last executing test programs: 2m32.806260794s ago: executing program 0 (id=1415): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) mount$nfs(0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) socket(0x22, 0x2, 0x3) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000a40)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4$alg(r1, 0x0, 0x0, 0x80800) sendmsg$sock(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x5) io_setup(0x95, &(0x7f0000000040)=0x0) io_submit(r3, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r2, &(0x7f0000000080)="ac30", 0x2}]) fsopen(&(0x7f0000000100)='cifs\x00', 0x0) clock_gettime(0x5, &(0x7f0000000240)) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000000)={0xa}, 0x10) writev(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x20000000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x972, &(0x7f0000006680)) getgid() 2m31.177635672s ago: executing program 0 (id=1420): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x40000) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) r5 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r6 = gettid() r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000000800000", @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010001ffffcffffff0000000000000e00", @ANYRES32=0x0, @ANYBLOB="00000000804003001c0012800b00010067726574617000000c00028008000700ac14142808000a00", @ANYRES32=r10], 0x44}}, 0x804) r11 = socket$packet(0x11, 0x3, 0x300) r12 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r12) getsockname$packet(r12, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendto$packet(r11, &(0x7f0000000040)="2717a90ad8a30d71282847000000", 0xe, 0x40000, &(0x7f0000000180)={0x11, 0x16}, 0x14) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4(r5, 0x0, 0x0, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES8=r3], 0x76) 2m30.146788106s ago: executing program 0 (id=1422): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x2, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xbabd, 0x81, 0x5, 0x1, 0xfff}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x4}, {0xc, 0x7, {0x0, 0xe4ffffff}}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040800}, 0x0) 2m26.17042346s ago: executing program 0 (id=1434): socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x27, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x4, 0x8001, 0x5c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x871, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0x2, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x7, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0x6, 0x8, 0x3, 0xd4a8535, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x82, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x4, 0x54fe12da, 0xbf, 0x5, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xfffffffc, 0x5, 0x938, 0x4, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x1000, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0xfffffffe, 0x200, 0xfff, 0xfff]}, 0x45c) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x3, 0x80000000101008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7, &(0x7f0000006680)) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xfecc) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) syz_open_dev$media(&(0x7f0000000040), 0x1723, 0x440) write$char_usb(r0, &(0x7f0000000040)="e2", 0x918) 2m25.57082198s ago: executing program 0 (id=1436): r0 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x24, &(0x7f0000000d40), 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) 2m25.40239285s ago: executing program 0 (id=1437): r0 = syz_io_uring_setup(0xb14, &(0x7f00000000c0)={0x0, 0x99a3, 0x8001, 0x3, 0x2dd}, &(0x7f0000000000), &(0x7f0000000180)) ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd}) (async) ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd}) ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000440)={0x0, {0x0, 0x0, @qam}}) r2 = io_uring_setup(0x68b1, &(0x7f0000000240)={0x0, 0x17a2, 0x1880, 0x0, 0x0, 0x0, r0}) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYRES16=r3, @ANYRES32=0x0, @ANYRESDEC=r4, @ANYRESOCT=r2, @ANYRES32, @ANYRES32=r5, @ANYBLOB="5b001b0802c21157cae947a6af2c3a443122aecb89c8e532f3f2fb0af1ed970444249aada551b7b438f415aaea767181503282dc757f8a59a2a2c2c6e8af438da1b70c56d65b792aa01da5a4fa70c2c455bdaddaed18883e8e1ca309a2556256cd982ad0f0da90b7bf7f5431ecb75fac1cb1a304436de331eeeab399477105affb5b9725bb888c11be151ad7592700"/152], 0x44}}, 0x20000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) r6 = syz_open_dev$ndb(&(0x7f0000000700), 0x0, 0x40400) ioctl$BLKSECDISCARD(r6, 0x127d, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x10000) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_open_dev$evdev(0x0, 0x5, 0x1ef082) (async) r7 = syz_open_dev$evdev(0x0, 0x5, 0x1ef082) ioctl$EVIOCGKEYCODE(r7, 0x80084504, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x2, 0x24, 0x0, 0x0) (async) r8 = syz_usb_connect(0x2, 0x24, 0x0, 0x0) syz_usb_control_io(r8, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) sendmsg$IPSET_CMD_LIST(r10, 0x0, 0x94) (async) sendmsg$IPSET_CMD_LIST(r10, 0x0, 0x94) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x800) socket$netlink(0x10, 0x3, 0xc) (async) r11 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(r11, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2m10.291641582s ago: executing program 32 (id=1437): r0 = syz_io_uring_setup(0xb14, &(0x7f00000000c0)={0x0, 0x99a3, 0x8001, 0x3, 0x2dd}, &(0x7f0000000000), &(0x7f0000000180)) ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd}) (async) ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd}) ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000440)={0x0, {0x0, 0x0, @qam}}) r2 = io_uring_setup(0x68b1, &(0x7f0000000240)={0x0, 0x17a2, 0x1880, 0x0, 0x0, 0x0, r0}) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYRES16=r3, @ANYRES32=0x0, @ANYRESDEC=r4, @ANYRESOCT=r2, @ANYRES32, @ANYRES32=r5, @ANYBLOB="5b001b0802c21157cae947a6af2c3a443122aecb89c8e532f3f2fb0af1ed970444249aada551b7b438f415aaea767181503282dc757f8a59a2a2c2c6e8af438da1b70c56d65b792aa01da5a4fa70c2c455bdaddaed18883e8e1ca309a2556256cd982ad0f0da90b7bf7f5431ecb75fac1cb1a304436de331eeeab399477105affb5b9725bb888c11be151ad7592700"/152], 0x44}}, 0x20000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) r6 = syz_open_dev$ndb(&(0x7f0000000700), 0x0, 0x40400) ioctl$BLKSECDISCARD(r6, 0x127d, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x10000) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_open_dev$evdev(0x0, 0x5, 0x1ef082) (async) r7 = syz_open_dev$evdev(0x0, 0x5, 0x1ef082) ioctl$EVIOCGKEYCODE(r7, 0x80084504, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x2, 0x24, 0x0, 0x0) (async) r8 = syz_usb_connect(0x2, 0x24, 0x0, 0x0) syz_usb_control_io(r8, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) sendmsg$IPSET_CMD_LIST(r10, 0x0, 0x94) (async) sendmsg$IPSET_CMD_LIST(r10, 0x0, 0x94) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x800) socket$netlink(0x10, 0x3, 0xc) (async) r11 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(r11, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m17.757490721s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 1m6.076954486s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 51.311141396s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 35.356912059s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 23.386017608s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 14.094664782s ago: executing program 3 (id=1787): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x5, 0x0, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r7) sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="111e00000000feffffff05000000"], 0x21}}, 0xa000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000"], 0x122}}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f00000000c0)=0x6, 0x4) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1500000055003d0902000000fcdbdf2507"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="db84fd4c4ce9627c6278392c6c0000000008010300000000000000000500000306000240891400000500030021000000340004800800014000000004080001400000000708000140fffffff6080001400000004f080001ad6c31e161a6681ee75744c6d9400000000008000140000000090900010073797a310000000005000300"], 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) 12.616610477s ago: executing program 4 (id=1792): socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioprio_get$pid(0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) ptrace$ARCH_GET_GS(0x1e, 0x0, 0x0, 0x1004) sched_setaffinity(0x0, 0xc67e7be33bfcd098, &(0x7f0000000180)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000580)={0x2, 0x3, @multicast1}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7fffffff], [0x10000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x5], [0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff]], '\x00', [{}, {0xffffffbd}, {0x0, 0x6}, {0xfffffffd, 0x0, 0x0, 0x1, 0x1}, {0x80000001, 0x0, 0x0, 0x1, 0x1}, {0x7fff, 0xfefffffa}, {}, {0x8000000, 0x8f96}, {}, {0x0, 0xfffffffe}, {0x1000000}, {0x1}], '\x00', 0x1000}) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0xfd44) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004d00)=[{{0x0, 0x97, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c0, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x300, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0xc00}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x0, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x0, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x40}, {0xa, 0xc, 0x6, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488) dup(r2) 11.686658824s ago: executing program 4 (id=1794): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000004c0)={{0x0, 0x6, 0xffffffffffff0000, 0x7, 0x5f, 0x64, 0x2, 0xc4b, 0x60a5, 0x5, 0x7, 0x2, 0x20000000000000, 0x1, 0x8001}}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="00000000000000c5cf000000000000009500000800000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0}}, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getpid() sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000030000000000", @ANYRES32=r5, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'dt2815\x00', [0x4f27, 0x5, 0x5, 0x47, 0x2, 0xcc7, 0xfff, 0x7, 0x5, 0x3ff, 0x7f, 0x15fe, 0x1, 0x0, 0x3, 0xe1cb, 0xff7fffc0, 0x0, 0x2f, 0x295, 0x80000089, 0xfffffffc, 0x7, 0x6, 0xffffeadb, 0x3, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]}) r7 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) fallocate(r7, 0x0, 0x0, 0x8ffff) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0) 10.832721595s ago: executing program 1 (id=1796): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) clock_nanosleep(0x2, 0xffc99a3b, &(0x7f0000000100), &(0x7f0000000180)) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r5 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0xfffc, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0xff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x6e6bb9, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0) pselect6(0x40, &(0x7f0000000280)={0x6, 0x2, 0x7cac2b50, 0x7fff, 0x2, 0x9, 0x0, 0xff}, &(0x7f0000000300)={0x0, 0xffffffffffff3d29, 0x8000000000000001, 0x9, 0x6, 0x1, 0x10, 0x200}, &(0x7f0000000440)={0x7, 0x9, 0x9, 0xe56, 0x9, 0x400, 0x101, 0x7fff}, &(0x7f0000000480), &(0x7f0000000500)={&(0x7f00000004c0)={[0x1061]}, 0x8}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="0206020002000000020000000000"], 0x10}}, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xdb, 0x9d, 0x1b, 0x8, 0x12d1, 0xfae2, 0x708b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x4, 0x1a}}]}}]}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}], {0x14}}, 0x94}}, 0x0) 10.53473751s ago: executing program 4 (id=1797): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0x4, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg$alg(r0, 0x0, 0x0, 0x20004800) close(0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20044000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r2, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='btrfs\x00', 0x210818, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 8.950670587s ago: executing program 5 (id=1511): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x13, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000006d00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xc9, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7db3985513e3144c4db4558989bc598d61ae14f22dc6c7773b19db95217da4b7ffa7e77a44ca70eb82cd5d1067b67e2b621b2a9b77444035d39de0d0179bfeb8941639419781f75aa2429e66b3693a3ba82fca97dacc9f94d1cb33fe6fccc4bcec165ba756ec61020ddfc419f187ac39229b60eb3197d8031408042618b4adc3a8a0fa531bfc5b02d06b04d5b7f13761f8cd47e3393f88e988edae065abb6e8a9e7df404caf8b4e74205b540001532", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x3f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x800) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x7fff, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x806842, 0x2, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x24, &(0x7f0000000d40), 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0ff1ef03dc471400000004ffffffff0000000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) setsockopt$inet6_tcp_int(r4, 0x6, 0x8, &(0x7f00000001c0)=0xffffff7f, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r7 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) quotactl_fd$Q_SETINFO(r7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 7.632290333s ago: executing program 2 (id=1798): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r2, r4, 0x25, 0x4, @val=@tcx={@void, @value=r2}}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[], 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x1fffffd, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x7, 0xa}, {0xfff3}}}, 0x59}}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r7 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x200000000000011, 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r10, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027000000000008000100"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) write$tun(r1, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x64, 0x0, 0x40, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x20, 0x0, 0x4}]}}, {0x4e20, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x6, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000080)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@my=0x0, 0x9}, @local, 0x0, 0x1, 0x7ffffff, 0x0, 0x6, 0x0, 0x80000001}) 7.629209283s ago: executing program 3 (id=1799): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x35e, 0x862b01) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000100)=[0xc, 0x36]) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknod$loop(&(0x7f0000000240)='./file0\x00', 0x40, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) io_uring_setup(0x7, &(0x7f00000001c0)={0x0, 0xc8a1, 0x200, 0x8, 0x1}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 7.628610469s ago: executing program 4 (id=1800): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.148579355s ago: executing program 1 (id=1801): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r3, &(0x7f0000000580)={0x237, 0x7d, 0x2, {{0x500, 0xf6, 0x0, 0x5000000, {0x96346fe8a85d2583, 0x0, 0x8}, 0x41400000, 0x0, 0xe5e0, 0x5, 0x1b, '\x04nodev{evoo~\x05E\xc6\x00\x05\b\x007\xd9:\x8b\x92\xfd\x00\x00', 0x33, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x37, '\xcf\xc3m\a\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e^\x98\x9c\xd5\xefMQ\xf6\r\xa7X,J\x05\xc8\xf8(\xf6\x8d\xc1wM]\xe2\xe8 \x86#\x81\xf6hm\xd1\xbb\x8f\xd7\x00\x00\x00', 0x3e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c<;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0w\xdct\x00\x00\x00\x00\x00\x00\x00\x00\a\xec!\xca\xbf\xf2\x0f\x9c\x00\x89\xf9\x06\x00\x00\x00\x00\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x13r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x237) 7.00970396s ago: executing program 3 (id=1802): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2040, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x20040010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, 0x52, 0x1, 0x70bd2a, 0x0, {0xa}}, 0x14}}, 0x0) ioctl$TCSETSF(r0, 0x5457, &(0x7f0000000000)={0x0, 0x629, 0xffffffff, 0x0, 0x7, "7a58bea88a00"}) ioctl$TCSETSF(r0, 0x5404, 0x0) close(0x3) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x4ff5, r5}, 0x38) 5.921376364s ago: executing program 1 (id=1803): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_QUOTA_FLAGS={0x8}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x44}}, 0x0) 5.88205281s ago: executing program 3 (id=1804): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000007c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f}, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) tgkill(0x0, 0x0, 0xd) write$binfmt_register(0xffffffffffffffff, &(0x7f00000004c0)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x0, 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xea(J\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{G\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xbd\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132?\xbf\xb2\x93B\x01\'#\xc0v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde44m\x96+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x8c\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xa1W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a', 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a', 0x3a, './file0'}, 0x237) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$PTP_EXTTS_REQUEST2(r6, 0x40603d07, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x9, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa13, 0xffffffff}, 0x0) r7 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$revoke(0x3, r7) add_key(&(0x7f0000000140)='.request_key_auth\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000840)="1ddd1b4f0ecdebb66d21a4364320dcadd0a1db0b76900f78b854d7c781c997794e9c4d8211737a78f3541021b20fa971911643bb3d6f5629d2a3bc989cb24f63ecaff32bf17aa82611902f838066585a81ac56ed68240a36421d5ecbaa61af9a9e4f6454572de1e5a39d182432d93bded9f0c2f25deba5608ad041710f5d80e3fd4ca94881f28fa86f26dbdcb25fc362b9a03978", 0x94, r7) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) socket$kcm(0x29, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r9 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0x1}}, 0x18) sendmsg$can_j1939(r9, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x6d41}}, 0xee) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x3, 0x0) 5.79164008s ago: executing program 2 (id=1805): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$video4linux(&(0x7f0000000400), 0xc7c, 0xe03) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000040)=0x8000) setregid(0x0, 0xee00) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) readv(0xffffffffffffffff, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673c35d]}}) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r4, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @time={0x0, 0x5}, {0x4, 0x2}, {}, @ext={0x0, 0x0}}, {0x10, 0x0, 0x50, 0x0, @time={0x8, 0x9}, {}, {}, @raw8={"4e75ffd80c3c64c130a509f3"}}, {0x0, 0x0, 0x0, 0x0, @time={0xff, 0x14b0c00}, {0x6}, {0x0, 0xf0}, @queue={0x2, {0x2, 0x4}}}, {0x0, 0x0, 0x0, 0x0, @tick, {0x0, 0x4}, {0x0, 0x10}, @time=@tick=0x6}], 0x70) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x20, 0x700, 0x100, 0x5, {{0x4b, 0x4, 0x1, 0x3, 0x12c, 0x67, 0x0, 0x0, 0x4, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x44, 0x4c, 0xd3, 0x1, 0x3, [{@rand_addr=0x64010100, 0x2}, {@local, 0x6}, {@private=0xa010101, 0x5}, {@empty, 0x8}, {@dev={0xac, 0x14, 0x14, 0x2c}, 0x3}, {@empty, 0x6cc}, {@dev={0xac, 0x14, 0x14, 0x21}, 0x878}, {@broadcast, 0x1000}, {@local, 0x6}]}, @cipso={0x86, 0x61, 0x3, [{0x1, 0x10, "0d57bb593faa6852ad6a6f94ab30"}, {0x7, 0x11, "78d0c44a09ce8f0b4bc69aca7c854e"}, {0x0, 0x11, "3a05d77f2b55fed32edc5bca0af9fe"}, {0x5, 0xf, "f04567d62478aac7f895b6cfba"}, {0x0, 0x10, "64d3c5402c91ca76740b2d8e1b20"}, {0x6, 0xa, "23205740f26c1a11"}]}, @rr={0x7, 0xb, 0xbe, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x13, 0x1b, [@local, @multicast2, @empty, @broadcast]}, @noop, @cipso={0x86, 0x49, 0x3, [{0x5, 0x3, 'L'}, {0x7, 0xb, "64566e438a0e167cd5"}, {0x5, 0x7, "2f04bfbb8a"}, {0x2, 0x10, "4451e8d6621eeba0bdc9f2fb3d78"}, {0x6, 0xe, "bf5d1b6a99edbd4884b61fc4"}, {0x1, 0xb, "e90ea1fbe942101759"}, {0x0, 0x5, "2c0669"}]}]}}}}}) 5.706988734s ago: executing program 1 (id=1806): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r4) sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYRES16=r5, @ANYBLOB="111e00000000feffffff050000"], 0x21}}, 0xa000000) 4.837955134s ago: executing program 2 (id=1807): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) dup(r0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) socket$nl_generic(0x10, 0x3, 0x10) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r4, 0x0) listen(r4, 0x0) recvmmsg(r4, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f00000009c0)}, 0x7}], 0x1, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="796100c5d2fbbd0000007e00"], 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 4.207933484s ago: executing program 4 (id=1808): getpid() pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e8", 0x5f}], 0x2, 0x0, 0x0, 0x20000000}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000600)=""/129, 0x81}, {0x0}], 0x2}, 0x20) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000204e0000", 0x58}], 0x1) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000980)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000ebffffff0008000000180001801400020073797a5f74756e000000000000000000240002809d321b429ff13719206a7dd728f57d51445a4a6de63447f9736889a267975273e3f264c2b0d980d465c0d5a9b3d592f2865afa511731ccbe99fcce5ed2fc0a9de892db556adb1f4f0c3e5a650525e97492d1ef392ef767beee1107e83a83b273e7df4371a302f5b91bfd4332db3c8013bf97d23a26bec15f65d0fae543d80ecef36c9ef909cf0b8653565537f761c4cd0a71d75c902ebfc1339b2e94f21e65c2c058363b50f64d1a091cd6126641bde651761312fa184c3a420fc8ca8df47ae8f4059112402fba0fe8874bb567d1ac19a820fc6e90cc859a0d7b24f3e78725330a251898ad28a7", @ANYBLOB="9d49ff610cc25735f53532daedfb9226d37ca2216c776701b4b2beb67329b2e3a3562989e06f226e65471dc63a1912c91ce7563749aced52073a8df00c8b13dc6a88614e38fe3d597cbf80376f4cb3fa7a1bc5fc60425867bea2c091dc1fd0566b95e7f4a7074a315d8b07f661509dc3a871b01296ffc1aebaa1790568a1552c7c596d90cc5235a7a5da8be7d76157600b43de786a1b2042b98f7712e43cf7ab9c403af1b79c7c87173faa144817218f8c1622efebb8a1e29aebdad8b344c31649ec1e3e814ab75e2da06b5a"], 0x50}}, 0x0) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 3.654877453s ago: executing program 2 (id=1809): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="41a01c1a2c", 0x5) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000086dd0500560008005400000040ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 3.52244727s ago: executing program 4 (id=1810): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x5, 0x0, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r7) sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="111e00000000feffffff05000000"], 0x21}}, 0xa000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000"], 0x122}}, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f00000000c0)=0x6, 0x4) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1500000055003d0902000000fcdbdf2507"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="db84fd4c4ce9627c6278392c6c0000000008010300000000000000000500000306000240891400000500030021000000340004800800014000000004080001400000000708000140fffffff6080001400000004f080001ad6c31e161a6681ee75744c6d9400000000008000140000000090900010073797a310000000005000300"], 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) 3.298981111s ago: executing program 2 (id=1811): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) clock_nanosleep(0x2, 0xffc99a3b, &(0x7f0000000100), &(0x7f0000000180)) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r5 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0xfffc, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0xff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x6e6bb9, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0) pselect6(0x40, &(0x7f0000000280)={0x6, 0x2, 0x7cac2b50, 0x7fff, 0x2, 0x9, 0x0, 0xff}, &(0x7f0000000300)={0x0, 0xffffffffffff3d29, 0x8000000000000001, 0x9, 0x6, 0x1, 0x10, 0x200}, &(0x7f0000000440)={0x7, 0x9, 0x9, 0xe56, 0x9, 0x400, 0x101, 0x7fff}, &(0x7f0000000480), &(0x7f0000000500)={&(0x7f00000004c0)={[0x1061]}, 0x8}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="0206020002000000020000000000"], 0x10}}, 0x0) syz_usb_disconnect(0xffffffffffffffff) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40045506, &(0x7f0000000400)=0x1) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}], {0x14}}, 0x94}}, 0x0) 3.116305489s ago: executing program 3 (id=1812): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x35e, 0x862b01) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000100)=[0xc, 0x36]) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknod$loop(&(0x7f0000000240)='./file0\x00', 0x40, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) io_uring_setup(0x7, &(0x7f00000001c0)={0x0, 0xc8a1, 0x200, 0x8, 0x1}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) 2.54188921s ago: executing program 1 (id=1813): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4e, 0x0, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xfe1d, @loopback={0xe0}, 0x9371}, 0x1c) (async) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xfe1d, @loopback={0xe0}, 0x9371}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000050, &(0x7f00000001c0)={0xa, 0x4e22, 0x40000000, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x23, @local, 0x23}, 0x1c) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29}, 0x94) lsetxattr$system_posix_acl(&(0x7f00000001c0)='.\x00', &(0x7f0000000080)='system.posix_acl_default\x00', 0x0, 0x24, 0x2) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) (async) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) (async) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, r2, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) (async) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket(0x10, 0x803, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) (async) r7 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) (async) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@getchain={0x3c, 0x66, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0xfff1, 0x9}, {0xffe0, 0x4}, {0xd, 0xffff}}, [{0x8, 0xb, 0xffff}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0xc040) (async) sendmsg$nl_route_sched(r5, 0x0, 0xc040) 2.40326569s ago: executing program 3 (id=1814): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001900010000000000000000001c140000fe0000010000000004001a"], 0x24}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x972, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) timer_create(0x0, 0x0, &(0x7f0000000300)) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_int(r5, &(0x7f0000000240)=0x2, 0x12) close(0x3) sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c1000001000370401000000e5ffffff00000400", @ANYRES32=r4, @ANYBLOB="83040500000000001c0012800b00010062726964676500000c00028005002b0003000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmmsg$inet(r1, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r7 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/time\x00') sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000007a000000", @ANYRES32=0x0, @ANYBLOB="40180000001c040040001280080001007369740034000280060008001600000008000100", @ANYRES32=r4, @ANYBLOB="060008002200000008000300ffffffff050009008900000008000300ac1414bb05002700060000000400140008002900609d000008002c000600000008002c0000000002080004000000000024000e0009000000000000000800000000000000df00000000000000010006070000000008001c00", @ANYRES32=r7, @ANYBLOB], 0xb8}}, 0x24) 1.250589108s ago: executing program 2 (id=1815): r0 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f0000001a00)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001e80)={0x34, &(0x7f0000000200)=ANY=[@ANYBLOB="420f00000000f881ce6781bd8f8b1e95e564019b7f7609374c86f0795f2e38fad56077ace82df952055c8f4cae0fa783754bdd681ae394763b56d80a81fbae16693ad19724d91953c61ab487ad231438aa71f0bc31895fed5c2f818368e09e7dae12afb17fb06c3dd9a81144335733"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000002600)={0x84, &(0x7f0000002140)={0x40, 0x5, 0x5, "f06d4e42af"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f00000000c0)=0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket(0x11, 0x3, 0x0) setsockopt$packet_int(r5, 0x107, 0x12, &(0x7f0000000000)=0x74d, 0x4) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r3, 0x0) r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$isdn(0x22, 0x2, 0x10) r11 = socket$isdn(0x22, 0x2, 0x2) r12 = dup3(r11, r10, 0x0) kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r9, &(0x7f0000000280)={r12, r8, 0x7}) sendmsg$nl_generic(r9, &(0x7f0000007800)={0x0, 0x0, &(0x7f00000077c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000036007bc32ddf7000fddbdf2503"], 0x14}}, 0x4000) r13 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x301c1, 0x0) write$dsp(r13, &(0x7f0000000180)="6dc3f3dc4a5f9d437d1420b7195aa9907dc359415830d30bcc8d3d06ddec900639e308308450d4d5f1ed454f0a1c4a7e8c9794b620504110a8e136914a6deb5f6d", 0x41) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={r2}, 0x8) 0s ago: executing program 1 (id=1816): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0xfffffff7}]}, 0x24}, 0x1, 0x0, 0x0, 0x8045}, 0x810) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0xfffffff7}]}, 0x24}, 0x1, 0x0, 0x0, 0x8045}, 0x810) (async) kernel console output (not intermixed with test programs): 00.845965][ T790] pvrusb2: Hardware description: Terratec Grabster AV400 [ 500.857237][ T790] pvrusb2: ********** [ 500.861279][ T790] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 500.872497][ T790] pvrusb2: Important functionality might not be entirely working. [ 500.880864][ T790] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 501.135378][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.207534][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.218351][ T790] pvrusb2: ********** [ 501.223904][ T2338] pvrusb2: Invalid write control endpoint [ 501.364730][ T2338] pvrusb2: Invalid write control endpoint [ 501.370492][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 501.414135][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 501.442312][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 501.557026][ T2338] pvrusb2: Device being rendered inoperable [ 501.573019][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 501.580310][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 501.593445][ T2338] pvrusb2: Attached sub-driver cx25840 [ 501.599141][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 501.609398][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 501.611099][ T47] usb 4-1: USB disconnect, device number 26 [ 502.398789][ T29] audit: type=1400 audit(2000000184.660:572): avc: denied { mounton } for pid=11170 comm="syz.2.1430" path="/295/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 504.172869][ T5882] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 504.402903][ T5882] usb 4-1: Using ep0 maxpacket: 8 [ 504.419641][ T5882] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.463217][ T5882] usb 4-1: config 0 has no interfaces? [ 504.468971][ T5882] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 504.481519][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.511880][ T5882] usb 4-1: config 0 descriptor?? [ 504.604621][ T29] audit: type=1400 audit(2000000186.940:573): avc: denied { append } for pid=11191 comm="syz.0.1437" name="nbd0" dev="devtmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 505.080027][ T29] audit: type=1400 audit(2000000187.410:574): avc: denied { map } for pid=11198 comm="syz.1.1439" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 505.224615][T11200] ieee802154 phy0 wpan0: encryption failed: -22 [ 505.941685][ T29] audit: type=1400 audit(2000000187.410:575): avc: denied { execute } for pid=11198 comm="syz.1.1439" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 506.113478][ T5960] block nbd0: Possible stuck request ffff888027938000: control (read@0,1024B). Runtime 420 seconds [ 506.124671][ T5960] block nbd0: Possible stuck request ffff888027938200: control (read@1024,1024B). Runtime 420 seconds [ 506.135912][ T5960] block nbd0: Possible stuck request ffff888027938400: control (read@2048,1024B). Runtime 420 seconds [ 506.147193][ T5960] block nbd0: Possible stuck request ffff888027938600: control (read@3072,1024B). Runtime 420 seconds [ 506.852837][ T7256] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 507.024971][ T7256] usb 5-1: Using ep0 maxpacket: 16 [ 507.270767][ T7256] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 507.276005][ T790] usb 4-1: USB disconnect, device number 27 [ 507.304611][ T7256] usb 5-1: config 0 interface 0 has no altsetting 0 [ 507.316337][ T7256] usb 5-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 507.335005][ T7256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.356592][ T7256] usb 5-1: Product: syz [ 507.363858][ T7256] usb 5-1: Manufacturer: syz [ 507.374016][ T7256] usb 5-1: SerialNumber: syz [ 507.389541][ T7256] usb 5-1: config 0 descriptor?? [ 507.425813][ T29] audit: type=1400 audit(2000000189.750:576): avc: denied { setattr } for pid=11216 comm="syz.3.1444" name="ptmx" dev="devtmpfs" ino=615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 507.482167][ T29] audit: type=1400 audit(2000000189.800:577): avc: denied { write } for pid=11218 comm="syz.1.1445" name="psched" dev="proc" ino=4026532838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 507.543908][ T29] audit: type=1400 audit(2000000189.800:578): avc: denied { setattr } for pid=11218 comm="syz.1.1445" name="psched" dev="proc" ino=4026532838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 507.614015][ C1] imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 507.632958][ T7256] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input24 [ 507.665201][ T7256] imon:send_packet: packet tx failed (-71) [ 507.693036][ T7256] imon 5-1:0.0: panel buttons/knobs setup failed [ 507.810143][ T7256] rc_core: IR keymap rc-imon-pad not found [ 507.817367][ T7256] Registered IR keymap rc-empty [ 507.822289][ T7256] imon 5-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 507.875089][ T7256] imon 5-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 507.893037][ T7256] imon:send_packet: packet tx failed (-71) [ 507.912933][ T7256] imon 5-1:0.0: remote input dev register failed [ 507.928588][ T7256] imon 5-1:0.0: imon_init_intf0: rc device setup failed [ 507.966246][ T7256] imon 5-1:0.0: unable to initialize intf0, err 0 [ 507.974969][ T7256] imon:imon_probe: failed to initialize context! [ 507.981332][ T7256] imon 5-1:0.0: unable to register, err -19 [ 507.999478][ T7256] usb 5-1: USB disconnect, device number 28 [ 508.312823][ T7256] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 508.393959][ T29] audit: type=1400 audit(2000000190.730:579): avc: denied { setopt } for pid=11248 comm="syz.2.1457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 508.462825][ T7256] usb 5-1: Using ep0 maxpacket: 16 [ 508.471640][ T7256] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 508.487943][ T7256] usb 5-1: config 0 interface 0 has no altsetting 0 [ 508.505869][ T7256] usb 5-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 508.523650][ T7256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.541907][ T7256] usb 5-1: Product: syz [ 508.550754][ T7256] usb 5-1: Manufacturer: syz [ 508.556844][ T7256] usb 5-1: SerialNumber: syz [ 508.576190][ T7256] usb 5-1: config 0 descriptor?? [ 508.819791][ T7256] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input26 [ 509.122880][ T7256] rc_core: IR keymap rc-imon-pad not found [ 509.138993][ T7256] Registered IR keymap rc-empty [ 509.151686][ T7256] imon 5-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 509.182866][ T7256] imon 5-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 509.246733][ T7256] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 509.265526][ T7256] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input27 [ 509.280413][ T7256] imon 5-1:0.0: iMON device (15c2:0041, intf0) on usb<5:29> initialized [ 509.572916][ T5882] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 509.584599][T11312] netlink: 'syz.1.1484': attribute type 1 has an invalid length. [ 509.689054][T11314] veth1_to_team: Caught tx_queue_len zero misconfig [ 509.696217][T11314] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1441'. [ 509.706021][ T9542] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 509.748540][ T5882] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 509.758078][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.766558][ T5882] usb 4-1: Product: syz [ 509.770924][ T5882] usb 4-1: Manufacturer: syz [ 509.776091][ T5882] usb 4-1: SerialNumber: syz [ 509.816364][ C1] imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 509.816765][ T790] usb 5-1: USB disconnect, device number 29 [ 509.865439][ T9542] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 509.876984][ T9542] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 509.889484][ T9542] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 509.898971][ T9542] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 509.907926][ T9542] usb 3-1: SerialNumber: syz [ 510.116330][T11316] Failed to initialize the IGMP autojoin socket (err -2) [ 510.131181][ T9542] usb 3-1: 0:2 : does not exist [ 510.136680][ T9542] usb 3-1: unit 5 not found! [ 510.160168][ T9542] usb 3-1: USB disconnect, device number 38 [ 510.188909][ T8969] udevd[8969]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 511.014927][T11320] delete_channel: no stack [ 511.251143][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 511.263319][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 511.274736][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 511.300149][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 511.311619][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 511.324375][ T5882] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 511.348149][ T5882] usb 4-1: USB disconnect, device number 28 [ 512.042823][ T7256] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 512.207218][ T7256] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 512.217949][ T7256] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.227794][ T7256] usb 3-1: Product: syz [ 512.233127][ T7256] usb 3-1: Manufacturer: syz [ 512.237826][ T7256] usb 3-1: SerialNumber: syz [ 512.252421][T11336] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 512.303179][T11336] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 512.500182][T11345] netlink: 'syz.1.1495': attribute type 1 has an invalid length. [ 512.582818][ T5942] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 512.602812][ T47] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 512.742886][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 512.749799][ T5942] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 512.759120][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.767262][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 512.783375][ T47] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 512.800157][ T47] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 512.812303][ T47] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 512.824180][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 512.831306][ T5942] pvrusb2: ********** [ 512.840887][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 512.853694][ T5942] pvrusb2: Important functionality might not be entirely working. [ 512.861920][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 512.873699][ T5942] pvrusb2: ********** [ 512.877939][ T47] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 512.887765][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 512.901286][ T47] usb 4-1: SerialNumber: syz [ 513.105716][T11346] delete_channel: no stack [ 513.384129][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 513.399575][T11336] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 513.401973][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 513.407166][ T2338] pvrusb2: Invalid write control endpoint [ 513.429612][T11336] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 513.438312][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 513.453131][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 513.468604][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 513.480292][ T7256] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 513.532574][ T7256] usb 3-1: USB disconnect, device number 39 [ 513.534251][ T2338] pvrusb2: Invalid write control endpoint [ 513.556241][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 513.567385][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 513.575187][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 513.607269][ T2338] pvrusb2: Device being rendered inoperable [ 513.614718][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 513.622059][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 513.647490][ T47] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 513.667771][ T2338] pvrusb2: Attached sub-driver cx25840 [ 513.674933][ T47] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12 [ 513.682984][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 513.713091][ T47] usb 4-1: USB disconnect, device number 29 [ 513.732420][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 513.854415][T11350] tipc: Enabling of bearer rejected, failed to enable media [ 514.751451][T11366] SELinux: policydb magic number 0x41904 does not match expected magic number 0xf97cff8c [ 514.763171][T11366] SELinux: failed to load policy [ 515.530375][T11368] Failed to initialize the IGMP autojoin socket (err -2) [ 515.573929][T11347] usb 5-1: USB disconnect, device number 30 [ 516.192885][T11347] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 516.252844][ T9542] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 516.375111][T11347] usb 5-1: Using ep0 maxpacket: 8 [ 516.387856][T11347] usb 5-1: unable to get BOS descriptor or descriptor too short [ 516.397323][T11347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 516.413231][T11347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 516.425701][T11347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 516.437240][T11347] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 516.447757][T11347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 516.458281][T11347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 43690, setting to 1024 [ 516.459371][ T9542] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 516.481312][T11347] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 516.501846][ T9542] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 516.522098][ T9542] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 516.536091][ T9542] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 516.539271][T11347] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 516.546604][ T9542] usb 2-1: SerialNumber: syz [ 516.558228][T11347] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.567404][T11347] usb 5-1: Product: syz [ 516.571830][T11347] usb 5-1: Manufacturer: syz [ 516.580611][T11347] usb 5-1: SerialNumber: syz [ 516.605060][T11347] usb 5-1: config 0 descriptor?? [ 516.611543][T11373] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 516.618918][T11373] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 516.628521][T11347] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 516.777507][ T9542] usb 2-1: 0:2 : does not exist [ 516.788486][ T9542] usb 2-1: unit 5 not found! [ 516.802829][ T7256] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 516.826598][ T9542] usb 2-1: USB disconnect, device number 35 [ 517.356603][ T7256] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 517.365779][ T7256] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.374397][ T7256] usb 3-1: Product: syz [ 517.378627][ T7256] usb 3-1: Manufacturer: syz [ 517.383352][ T7256] usb 3-1: SerialNumber: syz [ 517.752938][ T9542] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 517.889017][T11386] FAULT_INJECTION: forcing a failure. [ 517.889017][T11386] name failslab, interval 1, probability 0, space 0, times 0 [ 517.901727][T11386] CPU: 0 UID: 0 PID: 11386 Comm: syz.3.1505 Tainted: G L syzkaller #0 PREEMPT(full) [ 517.901755][T11386] Tainted: [L]=SOFTLOCKUP [ 517.901762][T11386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 517.901772][T11386] Call Trace: [ 517.901778][T11386] [ 517.901785][T11386] dump_stack_lvl+0x100/0x190 [ 517.901816][T11386] should_fail_ex.cold+0x5/0xa [ 517.901838][T11386] ? tomoyo_encode2+0xfb/0x3c0 [ 517.901857][T11386] should_failslab+0xc2/0x120 [ 517.901880][T11386] __kmalloc_noprof+0xe0/0x850 [ 517.901899][T11386] ? d_absolute_path+0x136/0x1b0 [ 517.901922][T11386] tomoyo_encode2+0xfb/0x3c0 [ 517.901946][T11386] tomoyo_encode+0x29/0x50 [ 517.901964][T11386] tomoyo_realpath_from_path+0x18c/0x690 [ 517.902010][T11386] tomoyo_path_number_perm+0x23c/0x580 [ 517.902036][T11386] ? tomoyo_path_number_perm+0x22e/0x580 [ 517.902065][T11386] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 517.902122][T11386] ? find_held_lock+0x2b/0x80 [ 517.902141][T11386] ? __fget_files+0x215/0x3d0 [ 517.902167][T11386] ? hook_file_ioctl_common+0x146/0x410 [ 517.902195][T11386] ? __fget_files+0x21f/0x3d0 [ 517.902221][T11386] security_file_ioctl+0xd3/0x230 [ 517.902241][T11386] __x64_sys_ioctl+0xb7/0x210 [ 517.902261][T11386] do_syscall_64+0x106/0xf80 [ 517.902285][T11386] ? clear_bhb_loop+0x40/0x90 [ 517.902305][T11386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.902323][T11386] RIP: 0033:0x7fe47459bf79 [ 517.902338][T11386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.902354][T11386] RSP: 002b:00007fe4753d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 517.902372][T11386] RAX: ffffffffffffffda RBX: 00007fe474816180 RCX: 00007fe47459bf79 [ 517.902383][T11386] RDX: 0000200000000040 RSI: 0000000000004b48 RDI: 0000000000000005 [ 517.902393][T11386] RBP: 00007fe4753d7090 R08: 0000000000000000 R09: 0000000000000000 [ 517.902402][T11386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.902412][T11386] R13: 00007fe474816218 R14: 00007fe474816180 R15: 00007ffc628521f8 [ 517.902437][T11386] [ 517.902535][T11386] ERROR: Out of memory at tomoyo_realpath_from_path. [ 518.121661][ T9542] usb 2-1: Using ep0 maxpacket: 8 [ 518.773958][T11376] delete_channel: no stack [ 518.864151][T11347] usb 5-1: USB disconnect, device number 31 [ 518.870390][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 518.870577][ T9542] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 518.891738][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 518.938650][ T9542] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.943298][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 518.963352][ T9542] pvrusb2: Hardware description: Terratec Grabster AV400 [ 518.968152][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 518.974942][T11390] netlink: 'syz.4.1506': attribute type 1 has an invalid length. [ 518.990896][ T9542] pvrusb2: ********** [ 518.996875][ T9542] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 519.031276][ T7256] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 519.059113][ T9542] pvrusb2: Important functionality might not be entirely working. [ 519.060516][ T7256] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 519.087430][ T9542] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 519.099110][ T9542] pvrusb2: ********** [ 519.109874][ T7256] usb 3-1: USB disconnect, device number 40 [ 519.162523][ T2338] pvrusb2: Invalid write control endpoint [ 519.230533][ T2338] pvrusb2: Invalid write control endpoint [ 519.247827][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 519.267381][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 519.279639][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 519.291498][ T2338] pvrusb2: Device being rendered inoperable [ 519.299761][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 519.309897][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 519.321389][ T2338] pvrusb2: Attached sub-driver cx25840 [ 519.327030][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 519.337569][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 519.907868][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 519.917825][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 519.926695][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 519.935529][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 519.944643][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 519.989953][T11406] Failed to initialize the IGMP autojoin socket (err -2) [ 520.023037][ T9542] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 520.192936][ T9542] usb 4-1: Using ep0 maxpacket: 16 [ 520.213725][ T9542] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 520.230580][T11406] chnl_net:caif_netlink_parms(): no params data found [ 520.246780][ T9542] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 520.290348][ T9542] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 520.331075][ T9542] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.374921][ T9542] usb 4-1: config 0 descriptor?? [ 520.412630][T11406] smc: adding net device wg2 with user defined pnetid S [ 520.548387][T11406] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.587588][T11406] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.605411][T11406] bridge_slave_0: entered allmulticast mode [ 520.625156][T11406] bridge_slave_0: entered promiscuous mode [ 520.686330][T11406] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.693624][T11406] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.700898][T11406] bridge_slave_1: entered allmulticast mode [ 520.708648][T11406] bridge_slave_1: entered promiscuous mode [ 520.742425][T11347] usb 2-1: USB disconnect, device number 36 [ 520.787177][ T9542] usbhid 4-1:0.0: can't add hid device: -71 [ 520.817346][ T9542] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 520.872052][ T9542] usb 4-1: USB disconnect, device number 30 [ 520.943561][T11406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.022951][ T790] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 521.079878][T11406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 521.244444][ T790] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 521.262849][ T790] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 521.275970][ T790] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 521.300544][ T790] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 521.310851][ T790] usb 3-1: SerialNumber: syz [ 521.423354][T11406] team0: Port device team_slave_0 added [ 522.022820][ T5813] Bluetooth: hci5: command tx timeout [ 522.056197][ T790] usb 3-1: 0:2 : does not exist [ 522.109890][ T790] usb 3-1: unit 5 not found! [ 522.238233][T11406] team0: Port device team_slave_1 added [ 522.373876][T11440] tipc: Enabling of bearer rejected, failed to enable media [ 522.436509][ T790] usb 3-1: USB disconnect, device number 41 [ 522.522251][T11406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 522.561425][T11406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 522.593012][T11406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 522.728100][T11406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 522.894069][T11406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 522.953442][T11406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 523.219051][T11406] hsr_slave_0: entered promiscuous mode [ 523.232194][T11406] hsr_slave_1: entered promiscuous mode [ 523.240712][T11406] debugfs: 'hsr0' already exists in 'hsr' [ 523.246572][T11406] Cannot create hsr debugfs directory [ 523.342993][ T9542] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 523.543530][ T9542] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 523.571258][ T9542] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.582810][T11347] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 523.600015][ T9542] usb 4-1: Product: syz [ 523.662992][ T9542] usb 4-1: Manufacturer: syz [ 523.678105][ T9542] usb 4-1: SerialNumber: syz [ 523.735522][T11347] usb 3-1: Using ep0 maxpacket: 8 [ 523.951834][T11347] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 524.084819][T11347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.106837][ T5813] Bluetooth: hci5: command tx timeout [ 524.123507][T11347] pvrusb2: Hardware description: Terratec Grabster AV400 [ 524.130564][T11347] pvrusb2: ********** [ 524.138899][T11347] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 524.150697][T11347] pvrusb2: Important functionality might not be entirely working. [ 524.159971][T11347] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 524.171980][T11347] pvrusb2: ********** [ 524.274610][T11406] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 524.343520][T11476] netlink: 'syz.1.1525': attribute type 1 has an invalid length. [ 525.243348][T11479] delete_channel: no stack [ 525.500796][T11406] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 525.530421][ T9542] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 525.542865][ T2338] pvrusb2: Invalid write control endpoint [ 525.567666][T11406] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 525.586424][ T9542] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 525.620246][ T2338] pvrusb2: Invalid write control endpoint [ 525.635248][T11406] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 525.644856][ T9542] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 525.673180][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 525.677852][ T9542] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 525.685695][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 525.695411][ T9542] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 525.701979][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 525.720577][ T9542] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 525.727067][ T2338] pvrusb2: Device being rendered inoperable [ 525.739951][ T9542] usb 4-1: USB disconnect, device number 31 [ 525.819467][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 525.826897][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 525.851079][ T2338] pvrusb2: Attached sub-driver cx25840 [ 525.857174][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 525.868743][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 526.172989][ T5813] Bluetooth: hci5: command tx timeout [ 526.543079][ T9542] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 526.723662][T11406] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.732197][ T9542] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 526.999144][ T9542] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 527.322893][ T5882] usb 3-1: USB disconnect, device number 42 [ 527.330928][ T9542] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 527.340271][ T9542] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 527.348548][ T9542] usb 2-1: SerialNumber: syz [ 527.375876][ T1655] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.383058][ T1655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 527.552343][ T1655] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.559498][ T1655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 527.600657][ T9542] usb 2-1: 0:2 : does not exist [ 527.624480][ T29] audit: type=1400 audit(2000000209.960:580): avc: denied { listen } for pid=11500 comm="syz.2.1531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 527.627621][ T9542] usb 2-1: unit 5 not found! [ 527.758467][T11506] tipc: Enabling of bearer rejected, failed to enable media [ 527.765748][ T9542] usb 2-1: USB disconnect, device number 37 [ 527.804577][T11508] Failed to initialize the IGMP autojoin socket (err -2) [ 527.811507][T11414] udevd[11414]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 528.252854][ T5813] Bluetooth: hci5: command tx timeout [ 529.531835][T11541] netlink: 'syz.4.1537': attribute type 1 has an invalid length. [ 529.777012][T11406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.004708][T11347] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 530.214290][ T5882] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 530.235839][T11347] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 530.259077][T11347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.301691][T11347] usb 4-1: Product: syz [ 530.319586][T11347] usb 4-1: Manufacturer: syz [ 530.329963][T11347] usb 4-1: SerialNumber: syz [ 530.393372][ T5882] usb 5-1: Using ep0 maxpacket: 8 [ 530.411397][ T5882] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 530.425512][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.443581][ T5882] pvrusb2: Hardware description: Terratec Grabster AV400 [ 530.459751][ T5882] pvrusb2: ********** [ 530.475337][ T5882] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 530.662135][ T5882] pvrusb2: Important functionality might not be entirely working. [ 530.707016][ T5882] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 530.729974][ T5882] pvrusb2: ********** [ 530.775258][ T2338] pvrusb2: Invalid write control endpoint [ 530.906680][ T2338] pvrusb2: Invalid write control endpoint [ 530.926118][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 531.087226][T11406] veth0_vlan: entered promiscuous mode [ 531.354683][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 531.409971][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 531.434767][T11406] veth1_vlan: entered promiscuous mode [ 531.452957][ T2338] pvrusb2: Device being rendered inoperable [ 531.487538][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 531.550014][T11558] delete_channel: no stack [ 531.700252][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 531.851397][ T2338] pvrusb2: Attached sub-driver cx25840 [ 531.876963][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 531.922353][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 532.004876][T11406] veth0_macvtap: entered promiscuous mode [ 532.090389][T11406] veth1_macvtap: entered promiscuous mode [ 532.614515][T11406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 532.778859][T11406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 532.842575][T11406] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 532.926797][T11406] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 533.066208][ T47] usb 5-1: USB disconnect, device number 32 [ 533.132974][T11406] wireguard: wg0: Could not create IPv4 socket [ 533.157592][T11567] bond0: entered promiscuous mode [ 533.169338][T11567] bond_slave_0: entered promiscuous mode [ 533.190544][T11567] bond_slave_1: entered promiscuous mode [ 533.246487][T11567] bond0: left promiscuous mode [ 533.251319][T11567] bond_slave_0: left promiscuous mode [ 533.346004][T11567] bond_slave_1: left promiscuous mode [ 533.390893][T11406] wireguard: wg1: Could not create IPv4 socket [ 533.480286][T11572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.490479][T11572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.860590][T11406] wireguard: wg2: Could not create IPv4 socket [ 535.534076][T11587] netlink: 'syz.4.1549': attribute type 1 has an invalid length. [ 535.966498][T11347] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -ETIMEDOUT [ 535.987899][T11347] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -ETIMEDOUT [ 536.169942][T11347] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 536.182276][ T5960] block nbd0: Possible stuck request ffff888027938000: control (read@0,1024B). Runtime 450 seconds [ 536.194091][ T5960] block nbd0: Possible stuck request ffff888027938200: control (read@1024,1024B). Runtime 450 seconds [ 536.206225][ T5960] block nbd0: Possible stuck request ffff888027938400: control (read@2048,1024B). Runtime 450 seconds [ 536.219524][ T5960] block nbd0: Possible stuck request ffff888027938600: control (read@3072,1024B). Runtime 450 seconds [ 536.230787][T11347] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 536.246211][T11347] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 536.315713][T11347] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32 [ 536.493507][T11581] Failed to initialize the IGMP autojoin socket (err -2) [ 536.976181][T11605] Failed to initialize the IGMP autojoin socket (err -2) [ 537.590240][ T5882] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 537.868102][ T5882] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 537.883332][ T47] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 537.891015][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.912337][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 537.923327][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 537.941951][ T5882] usb 2-1: Product: syz [ 537.946608][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 537.946853][ T5882] usb 2-1: Manufacturer: syz [ 538.049210][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 538.063365][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 538.102437][ T5882] usb 2-1: SerialNumber: syz [ 538.132790][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 538.140922][ T47] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 538.159512][ T47] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 538.175386][T11620] siw: device registration error -23 [ 538.495100][T11615] Failed to initialize the IGMP autojoin socket (err -2) [ 538.507893][ T47] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 538.535774][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.556489][ T47] usb 3-1: Product: syz [ 538.561753][ T47] usb 3-1: Manufacturer: syz [ 538.566891][ T47] usb 3-1: SerialNumber: syz [ 540.302922][ T5813] Bluetooth: hci5: command tx timeout [ 540.378511][ T47] usb 3-1: 0:2 : does not exist [ 540.431025][ T47] usb 3-1: USB disconnect, device number 43 [ 540.766838][T11419] udevd[11419]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 541.163344][T11652] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1557'. [ 541.860872][T11659] overlay: ./file1 is not a directory [ 542.286923][ T790] usb 4-1: USB disconnect, device number 32 [ 542.333136][ T5130] Bluetooth: hci5: command tx timeout [ 542.539138][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 542.590949][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 542.636595][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 542.687444][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 542.723167][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 542.795307][ T5882] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 542.835125][ T5882] usb 2-1: USB disconnect, device number 38 [ 543.252154][T11674] netlink: 'syz.4.1563': attribute type 1 has an invalid length. [ 543.270227][T11668] Failed to initialize the IGMP autojoin socket (err -2) [ 543.329297][T11680] tipc: Enabled bearer , priority 0 [ 543.475736][T11677] tipc: Resetting bearer [ 543.587474][T11675] tipc: Disabling bearer [ 544.186775][T11615] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 544.285881][T11703] overlay: ./file1 is not a directory [ 544.436872][ T5130] Bluetooth: hci5: command tx timeout [ 545.296330][T11615] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 546.507390][ T5130] Bluetooth: hci5: command tx timeout [ 546.919844][T11727] overlay: ./file1 is not a directory [ 547.306235][T11615] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 547.375538][T11615] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 547.710094][T11731] netlink: 'syz.2.1575': attribute type 1 has an invalid length. [ 548.055989][T11743] FAULT_INJECTION: forcing a failure. [ 548.055989][T11743] name failslab, interval 1, probability 0, space 0, times 0 [ 548.105598][T11743] CPU: 1 UID: 0 PID: 11743 Comm: syz.2.1579 Tainted: G L syzkaller #0 PREEMPT(full) [ 548.105632][T11743] Tainted: [L]=SOFTLOCKUP [ 548.105639][T11743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.105649][T11743] Call Trace: [ 548.105656][T11743] [ 548.105663][T11743] dump_stack_lvl+0x100/0x190 [ 548.105698][T11743] should_fail_ex.cold+0x5/0xa [ 548.105723][T11743] should_failslab+0xc2/0x120 [ 548.105749][T11743] __kmalloc_cache_noprof+0x7a/0x6f0 [ 548.105779][T11743] ? copy_mount_options+0x55/0x190 [ 548.105805][T11743] copy_mount_options+0x55/0x190 [ 548.105827][T11743] __x64_sys_mount+0x1ab/0x310 [ 548.105857][T11743] ? __pfx___x64_sys_mount+0x10/0x10 [ 548.105894][T11743] do_syscall_64+0x106/0xf80 [ 548.105918][T11743] ? clear_bhb_loop+0x40/0x90 [ 548.105942][T11743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.105962][T11743] RIP: 0033:0x7f5d2199bf79 [ 548.105978][T11743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.105995][T11743] RSP: 002b:00007f5d227a9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 548.106014][T11743] RAX: ffffffffffffffda RBX: 00007f5d21c15fa0 RCX: 00007f5d2199bf79 [ 548.106026][T11743] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 548.106036][T11743] RBP: 00007f5d227a9090 R08: 0000200000000400 R09: 0000000000000000 [ 548.106047][T11743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.106058][T11743] R13: 00007f5d21c16038 R14: 00007f5d21c15fa0 R15: 00007ffe4278a328 [ 548.106083][T11743] [ 548.386026][T11746] FAULT_INJECTION: forcing a failure. [ 548.386026][T11746] name failslab, interval 1, probability 0, space 0, times 0 [ 548.398993][T11746] CPU: 0 UID: 0 PID: 11746 Comm: syz.2.1581 Tainted: G L syzkaller #0 PREEMPT(full) [ 548.399023][T11746] Tainted: [L]=SOFTLOCKUP [ 548.399028][T11746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.399038][T11746] Call Trace: [ 548.399044][T11746] [ 548.399051][T11746] dump_stack_lvl+0x100/0x190 [ 548.399084][T11746] should_fail_ex.cold+0x5/0xa [ 548.399107][T11746] should_failslab+0xc2/0x120 [ 548.399130][T11746] __kmalloc_cache_noprof+0x7a/0x6f0 [ 548.399156][T11746] ? alloc_fs_context+0x57/0xf40 [ 548.399182][T11746] ? lockdep_hardirqs_on+0x78/0x100 [ 548.399209][T11746] alloc_fs_context+0x57/0xf40 [ 548.399239][T11746] __x64_sys_fsopen+0xed/0x220 [ 548.399258][T11746] do_syscall_64+0x106/0xf80 [ 548.399279][T11746] ? clear_bhb_loop+0x40/0x90 [ 548.399301][T11746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.399319][T11746] RIP: 0033:0x7f5d2199bf79 [ 548.399335][T11746] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.399351][T11746] RSP: 002b:00007f5d22788028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 548.399370][T11746] RAX: ffffffffffffffda RBX: 00007f5d21c16090 RCX: 00007f5d2199bf79 [ 548.399381][T11746] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 548.399390][T11746] RBP: 00007f5d22788090 R08: 0000000000000000 R09: 0000000000000000 [ 548.399400][T11746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.399410][T11746] R13: 00007f5d21c16128 R14: 00007f5d21c16090 R15: 00007ffe4278a328 [ 548.399434][T11746] [ 548.954051][T11749] Failed to initialize the IGMP autojoin socket (err -2) [ 549.533006][ T29] audit: type=1400 audit(2000000231.860:581): avc: denied { write } for pid=11765 comm="syz.1.1583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 550.737906][T11780] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1576'. [ 550.754467][T11778] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1576'. [ 551.569110][T11796] netlink: 'syz.1.1588': attribute type 1 has an invalid length. [ 552.508976][T11816] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1590'. [ 552.591004][T11818] dlm: no local IP address has been set [ 552.598174][T11818] dlm: cannot start dlm midcomms -107 [ 552.924625][T11615] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 553.404188][T11615] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 553.862687][T11615] wireguard: wg0: Could not create IPv4 socket [ 553.958467][T11835] overlay: ./file1 is not a directory [ 554.349743][ T9542] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 554.362452][T11615] wireguard: wg1: Could not create IPv4 socket [ 554.415467][T11615] wireguard: wg2: Could not create IPv4 socket [ 554.585741][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.633610][ T9542] usb 4-1: unable to get BOS descriptor or descriptor too short [ 554.651486][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.662622][ T9542] usb 4-1: not running at top speed; connect to a high speed hub [ 554.664817][T11844] Failed to initialize the IGMP autojoin socket (err -2) [ 554.711052][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.729488][ T9542] usb 4-1: config 1 has an invalid interface number: 4 but max is 2 [ 554.749359][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.767144][ T9542] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 554.810946][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.820352][ T9542] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 554.841749][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.856459][ T9542] usb 4-1: config 1 has no interface number 1 [ 554.872108][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.932561][ T9542] usb 4-1: too many endpoints for config 1 interface 4 altsetting 81: 231, using maximum allowed: 30 [ 554.948451][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 554.982870][ T9542] usb 4-1: config 1 interface 4 altsetting 81 has 0 endpoint descriptors, different from the interface descriptor's value: 231 [ 555.008950][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 555.027134][ T790] hid-generic 0000:0000:0004.000D: unknown main item tag 0x0 [ 555.048550][ T9542] usb 4-1: config 1 interface 4 has no altsetting 0 [ 555.065429][ T790] hid-generic 0000:0000:0004.000D: hidraw0: HID v0.03 Device [syz0] on syz1 [ 555.080624][ T9542] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 555.104029][ T9542] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.119268][ T9542] usb 4-1: Product: syz [ 555.399631][ T9542] usb 4-1: Manufacturer: syz [ 555.426684][ T9542] usb 4-1: SerialNumber: syz [ 555.965067][T11864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.973906][T11864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.109551][ T9542] usb 4-1: 0:2 : does not exist [ 556.261976][ T9542] hub 4-1:1.4: Invalid hub with more than one config or interface [ 556.310002][ T9542] hub 4-1:1.4: probe with driver hub failed with error -22 [ 556.397923][ T9542] usb 4-1: USB disconnect, device number 33 [ 556.508202][T11414] udevd[11414]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 557.596356][ T9542] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 558.032815][ T9542] usb 4-1: Using ep0 maxpacket: 8 [ 558.106583][ T9542] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 558.126652][ T9542] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.185845][ T9542] pvrusb2: Hardware description: Terratec Grabster AV400 [ 558.235235][ T9542] pvrusb2: ********** [ 558.239233][ T9542] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 558.273317][ T9542] pvrusb2: Important functionality might not be entirely working. [ 558.302760][ T9542] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 558.324294][ T9542] pvrusb2: ********** [ 558.334199][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 558.370129][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 558.383805][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 558.412868][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 558.421212][ T2338] pvrusb2: Invalid write control endpoint [ 558.440179][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 558.562458][T11889] Failed to initialize the IGMP autojoin socket (err -2) [ 558.731752][ T2338] pvrusb2: Invalid write control endpoint [ 558.744097][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 558.840953][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 559.033274][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 559.290794][ T2338] pvrusb2: Device being rendered inoperable [ 559.344098][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 559.668451][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 559.707377][ T2338] pvrusb2: Attached sub-driver cx25840 [ 559.861695][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 559.922800][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 559.962976][ T9542] usb 4-1: USB disconnect, device number 34 [ 560.753886][ T5813] Bluetooth: hci5: command tx timeout [ 561.254169][ T9542] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 561.832834][ T9542] usb 5-1: Using ep0 maxpacket: 8 [ 561.854046][ T9542] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 561.897509][ T9542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.427767][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.434167][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.517333][ T9542] pvrusb2: Hardware description: Terratec Grabster AV400 [ 562.544224][ T9542] pvrusb2: ********** [ 562.558798][ T9542] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 562.587028][ T9542] pvrusb2: Important functionality might not be entirely working. [ 562.616562][ T9542] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 562.642443][ T9542] pvrusb2: ********** [ 562.722839][ T5942] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 562.765488][ T2338] pvrusb2: Invalid write control endpoint [ 562.766033][T11936] fuse: Bad value for 'fd' [ 562.819580][ T5813] Bluetooth: hci5: command tx timeout [ 562.892838][ T5942] usb 3-1: Using ep0 maxpacket: 8 [ 562.931074][ T5942] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 562.963292][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.972618][T11942] Failed to initialize the IGMP autojoin socket (err -2) [ 562.977148][ T2338] pvrusb2: Invalid write control endpoint [ 562.995220][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 563.331303][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 563.345870][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 563.398024][ T5942] pvrusb2: ********** [ 563.402043][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 563.412215][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 563.422589][ T2338] pvrusb2: Device being rendered inoperable [ 563.516051][ T5942] pvrusb2: Important functionality might not be entirely working. [ 563.525182][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 563.532269][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 563.540278][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 563.553833][ T2338] pvrusb2: Attached sub-driver cx25840 [ 563.560740][ T5942] pvrusb2: ********** [ 563.565060][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 563.858125][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 563.901897][ T2338] pvrusb2: Invalid write control endpoint [ 564.227025][ T2338] pvrusb2: Invalid write control endpoint [ 564.241218][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 564.277851][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 564.309733][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 564.339008][ T2338] pvrusb2: Device being rendered inoperable [ 564.351568][ T2338] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 564.359280][ T2338] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 564.389737][T11889] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 564.397280][ T2338] pvrusb2: Attached sub-driver cx25840 [ 564.418668][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 564.447028][T11889] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 564.482598][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 564.522186][T11889] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 564.685176][T11889] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 564.893371][ T5813] Bluetooth: hci5: command tx timeout [ 565.121656][ T9542] usb 5-1: USB disconnect, device number 33 [ 565.298138][ T29] audit: type=1400 audit(2000000247.620:582): avc: denied { bind } for pid=11959 comm="syz.1.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 565.595727][ T7256] usb 3-1: USB disconnect, device number 44 [ 565.791038][ T9542] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 566.486132][ T5960] block nbd0: Possible stuck request ffff888027938000: control (read@0,1024B). Runtime 480 seconds [ 566.531235][ T5960] block nbd0: Possible stuck request ffff888027938200: control (read@1024,1024B). Runtime 480 seconds [ 566.544714][ T5960] block nbd0: Possible stuck request ffff888027938400: control (read@2048,1024B). Runtime 480 seconds [ 566.555687][ T5960] block nbd0: Possible stuck request ffff888027938600: control (read@3072,1024B). Runtime 480 seconds [ 566.644519][ T9542] usb 5-1: Using ep0 maxpacket: 8 [ 566.783394][ T9542] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 566.792471][ T9542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.862734][ T29] audit: type=1326 audit(2000000249.190:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2199bf79 code=0x7ffc0000 [ 566.886800][ T9542] pvrusb2: Hardware description: Terratec Grabster AV400 [ 566.922385][ T9542] pvrusb2: ********** [ 566.942780][ T9542] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 566.973054][ T9542] pvrusb2: Important functionality might not be entirely working. [ 566.981059][ T29] audit: type=1326 audit(2000000249.210:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5d2195c84e code=0x7ffc0000 [ 567.007154][ T9542] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 567.048896][ T9542] pvrusb2: ********** [ 567.062928][ T5813] Bluetooth: hci5: command tx timeout [ 567.143423][ T29] audit: type=1326 audit(2000000249.210:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5d2199d297 code=0x7ffc0000 [ 567.182669][T11993] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1620'. [ 567.191787][T11993] lo: Caught tx_queue_len zero misconfig [ 567.213635][ T2338] pvrusb2: Invalid write control endpoint [ 567.263105][ T29] audit: type=1326 audit(2000000249.210:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5d2199bf79 code=0x7ffc0000 [ 567.358874][ T29] audit: type=1326 audit(2000000249.210:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5d2199d297 code=0x7ffc0000 [ 567.473941][ T2338] pvrusb2: Invalid write control endpoint [ 567.517245][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 567.545102][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 567.565033][T12002] netlink: 173 bytes leftover after parsing attributes in process `syz.2.1621'. [ 567.582570][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 567.624374][ T29] audit: type=1326 audit(2000000249.220:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5d2195c84e code=0x7ffc0000 [ 567.741652][ T2338] pvrusb2: Device being rendered inoperable [ 567.762773][ T29] audit: type=1326 audit(2000000249.220:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2199bf79 code=0x7ffc0000 [ 567.778298][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 567.918981][ T29] audit: type=1326 audit(2000000249.220:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2199bf79 code=0x7ffc0000 [ 567.960602][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 567.994203][ T2338] pvrusb2: Attached sub-driver cx25840 [ 568.041954][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 568.062227][ T29] audit: type=1326 audit(2000000249.220:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11985 comm="syz.2.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f5d2199bf79 code=0x7ffc0000 [ 568.093774][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 568.343055][ T7256] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 568.428885][T11889] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 568.491093][T11889] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 568.526970][ T7256] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 568.663355][ T5942] usb 5-1: USB disconnect, device number 34 [ 568.683182][ T7256] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 568.706205][T11889] wireguard: wg0: Could not create IPv4 socket [ 568.738415][T11889] wireguard: wg1: Could not create IPv4 socket [ 568.749687][ T7256] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 568.767248][T11889] wireguard: wg2: Could not create IPv4 socket [ 568.773615][ T7256] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.781597][ T7256] usb 2-1: Product: syz [ 568.819518][ T7256] usb 2-1: Manufacturer: syz [ 568.859435][ T7256] usb 2-1: SerialNumber: syz [ 568.884980][ T7256] usb 2-1: config 0 descriptor?? [ 568.898674][ T7256] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -90 [ 569.140615][T12012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.522044][T12012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.588464][ T5882] usb 2-1: USB disconnect, device number 39 [ 569.971917][T12039] netlink: 'syz.3.1625': attribute type 1 has an invalid length. [ 570.011208][T12041] Failed to initialize the IGMP autojoin socket (err -2) [ 570.248572][T12047] FAULT_INJECTION: forcing a failure. [ 570.248572][T12047] name failslab, interval 1, probability 0, space 0, times 0 [ 570.261441][T12047] CPU: 0 UID: 0 PID: 12047 Comm: syz.3.1626 Tainted: G L syzkaller #0 PREEMPT(full) [ 570.261468][T12047] Tainted: [L]=SOFTLOCKUP [ 570.261474][T12047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 570.261484][T12047] Call Trace: [ 570.261490][T12047] [ 570.261496][T12047] dump_stack_lvl+0x100/0x190 [ 570.261528][T12047] should_fail_ex.cold+0x5/0xa [ 570.261573][T12047] should_failslab+0xc2/0x120 [ 570.261596][T12047] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 570.261615][T12047] ? sock_alloc_inode+0x25/0x1c0 [ 570.261643][T12047] ? __pfx_sock_alloc_inode+0x10/0x10 [ 570.261668][T12047] sock_alloc_inode+0x25/0x1c0 [ 570.261691][T12047] alloc_inode+0x68/0x250 [ 570.261710][T12047] sock_alloc+0x44/0x280 [ 570.261734][T12047] do_accept+0xf9/0x530 [ 570.261757][T12047] ? do_raw_spin_lock+0x128/0x260 [ 570.261774][T12047] ? __pfx_do_accept+0x10/0x10 [ 570.261808][T12047] __sys_accept4+0x108/0x200 [ 570.261827][T12047] ? __pfx___sys_accept4+0x10/0x10 [ 570.261844][T12047] ? ksys_write+0x1ac/0x250 [ 570.261865][T12047] ? rcu_is_watching+0x12/0xc0 [ 570.261886][T12047] __x64_sys_accept+0x74/0xb0 [ 570.261904][T12047] ? lockdep_hardirqs_on+0x78/0x100 [ 570.261927][T12047] do_syscall_64+0x106/0xf80 [ 570.261949][T12047] ? clear_bhb_loop+0x40/0x90 [ 570.261971][T12047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.261988][T12047] RIP: 0033:0x7fe47459bf79 [ 570.262002][T12047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 570.262018][T12047] RSP: 002b:00007fe4753d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 570.262036][T12047] RAX: ffffffffffffffda RBX: 00007fe474816180 RCX: 00007fe47459bf79 [ 570.262047][T12047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 570.262056][T12047] RBP: 00007fe4753d7090 R08: 0000000000000000 R09: 0000000000000000 [ 570.262066][T12047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.262076][T12047] R13: 00007fe474816218 R14: 00007fe474816180 R15: 00007ffc628521f8 [ 570.262099][T12047] [ 572.272453][T12073] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 573.686168][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 573.696866][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 573.712947][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 573.736135][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 573.756555][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 573.814902][T12100] Failed to initialize the IGMP autojoin socket (err -2) [ 573.832809][ T5882] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 573.912950][ T9542] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 574.128644][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 574.140190][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.178219][ T9542] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 574.193020][ T9542] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 574.202147][ T5882] usb 3-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00 [ 574.211250][ T9542] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 574.220914][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.229227][ T9542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.239588][ T5882] usb 3-1: config 0 descriptor?? [ 574.269671][ T9542] usb 5-1: config 0 descriptor?? [ 574.678669][ T5882] hid_parser_main: 91 callbacks suppressed [ 574.678684][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.754304][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.794058][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.801439][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.809449][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.862072][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.890122][ T5882] magicmouse 0003:05AC:0324.000E: unknown main item tag 0x0 [ 574.958585][T12096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.967476][T12096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.005147][ T5882] magicmouse 0003:05AC:0324.000E: hidraw0: USB HID v0.00 Device [HID 05ac:0324] on usb-dummy_hcd.2-1/input0 [ 575.508572][T12100] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 575.562610][T12100] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 575.869939][ T5130] Bluetooth: hci5: command tx timeout [ 575.871723][T12100] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 575.931025][ T7256] usb 3-1: USB disconnect, device number 45 [ 575.995509][T12100] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 576.854354][ T9542] usb 5-1: USB disconnect, device number 35 [ 577.073044][T11347] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 577.170385][T12163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1644'. [ 577.179597][T12163] netlink: 'syz.2.1644': attribute type 5 has an invalid length. [ 577.187398][T12163] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1644'. [ 577.334997][T11347] usb 4-1: Using ep0 maxpacket: 8 [ 577.505413][T12163] geneve2: entered promiscuous mode [ 577.510775][T12163] geneve2: entered allmulticast mode [ 577.555210][T11347] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 577.581950][T11347] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.650286][T11347] pvrusb2: Hardware description: Terratec Grabster AV400 [ 577.674477][T11347] pvrusb2: ********** [ 577.688871][T11347] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 577.725151][T11347] pvrusb2: Important functionality might not be entirely working. [ 577.795105][T11347] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 577.882782][T11347] pvrusb2: ********** [ 577.892344][ T2338] pvrusb2: Invalid write control endpoint [ 577.932839][ T5130] Bluetooth: hci5: command tx timeout [ 578.833835][ T2338] pvrusb2: Invalid write control endpoint [ 578.839603][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 579.035611][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 579.125795][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 579.155015][ T2338] pvrusb2: Device being rendered inoperable [ 579.171823][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 579.186181][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 579.206053][T12175] vivid-007: disconnect [ 579.219415][ T2338] pvrusb2: Attached sub-driver cx25840 [ 579.235230][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 579.261660][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 579.322358][T12173] vivid-007: reconnect [ 579.958477][ T7256] usb 4-1: USB disconnect, device number 35 [ 580.012783][ T5130] Bluetooth: hci5: command tx timeout [ 580.084121][T12209] bond0: entered promiscuous mode [ 580.089207][T12209] bond_slave_0: entered promiscuous mode [ 580.106757][T12209] bond_slave_1: entered promiscuous mode [ 580.125332][T12209] batadv0: entered promiscuous mode [ 580.137154][T12209] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 580.151222][T12213] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1654'. [ 580.161532][T12209] hsr1: entered promiscuous mode [ 580.176931][T12209] hsr1: entered allmulticast mode [ 580.185526][T12209] bond0: entered allmulticast mode [ 580.199708][T12209] bond_slave_0: entered allmulticast mode [ 580.207331][T12209] bond_slave_1: entered allmulticast mode [ 580.222938][T12209] batadv0: entered allmulticast mode [ 580.231065][T12209] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 580.251189][T12209] bond0: left promiscuous mode [ 580.258212][T12209] bond_slave_0: left promiscuous mode [ 580.273077][T12209] bond_slave_1: left promiscuous mode [ 580.284077][T12209] batadv0: left promiscuous mode [ 580.921614][ T7256] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 581.049128][T12100] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 581.112796][ T7256] usb 4-1: Using ep0 maxpacket: 8 [ 581.132905][ T7256] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 581.162798][T12100] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 581.192803][ T7256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.232293][ T7256] pvrusb2: Hardware description: Terratec Grabster AV400 [ 581.307473][T12100] wireguard: wg0: Could not create IPv4 socket [ 581.565539][T12100] wireguard: wg1: Could not create IPv4 socket [ 582.097125][ T7256] pvrusb2: ********** [ 582.101230][ T7256] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 582.122110][ T7256] pvrusb2: Important functionality might not be entirely working. [ 582.130094][ T7256] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 582.133046][T12100] wireguard: wg2: Could not create IPv4 socket [ 582.141490][ T7256] pvrusb2: ********** [ 582.156638][ T5130] Bluetooth: hci5: command tx timeout [ 582.183783][ T2338] pvrusb2: Invalid write control endpoint [ 582.574431][ T2338] pvrusb2: Invalid write control endpoint [ 582.580190][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 582.602820][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 582.610401][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 582.637156][ T2338] pvrusb2: Device being rendered inoperable [ 582.644468][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 582.651621][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 582.680913][ T2338] pvrusb2: Attached sub-driver cx25840 [ 582.705523][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 582.732916][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 583.003143][ T7256] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 583.185812][ T7256] usb 2-1: Using ep0 maxpacket: 8 [ 583.216727][ T7256] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 583.256198][ T7256] usb 2-1: config 0 has no interface number 0 [ 583.265924][ T7256] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 583.349365][ T7256] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8 [ 583.408318][ T7256] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 583.476813][ T7256] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 583.520487][ T7256] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 583.540091][ T7256] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 583.560681][ T7256] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.581938][ T7256] usb 2-1: Product: syz [ 583.592833][ T7256] usb 2-1: Manufacturer: syz [ 583.599743][ T7256] usb 2-1: SerialNumber: syz [ 583.651219][T12268] netlink: 'syz.2.1665': attribute type 1 has an invalid length. [ 583.680281][ T7256] usb 2-1: config 0 descriptor?? [ 583.754364][T12271] syzkaller0: entered promiscuous mode [ 583.759903][T12271] syzkaller0: entered allmulticast mode [ 583.806338][T11347] usb 4-1: USB disconnect, device number 36 [ 583.912438][ T7256] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 584.518285][T12297] fuse: Bad value for 'user_id' [ 584.523265][T12297] fuse: Bad value for 'user_id' [ 585.003176][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 585.003192][ T29] audit: type=1400 audit(2000000267.340:600): avc: denied { read } for pid=12302 comm="syz.4.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 585.670890][ T29] audit: type=1400 audit(2000000267.930:601): avc: denied { create } for pid=12313 comm="syz.4.1671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 585.963655][T12318] ieee802154 phy0 wpan0: encryption failed: -22 [ 586.029778][ T29] audit: type=1400 audit(2000000268.300:602): avc: denied { write } for pid=12313 comm="syz.4.1671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 586.212884][ T7256] usb 2-1: USB disconnect, device number 40 [ 586.275433][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 586.292091][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 586.306996][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 586.331045][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 586.350556][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 586.533185][T11347] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 586.632465][T12320] Failed to initialize the IGMP autojoin socket (err -2) [ 587.185963][T11347] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 587.249565][T11347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.287530][T11347] usb 3-1: Product: syz [ 587.322044][T11347] usb 3-1: Manufacturer: syz [ 587.396510][T12339] netlink: 'syz.1.1676': attribute type 1 has an invalid length. [ 587.607347][T11347] usb 3-1: SerialNumber: syz [ 587.827670][T12345] syzkaller0: entered promiscuous mode [ 587.836075][T12345] syzkaller0: entered allmulticast mode [ 587.845647][T12349] Failed to initialize the IGMP autojoin socket (err -2) [ 588.133410][ T5909] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 588.136507][T11347] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 588.215676][T11347] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 588.336936][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 588.359942][ T5909] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 588.396400][T12361] input: syz0 as /devices/virtual/input/input28 [ 588.403133][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.414415][ T5813] Bluetooth: hci5: command tx timeout [ 588.457651][ T5909] pvrusb2: Hardware description: Terratec Grabster AV400 [ 588.466779][ T5909] pvrusb2: ********** [ 588.474400][ T5909] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 588.496473][ T5909] pvrusb2: Important functionality might not be entirely working. [ 588.512477][ T5909] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 588.532590][ T5909] pvrusb2: ********** [ 588.660773][ T2338] pvrusb2: Invalid write control endpoint [ 588.758496][T12373] FAULT_INJECTION: forcing a failure. [ 588.758496][T12373] name failslab, interval 1, probability 0, space 0, times 0 [ 588.771305][T12373] CPU: 0 UID: 0 PID: 12373 Comm: syz.4.1681 Tainted: G L syzkaller #0 PREEMPT(full) [ 588.771331][T12373] Tainted: [L]=SOFTLOCKUP [ 588.771337][T12373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 588.771346][T12373] Call Trace: [ 588.771353][T12373] [ 588.771359][T12373] dump_stack_lvl+0x100/0x190 [ 588.771388][T12373] should_fail_ex.cold+0x5/0xa [ 588.771405][T12373] should_failslab+0xc2/0x120 [ 588.771421][T12373] __kmalloc_cache_noprof+0x7a/0x6f0 [ 588.771439][T12373] ? smb3_init_fs_context+0xb1/0xb90 [ 588.771458][T12373] ? alloc_fs_context+0xaff/0xf40 [ 588.771483][T12373] ? smb3_init_fs_context+0x1c/0xb90 [ 588.771509][T12373] smb3_init_fs_context+0xb1/0xb90 [ 588.771536][T12373] alloc_fs_context+0x60c/0xf40 [ 588.771557][T12373] __x64_sys_fsopen+0xed/0x220 [ 588.771570][T12373] do_syscall_64+0x106/0xf80 [ 588.771586][T12373] ? clear_bhb_loop+0x40/0x90 [ 588.771602][T12373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.771619][T12373] RIP: 0033:0x7ff18f79bf79 [ 588.771634][T12373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 588.771649][T12373] RSP: 002b:00007ff1905a5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 588.771665][T12373] RAX: ffffffffffffffda RBX: 00007ff18fa16090 RCX: 00007ff18f79bf79 [ 588.771675][T12373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 588.771684][T12373] RBP: 00007ff1905a5090 R08: 0000000000000000 R09: 0000000000000000 [ 588.771691][T12373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 588.771697][T12373] R13: 00007ff18fa16128 R14: 00007ff18fa16090 R15: 00007ffea36416a8 [ 588.771711][T12373] [ 589.320390][ T2338] pvrusb2: Invalid write control endpoint [ 589.323653][ T5882] usb 4-1: USB disconnect, device number 37 [ 589.343078][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 589.352431][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 589.360978][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 589.409455][ T2338] pvrusb2: Device being rendered inoperable [ 589.416853][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 589.429566][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 590.492784][ T5813] Bluetooth: hci5: command tx timeout [ 590.532819][T11347] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 590.575375][ T2338] pvrusb2: Attached sub-driver cx25840 [ 590.580867][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 590.595584][T11347] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 590.633242][T11347] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 590.652825][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 590.671605][T11347] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 590.739043][T11347] usb 3-1: USB disconnect, device number 46 [ 590.882566][T12388] dlm: no local IP address has been set [ 590.917571][T12388] dlm: cannot start dlm midcomms -107 [ 590.935618][T12390] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1685'. [ 591.429541][T12320] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 591.471887][T12390] dlm: no local IP address has been set [ 591.477547][T12390] dlm: cannot start dlm midcomms -107 [ 591.550247][T12320] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 591.588847][T12320] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 591.637312][T12320] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 591.732909][T11347] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 592.100190][T11347] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 592.212881][T11347] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.251570][T11347] usb 5-1: Product: syz [ 592.269498][T11347] usb 5-1: Manufacturer: syz [ 592.296221][T11347] usb 5-1: SerialNumber: syz [ 593.006726][ T5813] Bluetooth: hci5: command tx timeout [ 594.212799][ T29] audit: type=1400 audit(2000000276.460:603): avc: denied { read } for pid=12442 comm="syz.3.1693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 594.550439][T12399] delete_channel: no stack [ 595.038296][T12454] netlink: 'syz.3.1694': attribute type 1 has an invalid length. [ 595.064291][ T5813] Bluetooth: hci5: command tx timeout [ 595.355471][T12320] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 595.417563][T12320] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 595.642966][T12466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1695'. [ 595.684810][ T5882] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 595.724226][T12320] wireguard: wg0: Could not create IPv4 socket [ 595.754292][T12320] wireguard: wg1: Could not create IPv4 socket [ 595.761738][T12320] wireguard: wg2: Could not create IPv4 socket [ 595.843466][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 595.860251][ T5882] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 595.889975][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.965217][ T5882] pvrusb2: Hardware description: Terratec Grabster AV400 [ 595.981290][ T5882] pvrusb2: ********** [ 595.986397][ T5882] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 595.996746][ T5882] pvrusb2: Important functionality might not be entirely working. [ 596.004705][ T5882] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 596.022871][ T5882] pvrusb2: ********** [ 596.160265][ T2338] pvrusb2: Invalid write control endpoint [ 596.990768][ T5960] block nbd0: Possible stuck request ffff888027938000: control (read@0,1024B). Runtime 510 seconds [ 597.003077][ T5960] block nbd0: Possible stuck request ffff888027938200: control (read@1024,1024B). Runtime 510 seconds [ 597.014183][ T5960] block nbd0: Possible stuck request ffff888027938400: control (read@2048,1024B). Runtime 510 seconds [ 597.025372][ T5960] block nbd0: Possible stuck request ffff888027938600: control (read@3072,1024B). Runtime 510 seconds [ 597.437608][ T2338] pvrusb2: Invalid write control endpoint [ 597.489221][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 597.555383][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 597.581977][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 597.670231][ T2338] pvrusb2: Device being rendered inoperable [ 597.680619][T12489] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1699'. [ 597.753466][T12492] dlm: no local IP address has been set [ 597.759211][T12492] dlm: cannot start dlm midcomms -107 [ 598.219535][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 598.254804][T11347] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -ETIMEDOUT [ 598.310022][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 598.370805][ T5942] usb 3-1: USB disconnect, device number 47 [ 598.376821][T11347] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -ETIMEDOUT [ 598.393888][ T2338] pvrusb2: Attached sub-driver cx25840 [ 598.402379][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 598.433922][T11347] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 598.453335][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 598.480058][T11347] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 598.719843][T11347] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 598.821082][ T5909] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 598.961098][T11347] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32 [ 599.049886][T12508] siw: device registration error -23 [ 599.074198][T12508] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 599.571496][T12514] Failed to initialize the IGMP autojoin socket (err -2) [ 601.021418][ T5882] usb 5-1: USB disconnect, device number 36 [ 601.293449][T12542] Failed to initialize the IGMP autojoin socket (err -2) [ 601.585224][T11347] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 602.365290][T12552] SELinux: policydb magic number 0x4bb04 does not match expected magic number 0xf97cff8c [ 602.376127][T12552] SELinux: failed to load policy [ 603.062188][T11347] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 603.080091][T11347] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.119039][T11347] usb 2-1: Product: syz [ 603.273816][T11347] usb 2-1: Manufacturer: syz [ 603.371936][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 603.398101][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 603.411503][T11347] usb 2-1: SerialNumber: syz [ 603.423539][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 603.439583][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 603.447253][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 603.498167][T12558] Failed to initialize the IGMP autojoin socket (err -2) [ 604.716384][T12573] delete_channel: no stack [ 605.251962][T11347] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 605.315059][T11347] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 605.323649][T12577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1712'. [ 605.411900][T12577] dlm: no local IP address has been set [ 605.417580][T12577] dlm: cannot start dlm midcomms -107 [ 605.455513][T11347] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 605.483946][T11347] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 605.516015][T11347] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 605.533103][ T5813] Bluetooth: hci5: command tx timeout [ 605.607750][T11347] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 605.711973][T11347] usb 2-1: USB disconnect, device number 41 [ 605.832877][ T5882] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 605.853203][T12587] Failed to initialize the IGMP autojoin socket (err -2) [ 606.036971][ T5882] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 606.070555][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.102821][ T5882] usb 4-1: Product: syz [ 606.107038][ T5882] usb 4-1: Manufacturer: syz [ 606.111636][ T5882] usb 4-1: SerialNumber: syz [ 606.803589][ T5942] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 606.862303][T12558] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 606.906014][T12558] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 607.012869][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 607.672810][T12610] delete_channel: no stack [ 608.125184][ T5813] Bluetooth: hci5: command tx timeout [ 608.161384][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 608.173299][T12558] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 608.185773][ T5942] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 608.185822][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 608.205238][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.236068][T12558] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 608.238232][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 608.258884][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 608.304431][ T5942] pvrusb2: ********** [ 608.308574][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 608.323314][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 608.324826][ T5942] pvrusb2: Important functionality might not be entirely working. [ 608.341727][ T5882] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 608.371793][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 608.374846][ T5882] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 608.464947][ T5942] pvrusb2: ********** [ 608.499524][ T2338] pvrusb2: Invalid write control endpoint [ 608.854162][ T5882] usb 4-1: USB disconnect, device number 39 [ 609.383664][ T2338] pvrusb2: Invalid write control endpoint [ 609.427359][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 609.449686][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 609.477591][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 609.574729][ T2338] pvrusb2: Device being rendered inoperable [ 609.596703][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 609.752783][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 609.762469][ T29] audit: type=1400 audit(2000000292.060:604): avc: denied { lock } for pid=12638 comm="syz.2.1721" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40594 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 609.790812][ T2338] pvrusb2: Attached sub-driver cx25840 [ 609.804479][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 609.818614][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 610.175900][ T5813] Bluetooth: hci5: command tx timeout [ 610.453367][ T5882] usb 5-1: USB disconnect, device number 37 [ 611.125947][T12667] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 611.499151][ T29] audit: type=1400 audit(2000000293.450:605): avc: denied { read } for pid=12661 comm="syz.3.1719" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 611.549013][ T29] audit: type=1400 audit(2000000293.450:606): avc: denied { open } for pid=12661 comm="syz.3.1719" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 611.636682][T12666] bond0: entered promiscuous mode [ 611.652922][T12666] bond_slave_0: entered promiscuous mode [ 611.665185][T12666] bond_slave_1: entered promiscuous mode [ 611.683316][ T29] audit: type=1400 audit(2000000293.480:607): avc: denied { ioctl } for pid=12661 comm="syz.3.1719" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x3b80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 611.709105][T12666] bond0: left promiscuous mode [ 611.723227][T12666] bond_slave_0: left promiscuous mode [ 611.729753][T12666] bond_slave_1: left promiscuous mode [ 611.833544][T12674] Failed to initialize the IGMP autojoin socket (err -2) [ 612.198019][ T29] audit: type=1400 audit(2000000294.530:608): avc: denied { read } for pid=12681 comm="syz.2.1728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 612.273542][ T5813] Bluetooth: hci5: command tx timeout [ 612.540071][T12558] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 612.779201][T12699] netlink: 'syz.4.1729': attribute type 1 has an invalid length. [ 612.823096][T12558] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 613.201430][T12558] wireguard: wg0: Could not create IPv4 socket [ 613.209422][T12558] wireguard: wg1: Could not create IPv4 socket [ 613.322080][T12558] wireguard: wg2: Could not create IPv4 socket [ 614.493188][ T5882] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 614.647227][ T5882] usb 4-1: Using ep0 maxpacket: 8 [ 614.668536][ T5882] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 614.688073][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.729400][ T5882] pvrusb2: Hardware description: Terratec Grabster AV400 [ 614.748662][ T5882] pvrusb2: ********** [ 614.752672][ T5882] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 614.779126][ T5882] pvrusb2: Important functionality might not be entirely working. [ 614.799381][ T5882] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 614.823927][ T5882] pvrusb2: ********** [ 614.852882][ T5871] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 614.934591][ T2338] pvrusb2: Invalid write control endpoint [ 615.025956][ T2338] pvrusb2: Invalid write control endpoint [ 615.056103][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 615.066920][ T5871] usb 2-1: config 0 interface 0 has no altsetting 0 [ 615.073962][ T5871] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00 [ 615.103006][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 615.110591][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 615.121108][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.245771][ T5871] usb 2-1: config 0 descriptor?? [ 615.267276][ T2338] pvrusb2: Device being rendered inoperable [ 615.720367][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 615.752770][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 615.774748][ T2338] pvrusb2: Attached sub-driver cx25840 [ 615.781081][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 615.794147][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 615.929760][T12725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 615.957193][T12725] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 616.524663][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 616.533655][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 617.343291][T11347] usb 4-1: USB disconnect, device number 40 [ 617.352580][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 617.360921][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 617.373427][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 617.826640][T12762] Failed to initialize the IGMP autojoin socket (err -2) [ 617.875726][ T5871] usbhid 2-1:0.0: can't add hid device: -71 [ 617.963017][ T5871] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 617.975190][ T5871] usb 2-1: USB disconnect, device number 42 [ 618.683402][ T5871] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 619.135448][ T5871] usb 5-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.157499][ T5871] usb 5-1: config 0 interface 0 has no altsetting 0 [ 619.171522][ T5871] usb 5-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 619.209880][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.235228][ T5871] usb 5-1: config 0 descriptor?? [ 619.283805][T12787] netlink: 'syz.1.1744': attribute type 10 has an invalid length. [ 619.383053][ T5909] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 619.419315][T12791] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1745'. [ 619.594302][ T5909] usb 4-1: Using ep0 maxpacket: 32 [ 619.607306][ T5909] usb 4-1: config 0 has no interfaces? [ 619.624078][ T5909] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=6f.0b [ 619.638789][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=110, SerialNumber=250 [ 619.657793][ T5909] usb 4-1: Product: syz [ 619.661981][ T29] audit: type=1400 audit(2000000301.990:609): avc: denied { read write } for pid=12769 comm="syz.4.1741" name="mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 619.662027][ T29] audit: type=1400 audit(2000000301.990:610): avc: denied { open } for pid=12769 comm="syz.4.1741" path="/dev/input/mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 619.744317][ T5909] usb 4-1: Manufacturer: syz [ 619.790833][ T5909] usb 4-1: SerialNumber: syz [ 619.814408][T12796] team_slave_1: Caught tx_queue_len zero misconfig [ 619.965444][ T5813] Bluetooth: hci5: command tx timeout [ 619.974517][T12803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.983268][T12803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 620.103631][ T5909] r8152-cfgselector 4-1: Unknown version 0x0000 [ 620.128257][ T5909] r8152-cfgselector 4-1: config 0 descriptor?? [ 620.232794][ T5871] usbhid 5-1:0.0: can't add hid device: -71 [ 620.249104][ T5871] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 620.308466][ T5871] usb 5-1: USB disconnect, device number 38 [ 620.375164][ T5942] r8152-cfgselector 4-1: USB disconnect, device number 41 [ 620.749416][T12762] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 620.822053][T12762] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 620.869966][T12762] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 620.914150][T12762] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 621.012800][ T5942] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 621.187305][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 621.223623][ T5942] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 621.260594][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.286032][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 621.315553][ T5942] pvrusb2: ********** [ 621.319587][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 621.337710][ T5942] pvrusb2: Important functionality might not be entirely working. [ 621.390507][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 621.438398][ T5942] pvrusb2: ********** [ 621.494914][ T2338] pvrusb2: Invalid write control endpoint [ 621.593552][ T5882] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 621.667937][ T2338] pvrusb2: Invalid write control endpoint [ 621.701239][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 621.733858][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 621.759266][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 621.863578][ T2338] pvrusb2: Device being rendered inoperable [ 622.022912][ T5813] Bluetooth: hci5: command tx timeout [ 622.269666][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 622.276865][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 622.286446][ T2338] pvrusb2: Attached sub-driver cx25840 [ 622.291952][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 622.307795][ T5882] usb 3-1: unable to get BOS descriptor or descriptor too short [ 622.344385][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 622.363118][ T5882] usb 3-1: config 4 has an invalid interface number: 169 but max is 0 [ 622.380754][ T5882] usb 3-1: config 4 has no interface number 0 [ 622.408349][ T5882] usb 3-1: config 4 interface 169 altsetting 3 endpoint 0x5 has an invalid bInterval 126, changing to 10 [ 622.460097][ T5882] usb 3-1: config 4 interface 169 has no altsetting 0 [ 622.498848][ T5882] usb 3-1: New USB device found, idVendor=11ff, idProduct=5ad3, bcdDevice=f0.d3 [ 622.533999][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.567023][ T5882] usb 3-1: Product: syz [ 622.583990][ T5882] usb 3-1: Manufacturer: syz [ 622.605538][ T5882] usb 3-1: SerialNumber: syz [ 622.764622][ T790] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 622.957348][ T790] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 622.968928][ T790] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 622.996875][T12762] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 623.018924][T12762] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 623.052058][ T790] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 623.105324][ T790] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 623.124001][T12762] wireguard: wg0: Could not create IPv4 socket [ 623.140404][T12762] wireguard: wg1: Could not create IPv4 socket [ 623.164565][ T790] usb 4-1: Manufacturer: syz [ 623.165561][T12762] wireguard: wg2: Could not create IPv4 socket [ 623.189980][ T790] usb 4-1: config 0 descriptor?? [ 623.661953][ T29] audit: type=1400 audit(2000000305.990:611): avc: denied { associate } for pid=12873 comm="syz.3.1757" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 623.843467][ T5942] usb 5-1: USB disconnect, device number 39 [ 623.859389][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.867182][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.009314][T12898] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1759'. [ 624.337281][ T790] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.000F/input/input31 [ 624.587010][ T5882] usb 3-1: USB disconnect, device number 48 [ 624.596974][ T790] uclogic 0003:256C:006D.000F: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 624.644424][ T790] usb 4-1: USB disconnect, device number 42 [ 625.441623][T12921] fido_id[12921]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 625.543080][ T5882] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 625.713341][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 625.732353][ T5882] usb 3-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 625.751799][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.764337][ T29] audit: type=1400 audit(2000000308.080:612): avc: denied { ioctl } for pid=12927 comm="syz.3.1764" path="socket:[42236]" dev="sockfs" ino=42236 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 625.807394][ T5882] usb 3-1: Product: syz [ 625.824637][ T5882] usb 3-1: Manufacturer: syz [ 625.838785][T12932] syzkaller0: entered promiscuous mode [ 625.852353][T12932] syzkaller0: entered allmulticast mode [ 625.852540][ T5882] usb 3-1: SerialNumber: syz [ 625.888559][ T5882] usb 3-1: config 0 descriptor?? [ 626.379073][ T5882] option 3-1:0.0: GSM modem (1-port) converter detected [ 627.352963][ T5882] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 627.360737][ T5960] block nbd0: Possible stuck request ffff888027938000: control (read@0,1024B). Runtime 540 seconds [ 627.371699][ T5960] block nbd0: Possible stuck request ffff888027938200: control (read@1024,1024B). Runtime 540 seconds [ 627.383226][ T5960] block nbd0: Possible stuck request ffff888027938400: control (read@2048,1024B). Runtime 540 seconds [ 627.395478][ T5960] block nbd0: Possible stuck request ffff888027938600: control (read@3072,1024B). Runtime 540 seconds [ 627.462845][ T5942] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 627.480668][ T29] audit: type=1400 audit(2000000309.810:613): avc: denied { getopt } for pid=12941 comm="syz.3.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 627.531433][ T5882] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 627.548500][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.562306][ T5882] usb 2-1: Product: syz [ 627.567155][ T5882] usb 2-1: Manufacturer: syz [ 627.571801][ T5882] usb 2-1: SerialNumber: syz [ 627.623280][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 627.636346][ T5942] usb 5-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 627.653052][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.672805][ T5942] usb 5-1: Product: syz [ 627.680989][ T5942] usb 5-1: Manufacturer: syz [ 627.703284][ T5942] usb 5-1: SerialNumber: syz [ 627.720197][ T790] usb 3-1: USB disconnect, device number 49 [ 627.727707][ T5942] usb 5-1: config 0 descriptor?? [ 627.727749][ T790] option 3-1:0.0: device disconnected [ 627.756096][ T5942] option 5-1:0.0: GSM modem (1-port) converter detected [ 629.049265][T12950] delete_channel: no stack [ 629.062900][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 629.092785][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 629.133095][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 629.162822][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 629.193131][ T5882] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 629.212785][ T5942] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 629.220515][T11347] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 629.224041][ T5882] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 629.252134][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 629.263498][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 629.277382][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 629.282952][ T5882] usb 2-1: USB disconnect, device number 43 [ 629.297919][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 629.307263][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 629.340556][T13000] Failed to initialize the IGMP autojoin socket (err -2) [ 629.392782][ T5942] usb 4-1: Using ep0 maxpacket: 8 [ 629.398088][T11347] usb 3-1: Using ep0 maxpacket: 8 [ 629.409770][ T5942] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 629.421201][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.430910][T11347] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 629.441488][T11347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.474454][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400 [ 629.494265][ T5942] pvrusb2: ********** [ 629.505614][T11347] pvrusb2: Hardware description: Terratec Grabster AV400 [ 629.526370][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 629.541945][T11347] pvrusb2: ********** [ 629.552323][T11347] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 629.572653][ T5942] pvrusb2: Important functionality might not be entirely working. [ 629.645289][T11347] pvrusb2: Important functionality might not be entirely working. [ 629.655396][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 629.696684][ T7256] usb 5-1: USB disconnect, device number 40 [ 629.773597][T11347] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 629.794063][ T7256] option 5-1:0.0: device disconnected [ 629.801221][ T5942] pvrusb2: ********** [ 629.811345][T11347] pvrusb2: ********** [ 629.815898][ T2338] pvrusb2: Invalid write control endpoint [ 630.196224][ T2338] pvrusb2: Invalid write control endpoint [ 630.202060][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 630.485633][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 630.891840][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 630.905273][ T2338] pvrusb2: Device being rendered inoperable [ 630.912401][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 630.920932][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 630.937847][ T2338] pvrusb2: Attached sub-driver cx25840 [ 630.953307][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 630.990802][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 631.031188][ T2338] pvrusb2: Invalid write control endpoint [ 631.137870][ T2338] pvrusb2: Invalid write control endpoint [ 631.169401][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 631.208150][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 631.230476][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 631.255572][ T2338] pvrusb2: Device being rendered inoperable [ 631.277569][ T2338] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 631.302245][ T2338] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_f) [ 631.321903][ T2338] pvrusb2: Attached sub-driver cx25840 [ 631.338046][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 631.358877][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 631.392839][ T5130] Bluetooth: hci5: command tx timeout [ 632.197477][ T10] usb 4-1: USB disconnect, device number 43 [ 632.225030][ T7256] usb 3-1: USB disconnect, device number 50 [ 632.356363][T13051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1778'. [ 632.526440][T13000] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 633.017302][T13000] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 633.522865][ T5130] Bluetooth: hci5: command tx timeout [ 633.555710][T13000] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 633.588098][T13067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 633.613562][T13000] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 633.624985][T13067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 633.782765][ T10] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 633.823655][ T5909] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 633.953069][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 633.973089][ T10] usb 2-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 633.992560][ T5909] usb 3-1: device descriptor read/64, error -71 [ 633.999959][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.191061][ T10] usb 2-1: Product: syz [ 634.205806][ T10] usb 2-1: Manufacturer: syz [ 634.219008][ T10] usb 2-1: SerialNumber: syz [ 634.248529][ T10] usb 2-1: config 0 descriptor?? [ 634.267895][ T10] option 2-1:0.0: GSM modem (1-port) converter detected [ 634.333869][ T5909] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 634.485176][ T5909] usb 3-1: device descriptor read/64, error -71 [ 634.629923][ T5909] usb usb3-port1: attempt power cycle [ 635.470019][T13000] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 635.524199][ T5909] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 635.542073][ T5130] Bluetooth: hci5: command tx timeout [ 635.563307][ T5909] usb 3-1: device descriptor read/8, error -71 [ 635.699118][T11347] usb 2-1: USB disconnect, device number 44 [ 635.705864][T11347] option 2-1:0.0: device disconnected [ 635.784164][T13000] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 635.810890][ T5909] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 635.918049][T13117] netlink: 'syz.1.1786': attribute type 4 has an invalid length. [ 635.933783][ T5909] usb 3-1: device descriptor read/8, error -71 [ 635.943764][T13000] wireguard: wg0: Could not create IPv4 socket [ 635.969394][T13000] wireguard: wg1: Could not create IPv4 socket [ 636.139494][T13000] wireguard: wg2: Could not create IPv4 socket [ 636.143708][ T5909] usb usb3-port1: unable to enumerate USB device [ 637.193729][T13134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=13134 comm=syz.2.1790 [ 637.211060][T13134] qnx6: unable to read the first superblock [ 637.787207][T13143] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 637.797146][T13143] SELinux: failed to load policy [ 638.588457][T13170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1794'. [ 638.604864][ T7256] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 638.963040][ T7256] usb 4-1: Using ep0 maxpacket: 8 [ 639.026168][ T7256] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 639.127653][ T7256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.351902][ T7256] pvrusb2: Hardware description: Terratec Grabster AV400 [ 639.480054][ T7256] pvrusb2: ********** [ 639.592767][ T7256] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 639.610845][ T7256] pvrusb2: Important functionality might not be entirely working. [ 640.168397][ T7256] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 640.202540][ T7256] pvrusb2: ********** [ 640.332427][ T5882] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 640.771377][ T2338] pvrusb2: Invalid write control endpoint [ 640.970131][ T2338] pvrusb2: Invalid write control endpoint [ 640.976018][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 641.016173][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 641.026093][ T5882] usb 2-1: Using ep0 maxpacket: 8 [ 641.102798][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 641.114496][ T5882] usb 2-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 641.199313][ T2338] pvrusb2: Device being rendered inoperable [ 641.207547][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.236717][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 641.256408][ T5882] usb 2-1: Product: syz [ 641.350379][ T5882] usb 2-1: Manufacturer: syz [ 641.355374][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 641.363303][ T5882] usb 2-1: SerialNumber: syz [ 641.369766][ T2338] pvrusb2: Attached sub-driver cx25840 [ 641.388865][ T5882] usb 2-1: config 0 descriptor?? [ 641.403698][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 641.427701][ T5882] option 2-1:0.0: GSM modem (1-port) converter detected [ 641.445126][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 641.908663][ T5909] usb 4-1: USB disconnect, device number 44 [ 642.490643][T13234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1798'. [ 642.531745][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 642.541401][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 642.550324][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 642.560089][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 642.568946][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 642.688930][T13237] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1798'. [ 642.692394][T13235] Failed to initialize the IGMP autojoin socket (err -2) [ 642.699344][T13237] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.712860][T13237] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.752844][ T10] usb 2-1: USB disconnect, device number 45 [ 642.782766][ T5942] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 642.842646][ T10] option 2-1:0.0: device disconnected [ 643.044221][ T5942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 643.056212][ T5942] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 643.072963][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.090963][ T5942] usb 5-1: config 0 descriptor?? [ 643.523895][ T5942] pwc: Askey VC010 type 2 USB webcam detected. [ 644.353129][ T5942] pwc: recv_control_msg error -32 req 02 val 2b00 [ 644.414385][ T5942] pwc: recv_control_msg error -32 req 02 val 2700 [ 644.532337][T13259] dlm: no local IP address has been set [ 644.538104][T13259] dlm: cannot start dlm midcomms -107 [ 644.661551][ T5813] Bluetooth: hci5: command tx timeout [ 644.663566][ T29] audit: type=1400 audit(2000000326.990:614): avc: denied { bind } for pid=13250 comm="syz.3.1804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 644.672825][ T5942] pwc: recv_control_msg error -32 req 02 val 2c00 [ 644.723031][ T5942] pwc: recv_control_msg error -32 req 04 val 1000 [ 644.729993][ T5942] pwc: recv_control_msg error -32 req 04 val 1300 [ 644.737081][ T5942] pwc: recv_control_msg error -32 req 04 val 1400 [ 644.746343][ T5942] pwc: recv_control_msg error -32 req 02 val 2000 [ 644.772840][T11347] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 644.792095][ T5942] pwc: recv_control_msg error -32 req 02 val 2100 [ 644.832151][ T5942] pwc: recv_control_msg error -32 req 04 val 1500 [ 644.847011][ T5942] pwc: recv_control_msg error -32 req 02 val 2500 [ 644.872876][ T5942] pwc: recv_control_msg error -32 req 02 val 2400 [ 644.892500][ T5942] pwc: recv_control_msg error -32 req 02 val 2600 [ 644.931886][T11347] usb 2-1: Using ep0 maxpacket: 8 [ 644.954349][T11347] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 644.974326][ T5942] pwc: recv_control_msg error -32 req 02 val 2900 [ 644.990972][T11347] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.009893][ T5942] pwc: recv_control_msg error -71 req 02 val 2800 [ 645.042953][ T5942] pwc: recv_control_msg error -71 req 04 val 1100 [ 645.056439][T11347] pvrusb2: Hardware description: Terratec Grabster AV400 [ 645.069519][ T5942] pwc: recv_control_msg error -71 req 04 val 1200 [ 645.077730][T11347] pvrusb2: ********** [ 645.081787][T11347] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 645.092830][ T5942] pwc: Registered as video103. [ 645.098433][ T5942] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input32 [ 645.115363][T11347] pvrusb2: Important functionality might not be entirely working. [ 645.142539][T11347] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 645.162339][ T5942] usb 5-1: USB disconnect, device number 41 [ 645.221821][T11347] pvrusb2: ********** [ 645.421119][ T2338] pvrusb2: Invalid write control endpoint [ 645.735278][ T2338] pvrusb2: Invalid write control endpoint [ 645.741057][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 645.762740][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 645.772567][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 645.786778][ T2338] pvrusb2: Device being rendered inoperable [ 645.907220][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880584d9c00: rx timeout, send abort [ 645.922786][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880584d9c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 646.260667][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 646.281892][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_e) [ 646.329878][T13271] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=13271 comm=syz.4.1808 [ 646.331958][ T2338] pvrusb2: Attached sub-driver cx25840 [ 646.358229][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 646.428799][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 646.483168][T13235] netdevsim netdevsim5 netdevsim0: renamed from eth1 [ 646.534733][T13235] netdevsim netdevsim5 netdevsim1: renamed from eth2 [ 646.572623][T13235] netdevsim netdevsim5 netdevsim2: renamed from eth3 [ 646.619253][T13235] netdevsim netdevsim5 netdevsim3: renamed from eth4 [ 646.722822][ T5871] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 646.732867][ T5813] Bluetooth: hci5: command tx timeout [ 646.922972][ T5871] usb 5-1: Using ep0 maxpacket: 8 [ 646.970697][ T5871] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 647.044158][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.414628][ T10] usb 2-1: USB disconnect, device number 46 [ 647.474130][ T5871] pvrusb2: Hardware description: Terratec Grabster AV400 [ 647.481310][ T5871] pvrusb2: ********** [ 647.572990][ T5871] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 647.590636][ T5871] pvrusb2: Important functionality might not be entirely working. [ 647.600427][ T5871] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 647.612419][ T5871] pvrusb2: ********** [ 648.699144][T13292] netlink: 'syz.3.1814': attribute type 26 has an invalid length. [ 648.733741][ T2338] pvrusb2: Invalid write control endpoint [ 649.177348][ T5813] Bluetooth: hci5: command tx timeout [ 649.482846][ T10] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 649.689329][ T2338] pvrusb2: Invalid write control endpoint [ 649.722140][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 649.732808][ T10] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 649.751817][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 649.764889][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.790324][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 649.801400][ T10] usb 3-1: Product: syz [ 649.813457][ T10] usb 3-1: Manufacturer: syz [ 649.829528][ T10] usb 3-1: SerialNumber: syz [ 649.834920][ T2338] pvrusb2: Device being rendered inoperable [ 649.851342][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 649.877398][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_f) [ 649.899772][ T2338] pvrusb2: Attached sub-driver cx25840 [ 649.929554][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 649.968698][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 650.094306][ T30] INFO: task syz.0.1437:11192 blocked for more than 143 seconds. [ 650.102115][ T30] Tainted: G L syzkaller #0 [ 650.114907][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 650.140187][ T30] task:syz.0.1437 state:D stack:26200 pid:11192 tgid:11191 ppid:5803 task_flags:0x400140 flags:0x00080002 [ 650.225036][ T30] Call Trace: [ 650.249997][ T30] [ 650.282754][ T30] __schedule+0xfee/0x6020 [ 650.287226][ T30] ? __lock_acquire+0x4a5/0x2630 [ 650.292205][ T30] ? __pfx___schedule+0x10/0x10 [ 650.325759][ T30] ? find_held_lock+0x2b/0x80 [ 650.423031][ T790] usb 5-1: USB disconnect, device number 42 [ 650.442352][ T30] ? schedule+0x2bf/0x390 [ 650.457941][ T30] schedule+0xdd/0x390 [ 650.462044][ T30] schedule_preempt_disabled+0x13/0x30 [ 650.471406][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 650.503875][ T30] __mutex_lock+0xc9a/0x1b90 [ 650.506760][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 650.508511][ T30] ? bdev_open+0x41a/0xe40 [ 650.526417][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 650.539544][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 650.548966][ T30] ? find_held_lock+0x2b/0x80 [ 650.549622][ T10] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 650.562838][ T30] ? find_inode_fast+0x5e3/0x910 [ 650.567807][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 650.573283][ T30] ? find_inode_fast+0x1fa/0x910 [ 650.578372][ T30] ? bdev_open+0x41a/0xe40 [ 650.583264][ T30] bdev_open+0x41a/0xe40 [ 650.587653][ T30] ? iput+0x3a/0x40 [ 650.592971][ T30] blkdev_open+0x34e/0x4f0 [ 650.597444][ T30] do_dentry_open+0x6d8/0x1660 [ 650.602248][ T30] ? __pfx_blkdev_open+0x10/0x10 [ 650.609960][ T30] vfs_open+0x82/0x3f0 [ 650.614425][ T30] path_openat+0x208c/0x31a0 [ 650.619169][ T30] ? __pfx_path_openat+0x10/0x10 [ 650.625295][ T30] do_file_open+0x20e/0x430 [ 650.629994][ T30] ? __pfx_do_file_open+0x10/0x10 [ 650.635700][ T30] ? alloc_fd+0x476/0x790 [ 650.640178][ T30] ? do_getname+0x191/0x390 [ 650.645216][ T30] do_sys_openat2+0x10d/0x1e0 [ 650.650712][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 650.656540][ T30] __x64_sys_openat+0x12d/0x210 [ 650.661553][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 650.667654][ T30] ? do_user_addr_fault+0x8d6/0x12f0 [ 650.673290][ T30] do_syscall_64+0x106/0xf80 [ 650.679136][ T30] ? clear_bhb_loop+0x40/0x90 [ 650.684357][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.690436][ T30] RIP: 0033:0x7f82efb5c84e [ 650.695488][ T30] RSP: 002b:00007f82f0af8b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 650.704381][ T30] RAX: ffffffffffffffda RBX: 00007f82f0af96c0 RCX: 00007f82efb5c84e [ 650.716354][ T30] RDX: 0000000000040400 RSI: 00007f82f0af8c00 RDI: ffffffffffffff9c [ 650.724875][ T30] RBP: 00007f82f0af8c00 R08: 0000000000000000 R09: 0000000000000000 [ 650.741986][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 650.752849][ T30] R13: 00007f82efe16038 R14: 00007f82efe15fa0 R15: 00007fff1f2f3d98 [ 650.760921][ T30] [ 650.772034][ T30] [ 650.772034][ T30] Showing all locks held in the system: [ 650.792737][ T10] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 650.823069][ T30] 7 locks held by kworker/0:1/10: [ 650.831263][ T30] 1 lock held by khungtaskd/30: [ 650.876125][ T30] #0: ffffffff8e7e7620 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 650.889316][ T10] usb 3-1: USB disconnect, device number 55 [ 650.905067][ T30] 1 lock held by dhcpcd/5473: [ 650.910064][ T30] 2 locks held by getty/5565: [ 650.922847][ T30] #0: ffff8880343e80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 650.963945][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 651.012748][ T30] 1 lock held by udevd/5821: [ 651.017551][ T30] #0: ffff88802782e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 651.042901][ T30] 3 locks held by kworker/0:7/5882: [ 651.048649][ T30] #0: ffff88813fe5b548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 651.079367][ T30] #1: ffffc9000429fd08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 651.103129][ T30] #2: ffffffff8e7f3238 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 651.122763][ T30] 1 lock held by syz.2.112/6311: [ 651.127896][ T30] 1 lock held by syz.4.1023/9735: [ 651.142740][ T30] 1 lock held by syz.0.1437/11192: [ 651.147915][ T30] #0: ffff88802782e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 651.192760][ T30] 3 locks held by kworker/1:4/11347: [ 651.198124][ T30] #0: ffff88813fe5b548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 651.222497][ T5813] Bluetooth: hci5: command tx timeout [ 651.252748][ T30] #1: ffffc900051c7d08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 651.281332][ T30] #2: ffff8880298df240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 651.291804][ T30] [ 651.311057][ T30] ============================================= [ 651.311057][ T30] [ 651.323959][ T30] NMI backtrace for cpu 0 [ 651.323976][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 651.324000][ T30] Tainted: [L]=SOFTLOCKUP [ 651.324006][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 651.324017][ T30] Call Trace: [ 651.324022][ T30] [ 651.324029][ T30] dump_stack_lvl+0x100/0x190 [ 651.324062][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 651.324097][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 651.324124][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 651.324145][ T30] sys_info+0x141/0x190 [ 651.324170][ T30] watchdog+0xcc3/0xfe0 [ 651.324196][ T30] ? __pfx_watchdog+0x10/0x10 [ 651.324215][ T30] ? __kthread_parkme+0x18c/0x230 [ 651.324239][ T30] ? kthread+0x13a/0x450 [ 651.324261][ T30] ? __pfx_watchdog+0x10/0x10 [ 651.324278][ T30] kthread+0x370/0x450 [ 651.324300][ T30] ? __pfx_kthread+0x10/0x10 [ 651.324325][ T30] ret_from_fork+0x754/0xd80 [ 651.324350][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 651.324378][ T30] ? __switch_to+0x7b4/0x10c0 [ 651.324396][ T30] ? __pfx_kthread+0x10/0x10 [ 651.324421][ T30] ret_from_fork_asm+0x1a/0x30 [ 651.324453][ T30] [ 651.324459][ T30] Sending NMI from CPU 0 to CPUs 1: [ 651.450363][ C1] NMI backtrace for cpu 1 [ 651.450380][ C1] CPU: 1 UID: 0 PID: 13312 Comm: dhcpcd-run-hook Tainted: G L syzkaller #0 PREEMPT(full) [ 651.450399][ C1] Tainted: [L]=SOFTLOCKUP [ 651.450404][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 651.450412][ C1] RIP: 0010:check_preemption_disabled+0x8/0xe0 [ 651.450436][ C1] Code: 88 08 85 c0 74 04 90 0f 0b 90 e9 53 fc ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 <65> 8b 1d 35 9c 88 08 65 f7 05 26 9c 88 08 ff ff ff 7f 74 0f 48 83 [ 651.450449][ C1] RSP: 0018:ffffc90003eb74f0 EFLAGS: 00000086 [ 651.450460][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000001 [ 651.450468][ C1] RDX: 0000000000000000 RSI: ffffffff8de459ae RDI: ffffffff8c1adaa0 [ 651.450476][ C1] RBP: ffffffff8e7e7620 R08: 00000000dc74a071 R09: 0000000000000007 [ 651.450485][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002 [ 651.450492][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 651.450500][ C1] FS: 0000000000000000(0000) GS:ffff88812448b000(0000) knlGS:0000000000000000 [ 651.450514][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 651.450522][ C1] CR2: 00007fa5b65017d0 CR3: 00000000609c5000 CR4: 00000000003526f0 [ 651.450531][ C1] Call Trace: [ 651.450535][ C1] [ 651.450540][ C1] lock_acquire+0x18c/0x330 [ 651.450559][ C1] ? unwind_next_frame+0x3be/0x1ea0 [ 651.450572][ C1] ? unwind_next_frame+0x3be/0x1ea0 [ 651.450586][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 651.450601][ C1] unwind_next_frame+0xd1/0x1ea0 [ 651.450614][ C1] ? unwind_next_frame+0xbd/0x1ea0 [ 651.450626][ C1] ? free_pgtables+0x20b/0xb60 [ 651.450642][ C1] ? is_bpf_text_address+0x94/0x1a0 [ 651.450657][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 651.450672][ C1] arch_stack_walk+0x94/0xf0 [ 651.450686][ C1] ? free_pgtables+0x20b/0xb60 [ 651.450702][ C1] ? __put_anon_vma+0x114/0x3a0 [ 651.450720][ C1] stack_trace_save+0x8e/0xc0 [ 651.450734][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 651.450748][ C1] ? __lock_acquire+0x4a5/0x2630 [ 651.450764][ C1] ? __lock_acquire+0x4a5/0x2630 [ 651.450780][ C1] kasan_save_stack+0x30/0x50 [ 651.450794][ C1] ? kasan_save_stack+0x30/0x50 [ 651.450807][ C1] ? kasan_save_track+0x14/0x30 [ 651.450820][ C1] ? __kasan_kmalloc+0xaa/0xb0 [ 651.450832][ C1] ? kmem_cache_free+0x3ed/0x670 [ 651.450844][ C1] ? __put_anon_vma+0x114/0x3a0 [ 651.450861][ C1] ? unlink_anon_vmas+0x5f3/0x8e0 [ 651.450879][ C1] ? free_pgtables+0x20b/0xb60 [ 651.450904][ C1] kasan_save_track+0x14/0x30 [ 651.450917][ C1] __kasan_kmalloc+0xaa/0xb0 [ 651.450931][ C1] kmem_cache_free+0x3ed/0x670 [ 651.450944][ C1] __put_anon_vma+0x114/0x3a0 [ 651.450963][ C1] unlink_anon_vmas+0x5f3/0x8e0 [ 651.450982][ C1] free_pgtables+0x20b/0xb60 [ 651.450999][ C1] ? __pfx_free_pgtables+0x10/0x10 [ 651.451019][ C1] exit_mmap+0x3cd/0xd70 [ 651.451037][ C1] ? find_held_lock+0x2b/0x80 [ 651.451050][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 651.451068][ C1] ? __lock_acquire+0x4a5/0x2630 [ 651.451088][ C1] ? arch_uprobe_clear_state+0x107/0x150 [ 651.451109][ C1] __mmput+0x12a/0x410 [ 651.451123][ C1] mmput+0x67/0x80 [ 651.451135][ C1] do_exit+0x78a/0x2a30 [ 651.451151][ C1] ? do_raw_spin_lock+0x128/0x260 [ 651.451163][ C1] ? __pfx_do_exit+0x10/0x10 [ 651.451178][ C1] ? do_group_exit+0x1bd/0x2a0 [ 651.451193][ C1] ? do_group_exit+0x1bd/0x2a0 [ 651.451209][ C1] ? rcu_is_watching+0x12/0xc0 [ 651.451222][ C1] do_group_exit+0xd5/0x2a0 [ 651.451239][ C1] __x64_sys_exit_group+0x3e/0x50 [ 651.451255][ C1] x64_sys_call+0x102c/0x1530 [ 651.451269][ C1] do_syscall_64+0x106/0xf80 [ 651.451286][ C1] ? clear_bhb_loop+0x40/0x90 [ 651.451300][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.451313][ C1] RIP: 0033:0x7fa5b63ff6c5 [ 651.451323][ C1] Code: Unable to access opcode bytes at 0x7fa5b63ff69b. [ 651.451328][ C1] RSP: 002b:00007ffe2c98ed38 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7 [ 651.451345][ C1] RAX: ffffffffffffffda RBX: 00007ffe2c98f004 RCX: 00007fa5b63ff6c5 [ 651.451353][ C1] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 651.451361][ C1] RBP: 0000000000000003 R08: 00007ffe2c98ee30 R09: 0000000000000002 [ 651.451369][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 651.451377][ C1] R13: 00007ffe2c98f070 R14: 00007fa5b660f000 R15: 000055b25664cd98 [ 651.451390][ C1] [ 651.893209][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 651.900092][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 651.910778][ T30] Tainted: [L]=SOFTLOCKUP [ 651.915105][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 651.925162][ T30] Call Trace: [ 651.928421][ T30] [ 651.931327][ T30] dump_stack_lvl+0x100/0x190 [ 651.935985][ T30] vpanic+0x552/0x970 [ 651.939941][ T30] ? __pfx_vpanic+0x10/0x10 [ 651.944418][ T30] ? do_raw_spin_unlock+0x145/0x1e0 [ 651.949594][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 651.955721][ T30] panic+0xd1/0xe0 [ 651.959413][ T30] ? __pfx_panic+0x10/0x10 [ 651.963809][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 651.969955][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 651.976089][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 651.982230][ T30] ? watchdog.cold+0x198/0x1ca [ 651.986970][ T30] ? watchdog+0xcd3/0xfe0 [ 651.991277][ T30] watchdog.cold+0x1a9/0x1ca [ 651.995845][ T30] ? __pfx_watchdog+0x10/0x10 [ 652.000496][ T30] ? __kthread_parkme+0x18c/0x230 [ 652.005496][ T30] ? kthread+0x13a/0x450 [ 652.009716][ T30] ? __pfx_watchdog+0x10/0x10 [ 652.014367][ T30] kthread+0x370/0x450 [ 652.018441][ T30] ? __pfx_kthread+0x10/0x10 [ 652.023013][ T30] ret_from_fork+0x754/0xd80 [ 652.027593][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 652.032685][ T30] ? __switch_to+0x7b4/0x10c0 [ 652.037345][ T30] ? __pfx_kthread+0x10/0x10 [ 652.041913][ T30] ret_from_fork_asm+0x1a/0x30 [ 652.046657][ T30] [ 652.049977][ T30] Kernel Offset: disabled [ 652.054276][ T30] Rebooting in 86400 seconds..