16876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.1.2067" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 612.194146][T12778] fuse: Bad value for 'fd' [ 612.219887][ T30] audit: type=1326 audit(1774475523.287:16877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.1.2067" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 612.363697][T12781] syzkaller1: entered promiscuous mode [ 612.369233][T12781] syzkaller1: entered allmulticast mode [ 612.396282][T12781] FAULT_INJECTION: forcing a failure. [ 612.396282][T12781] name failslab, interval 1, probability 0, space 0, times 0 [ 612.409062][T12781] CPU: 0 UID: 0 PID: 12781 Comm: syz.4.2063 Tainted: G L syzkaller #0 PREEMPT(full) [ 612.409096][T12781] Tainted: [L]=SOFTLOCKUP [ 612.409105][T12781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 612.409118][T12781] Call Trace: [ 612.409127][T12781] [ 612.409136][T12781] dump_stack_lvl+0xe8/0x150 [ 612.409173][T12781] should_fail_ex+0x412/0x560 [ 612.409210][T12781] should_failslab+0xa8/0x100 [ 612.409239][T12781] ? dst_alloc+0x105/0x170 [ 612.409267][T12781] kmem_cache_alloc_noprof+0x87/0x650 [ 612.409298][T12781] dst_alloc+0x105/0x170 [ 612.409331][T12781] ip_route_input_rcu+0x23e5/0x3130 [ 612.409370][T12781] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 612.409408][T12781] ? ipt_do_table+0x2b2/0x1630 [ 612.409444][T12781] ? lock_acquire+0xf0/0x2e0 [ 612.409481][T12781] ? ip_route_input_noref+0xad/0x270 [ 612.409507][T12781] ip_route_input_noref+0x17c/0x270 [ 612.409536][T12781] ? __pfx_ip_route_input_noref+0x10/0x10 [ 612.409565][T12781] ? ipt_do_table+0x2b2/0x1630 [ 612.409596][T12781] ? __pfx_ipt_do_table+0x10/0x10 [ 612.409628][T12781] ip_rcv_finish_core+0x5af/0x1c00 [ 612.409671][T12781] ip_rcv_finish+0x14c/0x2a0 [ 612.409709][T12781] NF_HOOK+0x336/0x3c0 [ 612.409742][T12781] ? __pfx_ip_rcv_finish+0x10/0x10 [ 612.409772][T12781] ? NF_HOOK+0x9e/0x3c0 [ 612.409800][T12781] ? __pfx_NF_HOOK+0x10/0x10 [ 612.409833][T12781] ? __pfx_ip_rcv_finish+0x10/0x10 [ 612.409870][T12781] ? netif_receive_skb+0x102/0xc50 [ 612.409900][T12781] ? __pfx_ip_rcv+0x10/0x10 [ 612.409929][T12781] netif_receive_skb+0x45b/0xc50 [ 612.409968][T12781] ? __pfx_netif_receive_skb+0x10/0x10 [ 612.409996][T12781] ? __lock_acquire+0x6b5/0x2cf0 [ 612.410040][T12781] ? tun_rx_batched+0x185/0x790 [ 612.410067][T12781] tun_rx_batched+0x1de/0x790 [ 612.410098][T12781] ? __pfx_tun_rx_batched+0x10/0x10 [ 612.410134][T12781] ? tun_get_user+0x2354/0x3dd0 [ 612.410158][T12781] ? __local_bh_enable_ip+0xd0/0x130 [ 612.410192][T12781] ? tun_get_user+0x2669/0x3dd0 [ 612.410213][T12781] tun_get_user+0x2a78/0x3dd0 [ 612.410250][T12781] ? aa_file_perm+0x192/0x15e0 [ 612.410277][T12781] ? aa_file_perm+0x50e/0x15e0 [ 612.410298][T12781] ? __pfx_tun_get_user+0x10/0x10 [ 612.410319][T12781] ? aa_file_perm+0x192/0x15e0 [ 612.410347][T12781] ? __lock_acquire+0x6b5/0x2cf0 [ 612.410386][T12781] ? ref_tracker_alloc+0x35c/0x4c0 [ 612.410420][T12781] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 612.410458][T12781] ? tun_get+0x1c/0x2f0 [ 612.410485][T12781] ? tun_get+0x1c/0x2f0 [ 612.410506][T12781] ? tun_get+0x1c/0x2f0 [ 612.410535][T12781] tun_chr_write_iter+0x113/0x200 [ 612.410560][T12781] vfs_write+0x61d/0xb90 [ 612.410593][T12781] ? __pfx_vfs_write+0x10/0x10 [ 612.410625][T12781] ? __fget_files+0x2a/0x420 [ 612.410669][T12781] ksys_write+0x150/0x270 [ 612.410696][T12781] ? __pfx_ksys_write+0x10/0x10 [ 612.410730][T12781] __do_fast_syscall_32+0x20d/0x640 [ 612.410759][T12781] ? do_fast_syscall_32+0x33/0x70 [ 612.410783][T12781] ? asm_int80_emulation+0x1a/0x20 [ 612.410806][T12781] ? do_int80_emulation+0x274/0x4d0 [ 612.410831][T12781] ? trace_irq_disable+0x3b/0x150 [ 612.410868][T12781] do_fast_syscall_32+0x33/0x70 [ 612.410896][T12781] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 612.410923][T12781] RIP: 0023:0xf7f96f6c [ 612.410944][T12781] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 612.410966][T12781] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 612.410991][T12781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000ec0 [ 612.411006][T12781] RDX: 000000000000002a RSI: 0000000000000000 RDI: 0000000000000000 [ 612.411028][T12781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 612.411041][T12781] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 612.411054][T12781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 612.411087][T12781] [ 612.812451][ T796] hid_parser_main: 28 callbacks suppressed [ 612.812469][ T796] stadia 0003:18D1:9400.0029: unknown main item tag 0x7 [ 612.840129][ T796] stadia 0003:18D1:9400.0029: item fetching failed at offset 1/5 [ 612.849246][ T796] stadia 0003:18D1:9400.0029: parse failed [ 612.856456][ T796] stadia 0003:18D1:9400.0029: probe with driver stadia failed with error -22 [ 612.929795][ T980] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 613.015837][ T796] usb 4-1: USB disconnect, device number 69 [ 613.082840][T12789] syzkaller0: entered promiscuous mode [ 613.087691][ T980] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 613.097606][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.100590][T12789] syzkaller0: entered allmulticast mode [ 613.106263][ T980] usb 2-1: Product: syz [ 613.115434][ T980] usb 2-1: Manufacturer: syz [ 613.120211][ T980] usb 2-1: SerialNumber: syz [ 613.130069][ T980] usb 2-1: config 0 descriptor?? [ 613.139459][ T980] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 614.403421][T12812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2080'. [ 614.685916][T12821] FAULT_INJECTION: forcing a failure. [ 614.685916][T12821] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.700246][T12821] CPU: 1 UID: 0 PID: 12821 Comm: syz.4.2084 Tainted: G L syzkaller #0 PREEMPT(full) [ 614.700280][T12821] Tainted: [L]=SOFTLOCKUP [ 614.700290][T12821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 614.700303][T12821] Call Trace: [ 614.700312][T12821] [ 614.700322][T12821] dump_stack_lvl+0xe8/0x150 [ 614.700358][T12821] should_fail_ex+0x412/0x560 [ 614.700396][T12821] _copy_from_iter+0x1d3/0x1670 [ 614.700444][T12821] ? rcu_is_watching+0x15/0xb0 [ 614.700481][T12821] ? __pfx__copy_from_iter+0x10/0x10 [ 614.700524][T12821] ? netlink_sendmsg+0x650/0xb40 [ 614.700545][T12821] ? skb_put+0x11b/0x210 [ 614.700571][T12821] netlink_sendmsg+0x6c0/0xb40 [ 614.700600][T12821] ? __pfx_netlink_sendmsg+0x10/0x10 [ 614.700624][T12821] ? aa_sock_msg_perm+0xf1/0x1b0 [ 614.700659][T12821] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 614.700687][T12821] ____sys_sendmsg+0x972/0x9f0 [ 614.700720][T12821] ? __pfx_____sys_sendmsg+0x10/0x10 [ 614.700749][T12821] ? kstrtoull+0x12f/0x1d0 [ 614.700788][T12821] ___sys_sendmsg+0x2a5/0x360 [ 614.700820][T12821] ? __pfx____sys_sendmsg+0x10/0x10 [ 614.700848][T12821] ? get_pid_task+0x20/0x1f0 [ 614.700868][T12821] ? get_pid_task+0x20/0x1f0 [ 614.700887][T12821] ? get_pid_task+0x20/0x1f0 [ 614.700935][T12821] ? __fget_files+0x2a/0x420 [ 614.700968][T12821] ? __fget_files+0x3a0/0x420 [ 614.701011][T12821] __sys_sendmsg+0x183/0x260 [ 614.701040][T12821] ? __pfx___sys_sendmsg+0x10/0x10 [ 614.701088][T12821] __do_fast_syscall_32+0x20d/0x640 [ 614.701118][T12821] ? do_fast_syscall_32+0x33/0x70 [ 614.701143][T12821] ? asm_int80_emulation+0x1a/0x20 [ 614.701165][T12821] ? do_int80_emulation+0x274/0x4d0 [ 614.701190][T12821] ? trace_irq_disable+0x3b/0x150 [ 614.701227][T12821] do_fast_syscall_32+0x33/0x70 [ 614.701255][T12821] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 614.701283][T12821] RIP: 0023:0xf7f96f6c [ 614.701302][T12821] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 614.701323][T12821] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 614.701347][T12821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240 [ 614.701363][T12821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 614.701377][T12821] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 614.701390][T12821] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 614.701403][T12821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 614.701441][T12821] [ 615.029838][T11056] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 615.106796][T12826] syzkaller0: entered promiscuous mode [ 615.112620][T12826] syzkaller0: entered allmulticast mode [ 615.190011][T11056] usb 3-1: Using ep0 maxpacket: 8 [ 615.205249][T11056] usb 3-1: config 0 has an invalid interface number: 49 but max is 0 [ 615.213699][T11056] usb 3-1: config 0 has no interface number 0 [ 615.220470][T11056] usb 3-1: too many endpoints for config 0 interface 49 altsetting 56: 52, using maximum allowed: 30 [ 615.231457][T11056] usb 3-1: config 0 interface 49 altsetting 56 has 0 endpoint descriptors, different from the interface descriptor's value: 52 [ 615.245436][T11056] usb 3-1: config 0 interface 49 has no altsetting 0 [ 615.256126][T11056] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 615.277520][T11056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.286000][T11056] usb 3-1: Product: syz [ 615.295887][T11056] usb 3-1: Manufacturer: syz [ 615.301222][T11056] usb 3-1: SerialNumber: syz [ 615.309390][T11056] usb 3-1: config 0 descriptor?? [ 615.480251][ T5929] usb 2-1: USB disconnect, device number 83 [ 615.533013][T11056] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 615.585688][T12839] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2088'. [ 615.941557][T11056] gspca_sonixj: reg_r err -32 [ 615.950120][T11056] sonixj 3-1:0.49: probe with driver sonixj failed with error -32 [ 616.027842][T11056] usb 3-1: USB disconnect, device number 103 [ 616.489822][ T5929] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 616.700933][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 616.708366][ T5929] usb 4-1: unable to get BOS descriptor or descriptor too short [ 616.719206][ T5929] usb 4-1: config 4 interface 0 has no altsetting 0 [ 616.740848][ T5929] usb 4-1: string descriptor 0 read error: -22 [ 616.747186][ T5929] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 616.782620][ T5929] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 616.821889][ T5929] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 616.857775][ T5929] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 616.899607][ T5929] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 616.924702][ T5929] usb 4-1: media controller created [ 616.957598][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 617.163677][T12866] syzkaller0: entered promiscuous mode [ 617.169457][T12866] syzkaller0: entered allmulticast mode [ 617.515680][T12872] FAULT_INJECTION: forcing a failure. [ 617.515680][T12872] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.532142][T12872] CPU: 1 UID: 0 PID: 12872 Comm: syz.2.2100 Tainted: G L syzkaller #0 PREEMPT(full) [ 617.532178][T12872] Tainted: [L]=SOFTLOCKUP [ 617.532187][T12872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 617.532201][T12872] Call Trace: [ 617.532210][T12872] [ 617.532220][T12872] dump_stack_lvl+0xe8/0x150 [ 617.532258][T12872] should_fail_ex+0x412/0x560 [ 617.532296][T12872] _copy_from_iter+0x1d3/0x1670 [ 617.532342][T12872] ? __pfx__copy_from_iter+0x10/0x10 [ 617.532375][T12872] ? sock_alloc_send_pskb+0x896/0x990 [ 617.532410][T12872] ? __pfx__copy_from_iter+0x10/0x10 [ 617.532447][T12872] ? page_copy_sane+0x16a/0x270 [ 617.532483][T12872] copy_page_from_iter+0xdd/0x170 [ 617.532510][T12872] skb_copy_datagram_from_iter+0x306/0x710 [ 617.532552][T12872] tun_get_user+0xc38/0x3dd0 [ 617.532588][T12872] ? aa_file_perm+0x192/0x15e0 [ 617.532614][T12872] ? aa_file_perm+0x50e/0x15e0 [ 617.532635][T12872] ? __pfx_tun_get_user+0x10/0x10 [ 617.532656][T12872] ? aa_file_perm+0x192/0x15e0 [ 617.532683][T12872] ? __lock_acquire+0x6b5/0x2cf0 [ 617.532722][T12872] ? ref_tracker_alloc+0x35c/0x4c0 [ 617.532758][T12872] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 617.532798][T12872] ? tun_get+0x1c/0x2f0 [ 617.532826][T12872] ? tun_get+0x1c/0x2f0 [ 617.532848][T12872] ? tun_get+0x1c/0x2f0 [ 617.532874][T12872] tun_chr_write_iter+0x113/0x200 [ 617.532900][T12872] vfs_write+0x61d/0xb90 [ 617.532934][T12872] ? __pfx_vfs_write+0x10/0x10 [ 617.532969][T12872] ? __fget_files+0x2a/0x420 [ 617.533011][T12872] ksys_write+0x150/0x270 [ 617.533038][T12872] ? __pfx_ksys_write+0x10/0x10 [ 617.533079][T12872] __do_fast_syscall_32+0x20d/0x640 [ 617.533110][T12872] ? do_fast_syscall_32+0x33/0x70 [ 617.533135][T12872] ? asm_int80_emulation+0x1a/0x20 [ 617.533156][T12872] ? do_int80_emulation+0x274/0x4d0 [ 617.533192][T12872] do_fast_syscall_32+0x33/0x70 [ 617.533220][T12872] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 617.533247][T12872] RIP: 0023:0xf701ef6c [ 617.533267][T12872] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 617.533288][T12872] RSP: 002b:00000000f540d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 617.533311][T12872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 617.533322][T12872] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000 [ 617.533331][T12872] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 617.533340][T12872] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 617.533349][T12872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 617.533370][T12872] [ 617.578286][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 617.578337][ T30] audit: type=1326 audit(1774475529.037:16912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12833 comm="syz.4.2087" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96f6c code=0x7ffc0000 [ 617.835933][ T30] audit: type=1326 audit(1774475529.137:16913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12833 comm="syz.4.2087" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96f6c code=0x7ffc0000 [ 617.942608][ T30] audit: type=1326 audit(1774475529.437:16914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12873 comm="syz.2.2101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 617.965379][ T30] audit: type=1326 audit(1774475529.457:16915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12873 comm="syz.2.2101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 617.990475][ T30] audit: type=1326 audit(1774475529.487:16916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12873 comm="syz.2.2101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=290 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 618.031356][ T30] audit: type=1326 audit(1774475529.487:16917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12873 comm="syz.2.2101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 618.078623][ T30] audit: type=1326 audit(1774475529.487:16918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12873 comm="syz.2.2101" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 618.119443][T12876] input: syz0 as /devices/virtual/input/input28 [ 618.181717][ T5929] usb 4-1: USB disconnect, device number 70 [ 618.439843][ T796] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 618.529966][T11056] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 618.589918][ T796] usb 3-1: Using ep0 maxpacket: 32 [ 618.597901][ T796] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 618.611038][ T796] usb 3-1: config 0 has no interface number 0 [ 618.622019][ T796] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 618.637553][ T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.649772][ T796] usb 3-1: Product: syz [ 618.654009][ T796] usb 3-1: Manufacturer: syz [ 618.677283][ T796] usb 3-1: SerialNumber: syz [ 618.684521][ T796] usb 3-1: config 0 descriptor?? [ 618.694145][ T796] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 618.703065][T11056] usb 5-1: Using ep0 maxpacket: 16 [ 618.713923][T11056] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 618.733498][T11056] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.793038][T11056] usb 5-1: Product: syz [ 618.803134][T11056] usb 5-1: Manufacturer: syz [ 618.812762][T11056] usb 5-1: SerialNumber: syz [ 618.825569][T11056] usb 5-1: config 0 descriptor?? [ 618.900741][ T796] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 618.929619][ T796] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 619.246058][T11056] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 619.274707][T11056] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 619.288281][T11056] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 619.431051][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 619.450713][ T796] usb 3-1: USB disconnect, device number 104 [ 619.465903][ T796] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 619.489826][T11056] usb 5-1: media controller created [ 619.513600][ T796] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 619.576346][T11056] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 619.585929][ T796] quatech2 3-1:0.51: device disconnected [ 619.817396][T12900] FAULT_INJECTION: forcing a failure. [ 619.817396][T12900] name failslab, interval 1, probability 0, space 0, times 0 [ 619.882976][T12900] CPU: 0 UID: 0 PID: 12900 Comm: syz.0.2110 Tainted: G L syzkaller #0 PREEMPT(full) [ 619.883013][T12900] Tainted: [L]=SOFTLOCKUP [ 619.883020][T12900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 619.883032][T12900] Call Trace: [ 619.883042][T12900] [ 619.883051][T12900] dump_stack_lvl+0xe8/0x150 [ 619.883090][T12900] should_fail_ex+0x412/0x560 [ 619.883126][T12900] should_failslab+0xa8/0x100 [ 619.883157][T12900] __kmalloc_node_noprof+0xf0/0x7c0 [ 619.883183][T12900] ? alloc_slab_obj_exts+0xbf/0x240 [ 619.883209][T12900] alloc_slab_obj_exts+0xbf/0x240 [ 619.883230][T12900] __memcg_slab_post_alloc_hook+0x53c/0xa80 [ 619.883260][T12900] ? ep_insert+0x283/0x1a40 [ 619.883290][T12900] kmem_cache_alloc_noprof+0x347/0x650 [ 619.883310][T12900] ? ep_insert+0x283/0x1a40 [ 619.883340][T12900] ? kmem_cache_alloc_noprof+0x15a/0x650 [ 619.883367][T12900] ep_insert+0x283/0x1a40 [ 619.883400][T12900] ? __lock_acquire+0x6b5/0x2cf0 [ 619.883430][T12900] ? do_epoll_ctl+0x3c9/0xe80 [ 619.883471][T12900] ? __pfx_ep_insert+0x10/0x10 [ 619.883503][T12900] ? __pfx___mutex_lock+0x10/0x10 [ 619.883530][T12900] ? __fget_files+0x2a/0x420 [ 619.883564][T12900] ? __fget_files+0x2a/0x420 [ 619.883595][T12900] ? __fget_files+0x3a0/0x420 [ 619.883625][T12900] ? __fget_files+0x2a/0x420 [ 619.883667][T12900] do_epoll_ctl+0x7f4/0xe80 [ 619.883709][T12900] __ia32_sys_epoll_ctl+0x165/0x1b0 [ 619.883734][T12900] ? __pfx___ia32_sys_epoll_ctl+0x10/0x10 [ 619.883761][T12900] __do_fast_syscall_32+0x20d/0x640 [ 619.883786][T12900] ? do_fast_syscall_32+0x33/0x70 [ 619.883807][T12900] ? asm_int80_emulation+0x1a/0x20 [ 619.883824][T12900] ? do_int80_emulation+0x274/0x4d0 [ 619.883857][T12900] do_fast_syscall_32+0x33/0x70 [ 619.883880][T12900] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 619.883902][T12900] RIP: 0023:0xf70aef6c [ 619.883919][T12900] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 619.883936][T12900] RSP: 002b:00000000f53b350c EFLAGS: 00000206 ORIG_RAX: 00000000000000ff [ 619.883958][T12900] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000001 [ 619.883973][T12900] RDX: 0000000000000007 RSI: 0000000080000080 RDI: 0000000000000000 [ 619.883987][T12900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 619.883998][T12900] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 619.884009][T12900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 619.884034][T12900] [ 620.211852][T11056] zl10353_read_register: readreg error (reg=127, ret==0) [ 620.226929][T11056] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 620.259747][T11056] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 620.586737][ T30] audit: type=1326 audit(1774475532.037:16919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12906 comm="syz.2.2113" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 620.697061][ T30] audit: type=1326 audit(1774475532.037:16920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12906 comm="syz.2.2113" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 620.721712][ T30] audit: type=1326 audit(1774475532.037:16921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12906 comm="syz.2.2113" exe="/root/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 620.830218][T12915] ------------[ cut here ]------------ [ 620.836374][T12915] usb 5-1: BOGUS control dir, pipe 80004a80 doesn't match bRequestType c0 [ 620.845543][T12915] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.1.2115/12915 [ 620.856518][T12915] Modules linked in: [ 620.861500][T12915] CPU: 0 UID: 0 PID: 12915 Comm: syz.1.2115 Tainted: G L syzkaller #0 PREEMPT(full) [ 620.873070][T12915] Tainted: [L]=SOFTLOCKUP [ 620.877963][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 620.888986][T12915] RIP: 0010:usb_submit_urb+0x1115/0x18b0 [ 620.895210][T12915] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9 [ 620.915619][T12915] RSP: 0000:ffffc90006f4f6c8 EFLAGS: 00010246 [ 620.922158][T12915] RAX: 0000000000000000 RBX: ffff88803571e100 RCX: 0000000080004a80 [ 620.930714][T12915] RDX: ffff888031888040 RSI: ffffffff8c7f1ee0 RDI: ffffffff901eefc0 [ 620.938742][T12915] RBP: 1ffff11006b7ee18 R08: 00000000000000c0 R09: 0000000000000000 [ 620.947405][T12915] R10: ffffc90006f4f7c0 R11: fffff52000de9f04 R12: ffff88805619c100 [ 620.956051][T12915] R13: ffff888035bf70c0 R14: 0000000080004a80 R15: ffff888031888040 [ 620.964655][T12915] FS: 0000000000000000(0000) GS:ffff88812545d000(0063) knlGS:00000000f53ddb40 [ 620.974037][T12915] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 620.981189][T12915] CR2: 0000000080536000 CR3: 000000004f5a8000 CR4: 00000000003526f0 [ 620.989189][T12915] Call Trace: [ 620.992924][T12915] [ 620.995874][T12915] ? __init_swait_queue_head+0xa9/0x150 [ 621.001818][T12915] usb_start_wait_urb+0x13f/0x5b0 [ 621.006860][T12915] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 621.012822][T12915] usb_control_msg+0x234/0x3e0 [ 621.017603][T12915] dtv5100_i2c_msg+0x231/0x2f0 [ 621.022867][T12915] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 621.027747][T12915] __i2c_transfer+0x79a/0x2020 [ 621.033140][T12915] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 621.039449][T12915] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 621.045691][T12915] ? i2c_transfer+0xc8/0x2d0 [ 621.050682][T12915] i2c_transfer+0x1cc/0x2d0 [ 621.055240][T12915] i2c_transfer_buffer_flags+0x10d/0x1a0 [ 621.061331][T12915] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 621.067520][T12915] ? _copy_from_user+0x94/0xb0 [ 621.072856][T12915] i2cdev_write+0x113/0x1e0 [ 621.077402][T12915] vfs_writev+0x4bd/0x990 [ 621.082365][T12915] ? __pfx_i2cdev_write+0x10/0x10 [ 621.087980][T12915] ? __pfx_vfs_writev+0x10/0x10 [ 621.093506][T12915] ? __fget_files+0x2a/0x420 [ 621.098257][T12915] ? __fget_files+0x3a0/0x420 [ 621.103101][T12915] ? __fget_files+0x2a/0x420 [ 621.107825][T12915] do_writev+0x154/0x2e0 [ 621.112212][T12915] ? __pfx_do_writev+0x10/0x10 [ 621.117046][T12915] __do_fast_syscall_32+0x20d/0x640 [ 621.122353][T12915] ? do_fast_syscall_32+0x33/0x70 [ 621.127486][T12915] ? asm_int80_emulation+0x1a/0x20 [ 621.132738][T12915] ? do_int80_emulation+0x274/0x4d0 [ 621.137993][T12915] ? trace_irq_disable+0x3b/0x150 [ 621.143164][T12915] do_fast_syscall_32+0x33/0x70 [ 621.148077][T12915] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 621.154875][T12915] RIP: 0023:0xf6feef6c [ 621.159003][T12915] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 621.179415][T12915] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000092 [ 621.187981][T12915] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180 [ 621.196058][T12915] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 621.204203][T12915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 621.212305][T12915] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 621.220402][T12915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 621.228455][T12915] [ 621.232229][T12915] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 621.239562][T12915] CPU: 0 UID: 0 PID: 12915 Comm: syz.1.2115 Tainted: G L syzkaller #0 PREEMPT(full) [ 621.250538][T12915] Tainted: [L]=SOFTLOCKUP [ 621.254878][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 621.264987][T12915] Call Trace: [ 621.268282][T12915] [ 621.271226][T12915] vpanic+0x56c/0xa60 [ 621.275261][T12915] ? __pfx__printk+0x10/0x10 [ 621.279869][T12915] ? __pfx_vpanic+0x10/0x10 [ 621.284402][T12915] ? is_bpf_text_address+0x292/0x2b0 [ 621.289729][T12915] ? is_bpf_text_address+0x26/0x2b0 [ 621.294987][T12915] panic+0xc5/0xd0 [ 621.298762][T12915] ? __pfx_panic+0x10/0x10 [ 621.303209][T12915] __warn+0x315/0x4f0 [ 621.307210][T12915] ? usb_submit_urb+0x1053/0x18b0 [ 621.312291][T12915] ? usb_submit_urb+0x1053/0x18b0 [ 621.317337][T12915] __report_bug+0x29a/0x540 [ 621.321932][T12915] ? unwind_get_return_address+0x4d/0x90 [ 621.327621][T12915] ? usb_submit_urb+0x1053/0x18b0 [ 621.332690][T12915] ? __pfx___report_bug+0x10/0x10 [ 621.337739][T12915] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 621.343656][T12915] ? lockdep_hardirqs_on+0x7a/0x110 [ 621.348922][T12915] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 621.354764][T12915] ? stack_depot_save_flags+0x3f3/0x810 [ 621.360367][T12915] report_bug_entry+0x19a/0x290 [ 621.365250][T12915] ? usb_submit_urb+0x1115/0x18b0 [ 621.370312][T12915] ? usb_submit_urb+0x111a/0x18b0 [ 621.375392][T12915] handle_bug+0xce/0x200 [ 621.379677][T12915] exc_invalid_op+0x1a/0x50 [ 621.384255][T12915] asm_exc_invalid_op+0x1a/0x20 [ 621.389145][T12915] RIP: 0010:usb_submit_urb+0x1115/0x18b0 [ 621.394839][T12915] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9 [ 621.414458][T12915] RSP: 0000:ffffc90006f4f6c8 EFLAGS: 00010246 [ 621.420542][T12915] RAX: 0000000000000000 RBX: ffff88803571e100 RCX: 0000000080004a80 [ 621.428714][T12915] RDX: ffff888031888040 RSI: ffffffff8c7f1ee0 RDI: ffffffff901eefc0 [ 621.436721][T12915] RBP: 1ffff11006b7ee18 R08: 00000000000000c0 R09: 0000000000000000 [ 621.444737][T12915] R10: ffffc90006f4f7c0 R11: fffff52000de9f04 R12: ffff88805619c100 [ 621.452726][T12915] R13: ffff888035bf70c0 R14: 0000000080004a80 R15: ffff888031888040 [ 621.460724][T12915] ? usb_submit_urb+0x10a4/0x18b0 [ 621.465798][T12915] ? __init_swait_queue_head+0xa9/0x150 [ 621.471357][T12915] usb_start_wait_urb+0x13f/0x5b0 [ 621.476405][T12915] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 621.481972][T12915] usb_control_msg+0x234/0x3e0 [ 621.486754][T12915] dtv5100_i2c_msg+0x231/0x2f0 [ 621.491541][T12915] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 621.496429][T12915] __i2c_transfer+0x79a/0x2020 [ 621.501206][T12915] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 621.507021][T12915] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 621.512860][T12915] ? i2c_transfer+0xc8/0x2d0 [ 621.517458][T12915] i2c_transfer+0x1cc/0x2d0 [ 621.521973][T12915] i2c_transfer_buffer_flags+0x10d/0x1a0 [ 621.527616][T12915] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 621.533787][T12915] ? _copy_from_user+0x94/0xb0 [ 621.538563][T12915] i2cdev_write+0x113/0x1e0 [ 621.543077][T12915] vfs_writev+0x4bd/0x990 [ 621.547458][T12915] ? __pfx_i2cdev_write+0x10/0x10 [ 621.552558][T12915] ? __pfx_vfs_writev+0x10/0x10 [ 621.557450][T12915] ? __fget_files+0x2a/0x420 [ 621.562065][T12915] ? __fget_files+0x3a0/0x420 [ 621.566782][T12915] ? __fget_files+0x2a/0x420 [ 621.571400][T12915] do_writev+0x154/0x2e0 [ 621.575660][T12915] ? __pfx_do_writev+0x10/0x10 [ 621.580444][T12915] __do_fast_syscall_32+0x20d/0x640 [ 621.585655][T12915] ? do_fast_syscall_32+0x33/0x70 [ 621.590690][T12915] ? asm_int80_emulation+0x1a/0x20 [ 621.595808][T12915] ? do_int80_emulation+0x274/0x4d0 [ 621.601024][T12915] ? trace_irq_disable+0x3b/0x150 [ 621.606102][T12915] do_fast_syscall_32+0x33/0x70 [ 621.610979][T12915] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 621.617346][T12915] RIP: 0023:0xf6feef6c [ 621.621425][T12915] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 621.641043][T12915] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000092 [ 621.649466][T12915] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180 [ 621.657443][T12915] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 621.665509][T12915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 621.673516][T12915] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 621.681507][T12915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 621.689502][T12915] [ 621.693167][T12915] Kernel Offset: disabled [ 621.697508][T12915] Rebooting in 86400 seconds..