last executing test programs: 9.180862263s ago: executing program 4 (id=1663): fanotify_init(0x200, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r2 = io_uring_setup(0x45a6, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) r3 = add_key$user(&(0x7f0000000440), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffb) r4 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r4, r3}, &(0x7f00000005c0)=""/208, 0xd0, &(0x7f0000000580)={&(0x7f0000000340)={'md5\x00'}}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}, 0x20) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0) r6 = dup(r5) fallocate(r6, 0x10, 0x0, 0x72000) prlimit64(0x0, 0x1, &(0x7f0000000480)={0xb, 0x8000000000000001}, &(0x7f00000004c0)) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=@gettaction={0x24, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}]}, 0x24}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0x301, 0x0, 0x0, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) sendmsg$IPSET_CMD_TYPE(r6, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000000d060000000000000000000002000003050005000a000000050005000100000016000300686173683a6e65742c706f72742c6e65740000010000000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x4) 8.288807138s ago: executing program 2 (id=1668): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x1, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (fail_nth: 13) 7.57424656s ago: executing program 2 (id=1669): openat$dsp(0xffffff9c, &(0x7f0000000000), 0x44041, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000390402000000000000", @ANYRES32, @ANYBLOB="401000000041040020128008000100677265001400028008000700ac1414aa0600030091"], 0x48}}, 0x4040000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000040000000000050000c6dfaf8d00000a030000000000000000000a000007080002400000000209"], 0x7c}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 7.572616171s ago: executing program 4 (id=1670): syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x48, &(0x7f00000002c0)=ANY=[@ANYBLOB='\b\v'], 0x68) socket$inet6(0x2d, 0x806, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) r4 = mq_open(&(0x7f0000000680)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+\xbb \xcb\be\xf4\x87\xedl\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\xb0\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x9avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3M\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\xc1m\x17\b\xe4\xb1b\x13\xc74Z#E\x91\xbe\x93\x0f\xaf\xa7\xf9\"\x02\xb2\x12\xc5A\x1e\xe2\xe1\x13\xfey8\xe1\xa8Zu\xf1\x0f\x1dC)T)Z\xec\x1d_)?\xbab\xda\xec\x81\xf7\x97\x1f\xc5\xa1T\xb9\x9e\xa3\xe1\x901[\xfa_Y\xa2\x1f\x1c\x7f\xf0\x0eW(\xdf\xc2\xc0p\xb2\xe4\xe4\xcd\'\x03\xaf\x8d\x1c_\xde\xa6\x9cV\x98\x06\x1e4R\xa0\xc9\xcfC\xf8\xaf\x14P\x15]\xa9#/w\x0elPo\x9c\x8c$\xb2t\b\x9atA1\xa6y\xd0\x19\x9e\x96\xaa\xb5\t\xe6cR~?\xb4T\xc0\xa1\xb2\x8a\xef\xc2|\x18p\x1f\xb7\xf5\xb5\x11{h\x8e\xab\b\x8e)\xc1\x12N\xea\x1a\x9e\xcf\x1f\xe5\xac\x9d\xb0?\xe1*D\xe3\a\x9b\x1el\xa6\xf2.VA\xc5\xef\x8a\xf2R\xd0\x9cu\xdat.U\x8c\xc1m\x14S\x8c%ll\x01\x82\xcc\x88a,n\xf9\xd0F\\', 0x42, 0xa8, 0x0) preadv2(r4, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x100, 0x0, 0x0) r5 = syz_io_uring_setup(0x498, &(0x7f0000000380)={0x0, 0x7e8f, 0x3180, 0x9, 0x1d8, 0x0, r3}, &(0x7f0000000100)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x30) 6.620242683s ago: executing program 2 (id=1675): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x1, 0x4f, 0xa, 0x7a11, 0x1}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x20, 0x1418, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}}, 0x400c044) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fcdbdf253100000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000a0000003d00000008000300", @ANYRES32=0x0, @ANYBLOB="080001000d002300"], 0x38}, 0x1, 0x0, 0x0, 0x20040090}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) kexec_load(0x1, 0x0, 0x0, 0x2a0000) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xff}, 0x1c) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269bb, 0x8031, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xff4f, 0xffffffffffffff4f, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xeb) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0xff, 0x1c}, 0xc) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042eb70203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) syz_usb_control_io$uac1(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) 6.065077133s ago: executing program 4 (id=1678): openat$dsp(0xffffff9c, &(0x7f0000000000), 0x44041, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000390402", @ANYRES32, @ANYBLOB="4010"], 0x48}}, 0x4040000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000400000000000500000a28000000000a030000000000000000000a0000070800"], 0x7c}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 5.861418932s ago: executing program 4 (id=1679): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086203, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, 0x0) ioctl$IOMMU_IOAS_UNMAP(0xffffffffffffffff, 0x3b86, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x7}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 4.260957826s ago: executing program 4 (id=1681): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="40000f0000000116e0875a3c3ec2a965ee06c6b786"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000001c0)='ip_vti0\x00', 0x54) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x4, 0x0, 0x3, r2}, 0x10) ioctl$EVIOCGMASK(r1, 0x5b14, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x38c7, 0x400, 0x9}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x4}, 0x38) syz_usb_control_io$lan78xx(r0, &(0x7f0000000200)={0x14, &(0x7f0000000600)={0x0, 0xd, 0x5d, {0x5d, 0x30, "35f08eecc41ac170c9d588b63f78c3d762b143d92c4ff2d5134021f0917511c3950eb559b6aaaca9d92ed4e8b7bf5650dd275fdf350b99145ca2a138940678d8eaab0086c7943a5f84f5f84f37ebafbf71fc9561974c0e75e96e0b"}}, &(0x7f0000000140)={0x0, 0x3, 0x9d, @string={0x9d, 0x3, "78ac1da65eecb25b6be2c75683ba1ddeab72f778f42eb54cf659950bdb262604feabf71f540eac78d515738da4d27a241f43d624e090f140f5ccf5bf18733c672d861d2dfe9c835216dd0d21c47e94f7fb2d075ae278c227573b052385577825bd80c19fbe75eca1959aea5bb5d41df417ec12a529ab438771e231f9e9285d5f8b5b513aec1a8353ccc504e298687adb4d5cabf3465e83dee75d17"}}}, &(0x7f0000000500)={0x34, &(0x7f0000000280)={0x0, 0xe, 0xbe, "e1cf25c46557bd61c750e75f943097c4bfb286bf89514fd9cdd0454689fd3616b77440981533016c653d6796b65697e86cbf0d09a13aac7016a48d8c318ca5551f0ccbc4b991e872e80ce58e89135a767fc6e7060e8a3589e3737b7f998668a98f27aa2f0e8f9402d651b84208c26217bca38c82edfe588e697addab4c41b4b5d9804276238e1df6db756708cb5e280e2405f2a4de6676b92cc198267f219b913d7c02a506d16490103fd3241c67292370447af5845e9268922a41e06c3c"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x96}, &(0x7f0000000080)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000400)={0xc0, 0xa1, 0x4, 0x6}, &(0x7f0000000440)={0x40, 0xa0, 0x4, 0x8}, &(0x7f00000004c0)={0xc0, 0xa2, 0x2f, "0d89d63838dd0ea9ae00000000000092c1993872af4112b67f8f3b0ae009f0228c4c1cd24049afd0b55b5b2455c674"}}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000300)={[0x3ff]}, 0xfffffffffffffff0) ioctl$KVM_RUN(r8, 0xae80, 0x0) read$FUSE(r5, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x8a}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) 4.109005577s ago: executing program 3 (id=1683): syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, 0x0) ioctl$BTRFS_IOC_SEND(r3, 0x40489426, &(0x7f0000000100)={{r2}, 0x2, &(0x7f00000000c0)=[0x9, 0x6], 0x5, 0x2, 0x1}) 3.943612659s ago: executing program 3 (id=1685): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) (fail_nth: 8) 3.228360914s ago: executing program 2 (id=1686): r0 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r0, &(0x7f0000000740), 0xff67) lseek(r0, 0x0, 0x4) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100", @ANYRES16], 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_buf(r3, 0x107, 0x1, &(0x7f0000000880)="74ec6dc21c97dbab61a1ae1b8a52285804e1641c97d7f94eac6e51e8163f23779bbd8291b09183ff45c36d6e7924119d0710136e5ba91ef755763440d2c559ee213c742aa07fe39b02446e729a62f4ff521b3502894fdd9c0714ed95e3f7c94a5136b4edfec85eb3e0653916a19169a29dd7f5f4e92a0724ee38121906207324b959ed7b97441781dc714745e897757ef4a51ece55e45ad0d89635cd4811b45098773b411efee74cf1b8ef8460abdce161b844f1dcf1475e8e05faf09d240f9f75f92677adc5f581f69555081804", 0xce) syz_usb_control_io$hid(r2, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) r5 = syz_open_dev$hidraw(&(0x7f0000000800), 0x6, 0x100) ioctl$HIDIOCGRAWINFO(r5, 0x80084803, &(0x7f0000000840)=""/43) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000003c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0x4d, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x3}) ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x4, {}, {0x0, 0x1, 0x0, 0x0, 0xfc}, 0x80, 0x1, {0x0}, 0x0, 0x0, 0xffffffffffffffff}) r7 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x1854, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x7, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x3, 0x12, {0x9, 0x21, 0x7fff, 0x7, 0x1, {0x22, 0xfa6}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x3, 0x2, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x7f, 0x0, 0x1}}]}}}]}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x200, 0x6, 0x4, 0x4, 0x20, 0x4}, 0x49, &(0x7f0000000e40)=ANY=[@ANYBLOB="050f4900051410040c819c4952f0d965c2dd889c1e63b4da180b10010c080002044f05010b104faef5cb06050700f910110a082101000000000300300000000a1003020000f90e0c00d48c2969f9627aa6b32805209eea25834258721a33f9f42e1da56c4ab3546f3235a99416985261b57e5f966cce3546bb5b6086fe0ea07d2c95a1ea7273f3a88850e75269a8bbcd8937ea307f4ee9d503"], 0x8, [{0xf6, &(0x7f0000000400)=@string={0xf6, 0x3, "bc93a656904a6147e2a4e2a90004710ca6e166bcf26d3f6f21bd5b58b5c784e2799125e452311f0326af8a591e4f5b536679d9bdcb9f24a21857040d3006f2ee572496978cf219f6581fb296bde5359d6101e6b861d921982717e2efd15ece134a8f39c966d38fa9268cf29b5df870e263fa106b7400fb79f0ade8fe22371d09008d3c54a1d0ef0896b5fa0a089bf2f0febb7956cab9aed8b22575d3fe3605aa68d5104eaee5f369092152bfc7874b7befebab5f32a09fa41efa4825cfa1587f93177a468a33503eaba0d73320de0265a26d1471ad7639d7382764735ebc4d63885360d1cb6a45dec11de511363f374d2ce012d8"}}, {0x3b, &(0x7f0000000240)=@string={0x3b, 0x3, "d039d75c5e2cbda59bc2d753435a8a0e1fa1ba55e3cdaee18be428d5bdc80f0c699eaa0c5d9a2ad295a2ba64a759a2ff8e20b9d780923de802"}}, {0xa7, &(0x7f0000000580)=@string={0xa7, 0x3, "d2371cec32ce467f7c32bf2ede139dc54c28b92fd5205c4add8b940666da87c24757e7e3a69a66e4eca829112597ac0035769f58f8baa7dc09520a4bdbe9f962f4266e19a5213897e5e42f7544bf972dd0d8a421cfb473e5769e5ccb76badcb9f990c2a228fa651ff43295c61ec131a8171d2ba4f929aa0f8c8c665966ce853da6e2977b2437181b0dbc20cfa9ac2706a9bdd4ea8306cda66beaab706c7d3c2412cf6fa25f"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x42a}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x40a}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x436}}, {0x1b, &(0x7f0000000640)=ANY=[@ANYBLOB="1b1a0f15cf3218950c1a8519d726827339a08272d3"]}, {0xb7, &(0x7f0000000680)=@string={0xb7, 0x3, "abaa28b4d124a9001049a00257a4d104e427ce82cd4b6d58c133108e0a8d8594bc4b6185d8c4841f92fad5acd7bfb28282d11b6cad40f36a66f7891599d24bc555432c756299c026b3e9d7fdd62d7c1a841ba258fe4827acbd6bd1248f3a8cc54f9a6a55f94e0b77e28a193fa5975db451706f61eccb9c70bf3c2a81f74d1da4fe3f88f2394ba94e028b365172f1fb26dce579d764f581610e47ced3efe8e154bfb74a55929396add7230bcab0454386e8fb09dd9f"}}]}) r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0) syz_usb_control_io(r8, 0x0, 0x0) r9 = syz_open_dev$dri(&(0x7f0000001100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETGAMMA(r9, 0xc02064a5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r7, &(0x7f00000007c0)={0xd, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRESHEX=r2], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x199100) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00') openat2(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)={0xc20002, 0x2, 0xb059184e4dd77197}, 0x18) execveat(0xffffffffffffffff, &(0x7f0000000980)='./file0\x00', &(0x7f0000000b80)={[&(0x7f00000009c0)='/dev/hidraw#\x00', &(0x7f0000000a00)='\x00', &(0x7f0000000a40)='\x00', &(0x7f0000000a80)='-{&}-\x00', &(0x7f0000000ac0)='^\x00', &(0x7f0000000b00)='byteorder\x00', &(0x7f0000000b40)='[\x00']}, &(0x7f0000000d40)={[&(0x7f0000000bc0)='}{-}-]\x00', &(0x7f0000000c00)='\x00', &(0x7f0000000c40)='syz2\x00', &(0x7f0000000c80)='\xcb^&*\\:[@,%*[\x00', &(0x7f0000000cc0)='@-\v!.\x00', &(0x7f0000000d00)='!&]^)$\x00']}, 0x800) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000dc0)=ANY=[@ANYRES8=r6], 0x28}, 0x1, 0x0, 0x0, 0x48804}, 0x8c1) socket$l2tp(0x2, 0x2, 0x73) close_range(r1, 0xffffffffffffffff, 0x0) 3.154957613s ago: executing program 3 (id=1687): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x48) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000140), 0x2000000, &(0x7f0000000200)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}}) statx(0xffffffffffffff9c, 0x0, 0x2000, 0x800, 0x0) read$FUSE(r2, &(0x7f0000008340)={0x2020}, 0x2020) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) (fail_nth: 3) 2.618675913s ago: executing program 0 (id=1689): openat$dsp(0xffffff9c, &(0x7f0000000000), 0x44041, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000390402", @ANYRES32, @ANYBLOB="4010"], 0x48}}, 0x4040000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000400000000000500000a28000000000a030000000000000000000a0000070800"], 0x7c}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 2.555827877s ago: executing program 3 (id=1690): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$SIOCGSTAMP(r1, 0x8906, 0x0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600), 0x0, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x18, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x38}, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/133, 0xfdef) 2.52815789s ago: executing program 1 (id=1691): r0 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}}, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x10008) 2.460522516s ago: executing program 1 (id=1692): openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086203, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, 0x0) ioctl$IOMMU_IOAS_UNMAP(0xffffffffffffffff, 0x3b86, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x7}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 2.42190254s ago: executing program 0 (id=1693): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4}) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x1e3002, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r5, 0x0) move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x2) (async) move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000280)=""/169) sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x7c, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0xfff7}, @IPSET_ATTR_IFACE={0x14, 0x17, 'ip6erspan0\x00'}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x6}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz0\x00'}]}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_PACKETS={0xc}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10000047}, 0x14048000) sendmsg$IPSET_CMD_SAVE(r7, 0x0, 0x8000) socket(0x10, 0x3, 0x0) (async) r8 = socket(0x10, 0x3, 0x0) sendto$inet6(r8, &(0x7f0000000140)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000500020000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) r9 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r9, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r9, 0x0) ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r1], 0x50) io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x2000000, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0x8}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) 1.645313177s ago: executing program 3 (id=1694): sendmmsg$inet(0xffffffffffffffff, &(0x7f00000018c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0}}], 0x1, 0x4880) r0 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000001ff0)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000580)=@canfd={{0x1}, 0xf6, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0) (fail_nth: 5) 1.64118332s ago: executing program 0 (id=1695): syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) ioctl$BTRFS_IOC_SEND(r3, 0x40489426, 0x0) 1.187534346s ago: executing program 1 (id=1696): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010003904020000000000000000", @ANYRES32, @ANYBLOB="401000000041040020128008000100677265001400028008000700ac1414aa06"], 0x48}}, 0x4040000) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000500)={'syztnl2\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x4, 0xd, 0x8, 0x3, 0x5f, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x20, 0x8, 0x3ff, 0x6}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000400000000000500000a28000000000a030000000000000000000a000007080002400000000209"], 0x7c}, 0x1, 0x0, 0x0, 0x40c0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 1.133215937s ago: executing program 3 (id=1697): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000021c0)={0x4c, 0x0, &(0x7f0000001fc0)=[@transaction_sg={0x400c6313, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000b00)={0x1c, &(0x7f00000009c0)={0x40, 0xe, 0x11, "055296be87468a208b4fe36cc154426764"}, 0x0, 0x0}) 1.132392492s ago: executing program 0 (id=1698): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) r5 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$x86(r5, &(0x7f0000000080)={0x0, &(0x7f00000004c0)=[@rdmsr={0x66, 0x18, {0x4000009e}}], 0x18}) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r6, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1}) ioctl$KVM_RUN(r6, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) (async) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$x86(r5, &(0x7f0000000080)={0x0, &(0x7f00000004c0)=[@rdmsr={0x66, 0x18, {0x4000009e}}], 0x18}) (async) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]}) (async) ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r6, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) 1.065644306s ago: executing program 1 (id=1699): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="0100"}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x30001, 0x0) 917.250978ms ago: executing program 1 (id=1700): socket$inet(0xa, 0x801, 0x84) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3516, 0x20000000, 0x0, 0x0, 0x0) 916.260477ms ago: executing program 1 (id=1701): r0 = socket$nl_rdma(0x10, 0x3, 0x14) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8401) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$inet(0x2, 0x80000, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f0803", 0x1f) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x5, 0xec, 0x0, &(0x7f00000002c0)="7a5fdf4fe1ce2511aeb0fd649225fb408d4880fda587c50a1b37beb3494fbc8d2b91b98300c39926a5252252e89110331123848c550176c040b60b3f7c8c40780d7db1e77753bafd372c1536ac1bf8897e6c03218cd4b20b1b5037095c7eb4ce4021cd8ff500073fcad04b40bb846c2c4b9f9cd4f305686c34c89836ad8527a3bf6acb70a0d751ab63f2a9777a091d4cd17d5541d5ed2ce825bdeae2f936cc190b62b457a8a35b58543775cf5610b0ee00c3e0bbc8e66f6a58948987a1c4cf2e2f4192b3f545a9d0fde37fdd4d87d80d606a381f04a71778943b1ac813061c861df03e3e9e55baf8f532e4ce"}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x7, 0xfff3}}}, 0x24}}, 0x24040084) syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_mrelease(0xffffffffffffffff, 0x0) request_key(&(0x7f00000011c0)='big_key\x00', &(0x7f0000001200)={'syz', 0x1}, &(0x7f0000001240)='\x00', 0x0) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="02c820043b000d85ebbe9fe2407267056d5700010003f69e530dd1cac2df99b50323008de89b535bf037b2fcc1c60b3c3e6a5562a953114859e42984c943b8ff3d4815fc94b44a1ef1436cc216f2e230cb79010d075cebbbc8e61df40d36149db45848f5845bc4dc36449897fe5f943083e58bc83b79fa976ef820a621d730acb85abf4380c2db9d9f5696d593b1dd150d5e76ed04c3761fc608aac4a029470fbbda4ae68f4352fd10a34a96d8418640da8c8c9eae33038380a5e1eebe31c963e4e9f4ca3a3e867e1455c744ccc8a93741ddcaca0cec1ff60ada0a2d3a43394c25c9027ac479d9e918878e4b81c5f9c71e4eb3bc5d564a337689a3e6df989a1938d325a3418fa4feef36ce99d9fcdd00"/284], 0x9) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) write$cgroup_pid(r7, &(0x7f00000001c0), 0x12) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000040)=0x1, 0x12) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28000000011401"], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) 883.889432ms ago: executing program 0 (id=1702): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000840)={0x28, 0x2, r1, 0x0, &(0x7f0000007000/0x3000)=nil, 0x3000, 0x7fffffffffffffff}) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8) name_to_handle_at(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000100)=[@acquire_done={0x40106309, 0x2}, @dead_binder_done, @clear_death={0x400c630f, 0x3}, @increfs={0x40046304, 0x2}, @acquire_done={0x40106309, 0x3}], 0x51, 0x0, &(0x7f0000000180)="3b026b7bca0c0f43f8f519fb7182603c669e43c1e49f924516248674dc44945067c459df44bac8f4c2a536e4367e0f3b750b2e1bbeee9c41ce69957bb7ddc90e26d0612dbe406ee7c9c87a2ec544744a25"}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @multicast1}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="182000000000001001"], 0x18}, 0x0) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f00000005c0)={0x28, 0x4, r1, r1, 0x1000, 0x9, 0x3ffa}) r3 = dup(r0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400400, 0x0) write$UHID_INPUT(r3, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5de00987f70e06d038e7ff7fc6e5539b0d650e8b089b3f353b68090890e0878f0e1ac6e7049b3b43959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8041800005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) 840.30353ms ago: executing program 0 (id=1703): openat$dsp(0xffffff9c, &(0x7f0000000000), 0x44041, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000390402", @ANYRES32, @ANYBLOB="4010"], 0x48}}, 0x4040000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 449.209663ms ago: executing program 2 (id=1704): r0 = socket$kcm(0xa, 0x2, 0x73) setsockopt$sock_attach_bpf(r0, 0x29, 0x21, &(0x7f0000000200), 0x4) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x28}, 0x0) bpf$MAP_CREATE(0x1101000000000000, &(0x7f0000000540)=@base={0x5, 0x80, 0x1a00, 0xf7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50) 216.646413ms ago: executing program 2 (id=1705): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) (fail_nth: 4) 0s ago: executing program 4 (id=1706): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r2 = socket(0x2b, 0x1, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000000480)={0x0, 0xfad6, 0x400, 0x2}, &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000380)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd25, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}, {0x2, 0x6}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3], [0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x9}]}}]}, 0xa4}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x401, 0xfffffffc, 0x82, {0x0, 0x0, 0x0, 0x0, 0x20e}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x18, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r8, 0x38005, 0x62120}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x7, r8, 0x6}, 0xc) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xfeffffff, r2, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1) syz_open_dev$tty20(0xc, 0x4, 0x0) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="a5172f0000000000000080000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r10, @ANYBLOB="0800000000000000b70500000800000046000001010000008500000007000000b7000000a1fa000000009500000000000000b32218aaee"], &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r12 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_RTHDR(r12, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x18) r13 = syz_open_procfs(0x0, &(0x7f0000000240)='smaps\x00') pread64(r13, &(0x7f0000000280)=""/70, 0x46, 0xbbf9) ioctl$LOOP_SET_DIRECT_IO(r13, 0x4c08, 0x95) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) kernel console output (not intermixed with test programs): usb 3-1: config 0 descriptor?? [ 350.463906][ T5938] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 350.539380][ T5898] usb usb5-port1: attempt power cycle [ 350.544494][ T5938] usb 2-1: device descriptor read/8, error -71 [ 350.654289][ T5938] usb usb2-port1: unable to enumerate USB device [ 350.913917][ T5898] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 350.934420][ T5898] usb 5-1: device descriptor read/8, error -71 [ 350.953337][ T130] semitek 0003:1EA7:0907.0015: item fetching failed at offset 0/2 [ 350.963105][ T130] semitek 0003:1EA7:0907.0015: probe with driver semitek failed with error -22 [ 351.144023][ T5914] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 351.183899][ T5898] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 351.204370][ T5898] usb 5-1: device descriptor read/8, error -71 [ 351.307811][ T5914] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 351.317228][ T5898] usb usb5-port1: unable to enumerate USB device [ 351.323703][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.339296][ T5914] usb 1-1: Product: syz [ 351.351100][ T5914] usb 1-1: Manufacturer: syz [ 351.355911][ T5914] usb 1-1: SerialNumber: syz [ 351.371082][ T5914] usb 1-1: config 0 descriptor?? [ 351.382620][ T5914] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 351.401213][ T5914] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 351.421395][ T5914] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 351.436530][ T5914] usb 1-1: media controller created [ 351.467054][ T5914] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 351.557478][ T5914] DVB: Unable to find symbol mt352_attach() [ 351.616842][ T5914] DVB: Unable to find symbol nxt6000_attach() [ 351.623220][ T5914] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 351.649905][ T5914] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input30 [ 351.680207][ T5914] dvb-usb: schedule remote query interval to 1000 msecs. [ 351.687661][ T5914] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 351.703124][ T5914] dvb-usb: bulk message failed: -22 (7/0) [ 351.710924][ T5914] dvb-usb: bulk message failed: -22 (7/0) [ 351.730852][ T5914] usb 1-1: USB disconnect, device number 63 [ 351.796298][ T5914] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 352.073898][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 352.073916][ T30] audit: type=1326 audit(1768629704.665:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10458 comm="syz.1.1325" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb70ff8f749 code=0x0 [ 352.214542][T10465] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1325'. [ 352.282732][T10466] bridge_slave_0: left allmulticast mode [ 352.290232][T10466] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.328783][T10466] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 352.867968][ T130] usb 3-1: USB disconnect, device number 54 [ 352.965565][ T5898] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 353.050468][T10478] FAULT_INJECTION: forcing a failure. [ 353.050468][T10478] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.064382][T10478] CPU: 1 UID: 0 PID: 10478 Comm: syz.0.1330 Tainted: G L syzkaller #0 PREEMPT(full) [ 353.064412][T10478] Tainted: [L]=SOFTLOCKUP [ 353.064419][T10478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 353.064431][T10478] Call Trace: [ 353.064439][T10478] [ 353.064448][T10478] dump_stack_lvl+0xe8/0x150 [ 353.064475][T10478] should_fail_ex+0x414/0x560 [ 353.064497][T10478] _copy_to_user+0x31/0xb0 [ 353.064520][T10478] simple_read_from_buffer+0xe1/0x170 [ 353.064545][T10478] proc_fail_nth_read+0x1b3/0x220 [ 353.064568][T10478] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 353.064590][T10478] ? rw_verify_area+0x2a6/0x4d0 [ 353.064615][T10478] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 353.064635][T10478] vfs_read+0x200/0xa30 [ 353.064652][T10478] ? fdget_pos+0x247/0x320 [ 353.064678][T10478] ? __pfx___mutex_lock+0x10/0x10 [ 353.064699][T10478] ? __pfx_vfs_read+0x10/0x10 [ 353.064718][T10478] ? __fget_files+0x2a/0x420 [ 353.064743][T10478] ? __fget_files+0x3a0/0x420 [ 353.064763][T10478] ? __fget_files+0x2a/0x420 [ 353.064801][T10478] ksys_read+0x145/0x250 [ 353.064817][T10478] ? __fget_files+0x3a0/0x420 [ 353.064836][T10478] ? __pfx_ksys_read+0x10/0x10 [ 353.064862][T10478] do_syscall_64+0xec/0xf80 [ 353.064882][T10478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.064899][T10478] ? trace_irq_disable+0x37/0x100 [ 353.064920][T10478] ? clear_bhb_loop+0x60/0xb0 [ 353.064940][T10478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.064957][T10478] RIP: 0033:0x7f801e18e15c [ 353.064975][T10478] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 353.064991][T10478] RSP: 002b:00007f801f07c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 353.065011][T10478] RAX: ffffffffffffffda RBX: 00007f801e3e5fa0 RCX: 00007f801e18e15c [ 353.065025][T10478] RDX: 000000000000000f RSI: 00007f801f07c0a0 RDI: 0000000000000007 [ 353.065043][T10478] RBP: 00007f801f07c090 R08: 0000000000000000 R09: 0000000000000000 [ 353.065055][T10478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.065066][T10478] R13: 00007f801e3e6038 R14: 00007f801e3e5fa0 R15: 00007f801e50fa28 [ 353.065097][T10478] [ 353.407001][ T5898] usb 5-1: Using ep0 maxpacket: 16 [ 353.439702][ T5898] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 353.448908][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.456961][ T5898] usb 5-1: Product: syz [ 353.461228][ T5898] usb 5-1: Manufacturer: syz [ 353.465882][ T5898] usb 5-1: SerialNumber: syz [ 353.641524][T10488] fuse: Unknown parameter 'f¾S4ò¸Eâ*hµâó~j?UÁMÏ0D\×Fà+#o­¿‡œÄ|†¯4RÄ$<\’cÎtŸû4uW˜–OZSàëT1Ä’Úÿ 6ÿǤM¤{ôj•F»æ±Ù5»^0x0000000000000003' [ 353.688868][ T5898] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 353.690362][T10485] IPVS: set_ctl: invalid protocol: 51 172.20.20.170:20001 [ 353.709100][T10489] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1332'. [ 353.773124][ T5898] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 353.785447][ T5898] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 353.794227][ T5898] usb 5-1: media controller created [ 353.807530][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 354.034340][ T5898] zl10353_read_register: readreg error (reg=127, ret==-110) [ 354.278680][ T5898] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 354.354856][ T5898] usb 5-1: USB disconnect, device number 65 [ 354.914132][ T5938] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 355.513955][ T130] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 355.553309][ T5938] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 355.567700][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.606206][ T5938] usb 4-1: Product: syz [ 355.610382][ T5938] usb 4-1: Manufacturer: syz [ 355.641675][ T5938] usb 4-1: SerialNumber: syz [ 355.657278][ T5938] usb 4-1: config 0 descriptor?? [ 355.703875][ T130] usb 5-1: Using ep0 maxpacket: 32 [ 355.714334][ T130] usb 5-1: no configurations [ 355.718956][ T130] usb 5-1: can't read configurations, error -22 [ 355.761834][ T5938] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 355.823606][ T5938] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 355.923937][ T130] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 355.941839][ T5938] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 355.970936][ T5938] usb 4-1: media controller created [ 356.000474][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 356.124310][ T130] usb 5-1: Using ep0 maxpacket: 32 [ 356.140203][ T130] usb 5-1: no configurations [ 356.162620][ T130] usb 5-1: can't read configurations, error -22 [ 356.184752][ T5938] DVB: Unable to find symbol mt352_attach() [ 356.193731][ T130] usb usb5-port1: attempt power cycle [ 356.366893][ T5938] DVB: Unable to find symbol nxt6000_attach() [ 356.494279][ T5938] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 356.555234][ T5938] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input31 [ 356.576354][ T5938] dvb-usb: schedule remote query interval to 1000 msecs. [ 356.583417][ T5938] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 356.744046][ T130] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 356.768545][ T5938] dvb-usb: bulk message failed: -22 (7/0) [ 356.775794][ T5938] dvb-usb: bulk message failed: -22 (7/0) [ 356.784677][ T5938] usb 4-1: USB disconnect, device number 56 [ 356.796031][ T130] usb 5-1: Using ep0 maxpacket: 32 [ 356.801981][ T130] usb 5-1: no configurations [ 356.816759][ T130] usb 5-1: can't read configurations, error -22 [ 356.983980][ T130] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 357.032223][ T130] usb 5-1: Using ep0 maxpacket: 32 [ 357.045977][ T5938] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 357.078724][ T130] usb 5-1: no configurations [ 357.083337][ T130] usb 5-1: can't read configurations, error -22 [ 357.155047][ T130] usb usb5-port1: unable to enumerate USB device [ 357.217570][ T5914] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 357.383923][ T5914] usb 3-1: device descriptor read/64, error -71 [ 357.533996][ T5938] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 357.633951][ T5914] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 357.693936][ T5938] usb 4-1: Using ep0 maxpacket: 32 [ 357.713972][ T5938] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 357.769274][ T5938] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 357.773920][ T5914] usb 3-1: device descriptor read/64, error -71 [ 357.835686][ T5938] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 357.923858][ T5938] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 358.017515][ T5938] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 358.025227][ T5914] usb usb3-port1: attempt power cycle [ 358.073163][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.103008][ T5938] usb 4-1: Product: syz [ 358.122571][ T5938] usb 4-1: Manufacturer: syz [ 358.157966][ T5938] usb 4-1: SerialNumber: syz [ 358.221787][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 358.295623][ T5938] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input32 [ 358.434338][ T5938] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 358.458046][ T5938] (id 0x00) [ 358.473931][ T5914] usb 3-1: new full-speed USB device number 57 using dummy_hcd [ 358.514450][ T5914] usb 3-1: device descriptor read/8, error -71 [ 358.720958][ T5938] rc_core: IR keymap rc-imon-pad not found [ 358.731273][ T5938] Registered IR keymap rc-empty [ 358.741291][ T5938] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 358.795836][ T5938] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 358.833920][ T5914] usb 3-1: new full-speed USB device number 58 using dummy_hcd [ 358.853479][ T5938] imon:send_packet: packet tx failed (-71) [ 358.873949][ T5938] imon 4-1:155.0: remote input dev register failed [ 358.876137][ T5914] usb 3-1: device descriptor read/8, error -71 [ 358.890579][ T5938] imon 4-1:155.0: imon_init_intf0: rc device setup failed [ 358.986674][ T5938] imon 4-1:155.0: unable to initialize intf0, err 0 [ 359.023845][ T5938] imon:imon_probe: failed to initialize context! [ 359.044305][ T5914] usb usb3-port1: unable to enumerate USB device [ 359.050561][ T5938] imon 4-1:155.0: unable to register, err -19 [ 359.101348][ T5938] usb 4-1: USB disconnect, device number 57 [ 359.186017][T10581] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1349'. [ 359.235966][T10582] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1349'. [ 359.444084][ T5938] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 359.616748][ T5938] usb 4-1: Using ep0 maxpacket: 16 [ 359.630979][ T5938] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 359.648177][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.803984][ T5938] usb 4-1: Product: syz [ 359.821890][ T5938] usb 4-1: Manufacturer: syz [ 359.836866][ T5938] usb 4-1: SerialNumber: syz [ 360.132027][ T5938] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 360.203706][ T5938] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 360.274574][ T5938] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 360.351448][ T5938] usb 4-1: media controller created [ 360.407913][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 360.555833][ T5938] zl10353_read_register: readreg error (reg=127, ret==-32) [ 360.630743][T10611] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1353'. [ 360.858640][ T5938] dvb_usb_gl861 4-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 361.019243][ T5938] usb 4-1: USB disconnect, device number 58 [ 362.054063][ T5938] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 362.124437][ T130] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 362.263930][ T5938] usb 2-1: Using ep0 maxpacket: 32 [ 362.294213][ T130] usb 4-1: device descriptor read/64, error -71 [ 362.333404][ T5938] usb 2-1: config 0 has an invalid interface number: 133 but max is 0 [ 362.347731][ T5938] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.384058][ T5947] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 362.401196][ T5938] usb 2-1: config 0 has no interface number 0 [ 362.463913][ T5938] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 362.494941][ T5938] usb 2-1: config 0 interface 133 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 362.530961][ T5938] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e [ 362.540282][ T130] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 362.568246][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.585922][ T5938] usb 2-1: Product: syz [ 362.599164][ T5938] usb 2-1: Manufacturer: syz [ 362.614705][ T5947] usb 3-1: Using ep0 maxpacket: 8 [ 362.627386][ T5938] usb 2-1: SerialNumber: syz [ 362.635662][ T5947] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.654317][ T5938] usb 2-1: config 0 descriptor?? [ 362.670025][T10630] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 362.677324][ T130] usb 4-1: device descriptor read/64, error -71 [ 362.708079][ T5947] usb 3-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 362.737761][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.755923][ T5947] usb 3-1: Product: syz [ 362.773158][ T5947] usb 3-1: Manufacturer: syz [ 362.792916][ T5947] usb 3-1: SerialNumber: syz [ 362.798265][ T130] usb usb4-port1: attempt power cycle [ 362.849800][ T5947] usb 3-1: config 0 descriptor?? [ 362.897351][T10630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.924297][T10630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.957335][ T5947] cdc_phonet 3-1:0.0: skipping garbage [ 362.986704][ T5947] cdc_phonet 3-1:0.0: probe with driver cdc_phonet failed with error -22 [ 363.158793][ T5947] usb 3-1: USB disconnect, device number 59 [ 363.184135][ T130] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 363.225917][ T130] usb 4-1: device descriptor read/8, error -71 [ 363.573999][ T130] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 363.604603][ T130] usb 4-1: device descriptor read/8, error -71 [ 363.719209][ T130] usb usb4-port1: unable to enumerate USB device [ 363.773967][ T5947] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 363.929696][ T5938] usb 2-1: probing VID:PID(0424:012C) [ 363.988232][ T5938] usb 2-1: vub300 testing BULK OUT EndPoint(0) 0B [ 364.003481][ T5947] usb 5-1: Using ep0 maxpacket: 32 [ 364.028973][ T5938] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs [ 364.047956][ T5947] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 364.064991][ T5938] vub300 2-1:0.133: probe with driver vub300 failed with error -22 [ 364.079341][ T5947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 364.121467][ T5938] usb 2-1: USB disconnect, device number 61 [ 364.223563][ T30] audit: type=1326 audit(1768629716.815:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.250918][ T5947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 364.288308][ T30] audit: type=1326 audit(1768629716.815:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.335223][ T5947] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 364.342037][ T30] audit: type=1326 audit(1768629716.815:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.396764][ T5947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.410170][ T5947] usb 5-1: config 0 descriptor?? [ 364.429305][T10666] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 364.439347][ T5947] hub 5-1:0.0: USB hub found [ 364.527257][ T30] audit: type=1326 audit(1768629716.815:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.587464][ T30] audit: type=1326 audit(1768629716.815:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.614341][ T5938] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 364.657038][ T5947] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 364.671022][ T30] audit: type=1326 audit(1768629716.815:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.752568][ T30] audit: type=1326 audit(1768629716.815:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.808390][ T5938] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 364.841766][T10699] FAULT_INJECTION: forcing a failure. [ 364.841766][T10699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 364.903909][ T30] audit: type=1326 audit(1768629716.915:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 364.904340][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.944053][ T5938] usb 2-1: Product: syz [ 364.948346][ T5938] usb 2-1: Manufacturer: syz [ 364.953050][ T5938] usb 2-1: SerialNumber: syz [ 364.962310][T10699] CPU: 1 UID: 0 PID: 10699 Comm: syz.3.1365 Tainted: G L syzkaller #0 PREEMPT(full) [ 364.962338][T10699] Tainted: [L]=SOFTLOCKUP [ 364.962345][T10699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 364.962361][T10699] Call Trace: [ 364.962369][T10699] [ 364.962377][T10699] dump_stack_lvl+0xe8/0x150 [ 364.962404][T10699] should_fail_ex+0x414/0x560 [ 364.962426][T10699] _copy_from_user+0x2d/0xb0 [ 364.962446][T10699] vga_arb_write+0x101/0x2170 [ 364.962473][T10699] ? __pfx_vga_arb_write+0x10/0x10 [ 364.962501][T10699] ? bpf_lsm_file_permission+0x9/0x20 [ 364.962518][T10699] ? security_file_permission+0x75/0x290 [ 364.962538][T10699] ? rw_verify_area+0x255/0x4d0 [ 364.962570][T10699] ? __pfx_vga_arb_write+0x10/0x10 [ 364.962593][T10699] vfs_write+0x27e/0xb30 [ 364.962618][T10699] ? __pfx_vfs_write+0x10/0x10 [ 364.962636][T10699] ? __fget_files+0x2a/0x420 [ 364.962659][T10699] ? __fget_files+0x2a/0x420 [ 364.962678][T10699] ? __fget_files+0x3a0/0x420 [ 364.962697][T10699] ? __fget_files+0x2a/0x420 [ 364.962724][T10699] ksys_write+0x145/0x250 [ 364.962743][T10699] ? __pfx_ksys_write+0x10/0x10 [ 364.962771][T10699] do_syscall_64+0xec/0xf80 [ 364.962790][T10699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.962806][T10699] ? trace_irq_disable+0x37/0x100 [ 364.962828][T10699] ? clear_bhb_loop+0x60/0xb0 [ 364.962848][T10699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.962871][T10699] RIP: 0033:0x7fda8ab8f749 [ 364.962888][T10699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.962904][T10699] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 364.962923][T10699] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 364.962936][T10699] RDX: 000000000000000b RSI: 00002000000003c0 RDI: 0000000000000004 [ 364.962948][T10699] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 364.962959][T10699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.962971][T10699] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 364.963000][T10699] [ 365.212738][ T30] audit: type=1326 audit(1768629716.915:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 365.235261][ T30] audit: type=1326 audit(1768629716.925:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10685 comm="syz.0.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 365.490591][ T5938] hub 2-1:24.0: bad descriptor, ignoring hub [ 365.517164][ T5947] hid-generic 0003:046D:C314.0016: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.4-1/input0 [ 365.533853][ T5938] hub 2-1:24.0: probe with driver hub failed with error -5 [ 365.706795][ T5938] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 365.768281][ T5938] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 365.841260][ T5947] usb 5-1: USB disconnect, device number 70 [ 366.079718][T10709] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1366'. [ 366.088767][T10709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1366'. [ 366.097789][T10709] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1366'. [ 366.106887][T10709] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1366'. [ 366.117697][T10709] netlink: 'syz.3.1366': attribute type 4 has an invalid length. [ 366.315456][ T5938] dib0700: firmware download failed at 7 with -22 [ 368.115468][T10732] vivid-002: disconnect [ 368.160989][T10732] syzkaller1: entered promiscuous mode [ 368.201049][T10732] syzkaller1: entered allmulticast mode [ 368.284258][ T5947] usb 2-1: USB disconnect, device number 62 [ 368.295986][T10733] vivid-002: reconnect [ 369.776220][ T5947] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 369.896202][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 369.916410][ T30] audit: type=1326 audit(1768629722.485:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 369.983686][ T5947] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 369.993027][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.006664][ T5947] usb 5-1: Product: syz [ 370.028787][ T30] audit: type=1326 audit(1768629722.485:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.088527][ T5947] usb 5-1: Manufacturer: syz [ 370.099471][ T30] audit: type=1326 audit(1768629722.485:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.110910][ T5947] usb 5-1: SerialNumber: syz [ 370.203992][ T30] audit: type=1326 audit(1768629722.495:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.276587][ T5947] hub 5-1:24.0: bad descriptor, ignoring hub [ 370.360529][ T5947] hub 5-1:24.0: probe with driver hub failed with error -5 [ 370.574182][ T5947] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 370.592502][ T5947] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 370.661696][ T30] audit: type=1326 audit(1768629722.495:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.698118][ T30] audit: type=1326 audit(1768629722.495:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.704182][ T5947] dib0700: firmware download failed at 7 with -22 [ 370.730816][ T30] audit: type=1326 audit(1768629722.495:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.771556][ T30] audit: type=1326 audit(1768629722.495:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.794037][ T30] audit: type=1326 audit(1768629722.495:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 370.824181][ T30] audit: type=1326 audit(1768629722.495:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10758 comm="syz.1.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 371.543404][ T5947] usb 5-1: USB disconnect, device number 71 [ 371.626404][T10772] program syz.2.1379 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 371.635931][T10772] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 371.916464][T10776] netlink: 'syz.1.1380': attribute type 1 has an invalid length. [ 372.086423][T10778] gretap1: entered allmulticast mode [ 372.097306][T10778] bond3: (slave gretap1): making interface the new active one [ 372.127474][T10778] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 373.453971][ T5913] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 374.103176][ T5913] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 374.112344][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.120591][ T5913] usb 5-1: Product: syz [ 374.124973][ T5913] usb 5-1: Manufacturer: syz [ 374.129546][ T5913] usb 5-1: SerialNumber: syz [ 374.294920][ T5913] hub 5-1:24.0: bad descriptor, ignoring hub [ 374.390271][T10808] fuse: Unknown parameter '¯º!' [ 374.409913][ T5913] hub 5-1:24.0: probe with driver hub failed with error -5 [ 374.560633][ T5913] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 374.572116][ T5913] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 374.584174][ T5913] dib0700: firmware download failed at 7 with -22 [ 375.215609][T10826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1393'. [ 375.578613][T10838] FAULT_INJECTION: forcing a failure. [ 375.578613][T10838] name failslab, interval 1, probability 0, space 0, times 0 [ 375.657404][T10838] CPU: 0 UID: 0 PID: 10838 Comm: syz.3.1397 Tainted: G L syzkaller #0 PREEMPT(full) [ 375.657433][T10838] Tainted: [L]=SOFTLOCKUP [ 375.657439][T10838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 375.657450][T10838] Call Trace: [ 375.657458][T10838] [ 375.657466][T10838] dump_stack_lvl+0xe8/0x150 [ 375.657490][T10838] should_fail_ex+0x414/0x560 [ 375.657512][T10838] should_failslab+0xa8/0x100 [ 375.657533][T10838] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 375.657556][T10838] ? __alloc_skb+0x198/0x3a0 [ 375.657574][T10838] ? __alloc_skb+0x1dc/0x3a0 [ 375.657588][T10838] ? __local_bh_enable_ip+0xd0/0x130 [ 375.657608][T10838] ? __alloc_skb+0x198/0x3a0 [ 375.657623][T10838] __alloc_skb+0x1dc/0x3a0 [ 375.657645][T10838] netlink_sendmsg+0x5c6/0xb30 [ 375.657675][T10838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.657699][T10838] ? aa_sock_msg_perm+0xf1/0x1b0 [ 375.657722][T10838] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 375.657737][T10838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.657759][T10838] __sock_sendmsg+0x21c/0x270 [ 375.657786][T10838] ____sys_sendmsg+0x505/0x820 [ 375.657811][T10838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 375.657846][T10838] ? import_iovec+0x74/0xa0 [ 375.657869][T10838] ___sys_sendmsg+0x21f/0x2a0 [ 375.657893][T10838] ? __pfx____sys_sendmsg+0x10/0x10 [ 375.657942][T10838] ? __fget_files+0x2a/0x420 [ 375.657962][T10838] ? __fget_files+0x3a0/0x420 [ 375.657990][T10838] __x64_sys_sendmsg+0x19b/0x260 [ 375.658013][T10838] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 375.658042][T10838] ? __pfx_ksys_write+0x10/0x10 [ 375.658069][T10838] do_syscall_64+0xec/0xf80 [ 375.658089][T10838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.658105][T10838] ? trace_irq_disable+0x37/0x100 [ 375.658125][T10838] ? clear_bhb_loop+0x60/0xb0 [ 375.658145][T10838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.658161][T10838] RIP: 0033:0x7fda8ab8f749 [ 375.658176][T10838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.658193][T10838] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 375.658213][T10838] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 375.658225][T10838] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 375.658237][T10838] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 375.658247][T10838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.658258][T10838] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 375.658291][T10838] [ 375.658369][T10840] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 375.919015][T10840] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 375.945432][T10840] vhci_hcd vhci_hcd.0: Device attached [ 376.035223][ T5947] usb 5-1: USB disconnect, device number 72 [ 376.063927][ T5913] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 376.177275][T10841] vhci_hcd: connection closed [ 376.178802][ T1038] vhci_hcd vhci_hcd.0: stop threads [ 376.188848][ T5947] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 376.204147][ T1038] vhci_hcd vhci_hcd.0: release socket [ 376.279234][ T1038] vhci_hcd vhci_hcd.0: disconnect device [ 376.300771][ T5913] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 376.310301][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.323862][ T5913] usb 3-1: Product: syz [ 376.328038][ T5913] usb 3-1: Manufacturer: syz [ 376.332629][ T5913] usb 3-1: SerialNumber: syz [ 376.355813][ T5913] usb 3-1: config 0 descriptor?? [ 376.853934][ T5898] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 376.886732][T10857] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1400'. [ 377.103859][ T5898] usb 4-1: Using ep0 maxpacket: 16 [ 377.125648][ T5898] usb 4-1: config 0 has no interfaces? [ 377.134743][ T5898] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 377.243751][ T5898] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 377.406130][ T5898] usb 4-1: Manufacturer: syz [ 377.443716][ T5898] usb 4-1: config 0 descriptor?? [ 378.448465][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.455889][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.735565][ T5913] usb 3-1: USB disconnect, device number 60 [ 378.831336][T10871] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1403'. [ 378.930507][ T5938] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 379.113980][ T5938] usb 1-1: Using ep0 maxpacket: 8 [ 379.157533][ T5938] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 379.178092][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.382733][ T5914] usb 4-1: USB disconnect, device number 63 [ 379.852663][T10887] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1408'. [ 380.024361][ T5914] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 380.223865][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 380.239551][ T5914] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 380.264360][ T5914] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 380.273397][ T5914] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 380.311316][ T5914] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 380.332068][ T5914] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 380.349794][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.388595][ T5914] hub 4-1:1.0: bad descriptor, ignoring hub [ 380.402051][ T5914] hub 4-1:1.0: probe with driver hub failed with error -5 [ 380.416615][ T5914] cdc_wdm 4-1:1.0: skipping garbage [ 380.427539][ T5914] cdc_wdm 4-1:1.0: skipping garbage [ 380.461890][ T5914] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 380.483660][ T5914] cdc_wdm 4-1:1.0: Unknown control protocol [ 381.112271][T10906] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1412'. [ 381.474978][ T5938] usb 1-1: string descriptor 0 read error: -71 [ 381.492208][ T5938] pvrusb2: Hardware description: Terratec Grabster AV400 [ 381.509063][ T5938] pvrusb2: ********** [ 381.522123][ T5938] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 381.543915][ T5947] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 381.726936][ T5938] pvrusb2: Important functionality might not be entirely working. [ 381.746433][ T5938] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 381.784097][ T5938] pvrusb2: ********** [ 381.788962][ T2345] pvrusb2: Invalid write control endpoint [ 381.796739][ T5938] usb 1-1: USB disconnect, device number 64 [ 381.884893][ T2345] pvrusb2: Invalid write control endpoint [ 381.898851][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 381.928430][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 381.953363][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 381.979700][ T2345] pvrusb2: Device being rendered inoperable [ 381.996809][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 382.006742][T10917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1414'. [ 382.024329][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 382.059435][ T2345] pvrusb2: Attached sub-driver cx25840 [ 382.079535][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 382.120334][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 382.332431][T10921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1415'. [ 382.342097][T10921] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 382.877474][T10926] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 383.097630][T10930] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 383.110816][T10930] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.107654][T10944] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1424'. [ 384.384198][T10953] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1427'. [ 385.273899][ T5898] usb 3-1: new full-speed USB device number 61 using dummy_hcd [ 385.564570][ T5898] usb 3-1: not running at top speed; connect to a high speed hub [ 385.653395][ T5898] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 385.737490][ T5898] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 385.764186][ T5898] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 385.910892][ T5898] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 386.116208][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.147261][ T5898] usb 3-1: Product: à “ [ 386.151435][ T5898] usb 3-1: Manufacturer: 《 [ 386.184894][ T5898] usb 3-1: SerialNumber: 〠[ 386.223421][T10959] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 386.476492][T10978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.485480][T10978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.597767][T10980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1434'. [ 386.696555][ T5898] cdc_ncm 3-1:1.0: bind() failure [ 386.707937][ T5898] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 386.721521][ T5898] cdc_ncm 3-1:1.1: bind() failure [ 386.830017][ T5898] usb 3-1: USB disconnect, device number 61 [ 386.921435][ T5914] usb 4-1: USB disconnect, device number 64 [ 387.286755][T10992] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 387.824500][ T5938] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 387.952395][T10995] netlink: 180 bytes leftover after parsing attributes in process `syz.4.1436'. [ 388.074099][ T5938] usb 3-1: Using ep0 maxpacket: 16 [ 388.101356][ T5938] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 388.110990][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.128895][T10995] netlink: 203340 bytes leftover after parsing attributes in process `syz.4.1436'. [ 388.204199][ T5938] usb 3-1: Product: syz [ 388.228934][ T5938] usb 3-1: Manufacturer: syz [ 388.300112][ T5938] usb 3-1: SerialNumber: syz [ 388.622424][ T5938] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 388.670271][T11008] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 388.676819][T11008] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 388.677695][ T5938] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 388.771941][ T5938] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 388.782157][T11008] vhci_hcd vhci_hcd.0: Device attached [ 388.813943][ T5938] usb 3-1: media controller created [ 388.830438][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 389.054091][ T5914] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 389.057293][ T5938] zl10353_read_register: readreg error (reg=127, ret==-32) [ 389.212352][ T5938] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 389.224378][ T5947] usb 2-1: new full-speed USB device number 63 using dummy_hcd [ 389.267067][ T5938] usb 3-1: USB disconnect, device number 62 [ 389.396155][ T5947] usb 2-1: not running at top speed; connect to a high speed hub [ 389.415145][ T5947] usb 2-1: config 15 has an invalid interface number: 133 but max is 1 [ 389.433727][ T5947] usb 2-1: config 15 has no interface number 1 [ 389.453889][ T5947] usb 2-1: config 15 interface 133 altsetting 117 endpoint 0x8A has invalid maxpacket 512, setting to 64 [ 389.463938][ T5898] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 389.466054][ T5947] usb 2-1: config 15 interface 0 has no altsetting 0 [ 389.493871][ T5947] usb 2-1: config 15 interface 133 has no altsetting 0 [ 389.507070][ T5947] usb 2-1: New USB device found, idVendor=0af0, idProduct=8120, bcdDevice=79.09 [ 389.523896][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.531919][ T5947] usb 2-1: Product: syz [ 389.553851][ T5947] usb 2-1: Manufacturer: syz [ 389.558475][ T5947] usb 2-1: SerialNumber: syz [ 389.635476][ T5898] usb 5-1: Using ep0 maxpacket: 16 [ 389.663061][ T5898] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 389.694323][ T5898] usb 5-1: config 1 has no interface number 0 [ 389.702358][ T5898] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 389.713071][ T5898] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 389.723678][ T5898] usb 5-1: config 1 interface 105 has no altsetting 0 [ 389.734823][ T5898] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 389.744344][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.752356][ T5898] usb 5-1: Product: syz [ 389.762318][ T5898] usb 5-1: Manufacturer: syz [ 389.773214][ T5898] usb 5-1: SerialNumber: syz [ 389.790717][T11021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 389.805937][T11021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 390.021926][ T5947] usb 2-1: USB disconnect, device number 63 [ 390.039962][T11021] IPVS: length: 137 != 8 [ 390.045414][T11009] vhci_hcd: connection reset by peer [ 390.052347][ T1088] vhci_hcd vhci_hcd.0: stop threads [ 390.084284][ T1088] vhci_hcd vhci_hcd.0: release socket [ 390.084476][T11030] FAULT_INJECTION: forcing a failure. [ 390.084476][T11030] name failslab, interval 1, probability 0, space 0, times 0 [ 390.089818][ T1088] vhci_hcd vhci_hcd.0: disconnect device [ 390.143462][T11030] CPU: 0 UID: 0 PID: 11030 Comm: syz.2.1451 Tainted: G L syzkaller #0 PREEMPT(full) [ 390.143493][T11030] Tainted: [L]=SOFTLOCKUP [ 390.143500][T11030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 390.143511][T11030] Call Trace: [ 390.143520][T11030] [ 390.143529][T11030] dump_stack_lvl+0xe8/0x150 [ 390.143551][T11030] should_fail_ex+0x414/0x560 [ 390.143564][T11030] should_failslab+0xa8/0x100 [ 390.143578][T11030] __kmalloc_cache_noprof+0x84/0x700 [ 390.143590][T11030] ? sctp_add_bind_addr+0x8c/0x370 [ 390.143619][T11030] sctp_add_bind_addr+0x8c/0x370 [ 390.143648][T11030] sctp_copy_local_addr_list+0x30b/0x4e0 [ 390.143676][T11030] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 390.143693][T11030] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 390.143708][T11030] ? sctp_v6_is_any+0x64/0x80 [ 390.143719][T11030] ? sctp_copy_one_addr+0x93/0x360 [ 390.143733][T11030] sctp_bind_addr_copy+0xb3/0x3c0 [ 390.143752][T11030] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 390.143782][T11030] sctp_connect_new_asoc+0x2e0/0x690 [ 390.143804][T11030] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 390.143831][T11030] ? __local_bh_enable_ip+0xd0/0x130 [ 390.143848][T11030] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 390.143865][T11030] ? security_sctp_bind_connect+0x7e/0x2e0 [ 390.143878][T11030] sctp_sendmsg+0x155c/0x2840 [ 390.143899][T11030] ? __pfx_sctp_sendmsg+0x10/0x10 [ 390.143916][T11030] ? aa_sk_perm+0x15f/0x920 [ 390.143940][T11030] ? aa_sk_perm+0x7ee/0x920 [ 390.143966][T11030] ? __pfx_aa_sk_perm+0x10/0x10 [ 390.143984][T11030] ? sock_rps_record_flow+0x19/0x410 [ 390.144009][T11030] ? inet_sendmsg+0x2f4/0x370 [ 390.144035][T11030] __sock_sendmsg+0x19c/0x270 [ 390.144073][T11030] __sys_sendto+0x3bd/0x520 [ 390.144097][T11030] ? __pfx___sys_sendto+0x10/0x10 [ 390.144114][T11030] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 390.144137][T11030] ? __fget_files+0x3a0/0x420 [ 390.144155][T11030] ? ksys_write+0x22a/0x250 [ 390.144166][T11030] ? __pfx_ksys_write+0x10/0x10 [ 390.144177][T11030] __x64_sys_sendto+0xde/0x100 [ 390.144196][T11030] do_syscall_64+0xec/0xf80 [ 390.144217][T11030] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.144234][T11030] ? clear_bhb_loop+0x60/0xb0 [ 390.144256][T11030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.144271][T11030] RIP: 0033:0x7f65fe78f749 [ 390.144281][T11030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.144296][T11030] RSP: 002b:00007f65ff5bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 390.144316][T11030] RAX: ffffffffffffffda RBX: 00007f65fe9e5fa0 RCX: 00007f65fe78f749 [ 390.144328][T11030] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 390.144340][T11030] RBP: 00007f65ff5bd090 R08: 0000200000000100 R09: 000000000000001c [ 390.144352][T11030] R10: 0000000024004000 R11: 0000000000000246 R12: 0000000000000002 [ 390.144363][T11030] R13: 00007f65fe9e6038 R14: 00007f65fe9e5fa0 R15: 00007f65feb0fa28 [ 390.144393][T11030] [ 390.245728][T11021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 390.468000][T11021] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 390.492773][T11035] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1452'. [ 390.623136][T11039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.680789][T11039] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.817036][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 390.817053][ T30] audit: type=1326 audit(1768629743.415:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11049 comm="syz.0.1456" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x0 [ 390.894704][ T5898] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 390.917388][ T5898] aqc111 5-1:1.105: probe with driver aqc111 failed with error -71 [ 390.932478][ T5898] usb 5-1: USB disconnect, device number 73 [ 390.977149][T11053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1456'. [ 390.993617][T11053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1456'. [ 391.243965][ T5947] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 391.253911][ T5938] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 391.400124][T11061] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1460'. [ 391.543942][ T5947] usb 2-1: Using ep0 maxpacket: 8 [ 391.549157][ T5938] usb 3-1: Using ep0 maxpacket: 16 [ 391.559316][ T5947] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 391.570252][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.585467][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.597498][ T5947] usb 2-1: Product: syz [ 391.601795][ T5938] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 391.625742][ T5947] usb 2-1: Manufacturer: syz [ 391.642284][ T5947] usb 2-1: SerialNumber: syz [ 391.647180][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.658319][ T5947] usb 2-1: config 0 descriptor?? [ 391.667791][ T5938] usb 3-1: config 0 descriptor?? [ 391.679059][ T5947] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 392.191897][ T5938] mcp2221 0003:04D8:00DD.0017: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 392.231983][ T5947] gspca_sonixj: reg_w1 err -71 [ 392.314417][ T5947] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 392.343752][ T5947] usb 2-1: USB disconnect, device number 64 [ 392.673971][ T5876] usb 4-1: new full-speed USB device number 65 using dummy_hcd [ 392.874435][ T5876] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 392.891492][ T5876] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 392.909976][ T5876] usb 4-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 392.912764][ T5947] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 392.945155][ T5876] usb 4-1: config 0 interface 0 has no altsetting 0 [ 392.952476][ T5876] usb 4-1: New USB device found, idVendor=056a, idProduct=00fb, bcdDevice= 0.00 [ 392.976191][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.999593][ T5947] hid-generic 0000:0000:0000.0018: hidraw0: HID v0.00 Device [syz1] on syz0 [ 393.002758][ T5876] usb 4-1: config 0 descriptor?? [ 393.046073][T11076] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 393.049669][ T5938] usb 3-1: USB disconnect, device number 63 [ 393.262742][T11096] fido_id[11096]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 393.439590][T11102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1471'. [ 393.523474][ T5876] wacom 0003:056A:00FB.0019: unbalanced delimiter at end of report description [ 393.545464][ T5876] wacom 0003:056A:00FB.0019: parse failed [ 393.568263][ T5876] wacom 0003:056A:00FB.0019: probe with driver wacom failed with error -22 [ 394.196223][ T5914] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 394.911245][ T30] audit: type=1326 audit(1768629747.505:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.084132][ T30] audit: type=1326 audit(1768629747.505:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.146404][ T30] audit: type=1326 audit(1768629747.505:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.191178][ T30] audit: type=1326 audit(1768629747.505:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.265214][ T30] audit: type=1326 audit(1768629747.505:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.405079][ T5938] usb 4-1: USB disconnect, device number 65 [ 395.509338][ T30] audit: type=1326 audit(1768629747.505:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.729479][ T30] audit: type=1326 audit(1768629747.625:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.803222][ T30] audit: type=1326 audit(1768629747.625:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 395.979501][ T30] audit: type=1326 audit(1768629747.715:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 396.038766][T11152] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 396.085706][ T30] audit: type=1326 audit(1768629747.715:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 396.128967][ T30] audit: type=1326 audit(1768629747.715:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11125 comm="syz.0.1479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801e18f749 code=0x7ffc0000 [ 398.930559][T11192] tipc: Invalid UDP bearer configuration [ 398.930593][T11192] tipc: Enabling of bearer rejected, failed to enable media [ 399.284015][ T5938] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 399.485001][ T5938] usb 5-1: Using ep0 maxpacket: 32 [ 399.506509][ T5938] usb 5-1: config 3 has an invalid interface number: 171 but max is 29 [ 399.517386][ T5938] usb 5-1: config 3 has 1 interface, different from the descriptor's value: 30 [ 399.527442][ T5938] usb 5-1: config 3 has no interface number 0 [ 399.595478][ T5938] usb 5-1: config 3 interface 171 altsetting 108 endpoint 0x1 has invalid wMaxPacketSize 0 [ 399.647070][ T5938] usb 5-1: config 3 interface 171 has no altsetting 0 [ 399.730822][ T5938] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice= c.e5 [ 399.747611][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=10, SerialNumber=3 [ 399.843371][ T5938] usb 5-1: Product: syz [ 399.848680][ T5938] usb 5-1: Manufacturer: syz [ 399.853914][ T5938] usb 5-1: SerialNumber: syz [ 400.328695][ T5938] as10x_usb: device has been detected [ 400.361180][ T5938] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 400.533111][ T5938] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 400.655252][ T5938] as10x_usb: error during firmware upload part1 [ 400.745801][ T5938] Registered device Sky IT Digital Key (green led) [ 400.755561][ T5938] usb 5-1: USB disconnect, device number 74 [ 400.981356][ T5938] Unregistered device Sky IT Digital Key (green led) [ 400.984978][ T5938] as10x_usb: device has been disconnected [ 401.424982][ T5947] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 401.583860][ T5947] usb 2-1: Using ep0 maxpacket: 8 [ 401.592196][ T5947] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 401.607229][ T5947] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 401.616768][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 401.641632][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 401.666283][ T5947] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 401.686713][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.718263][ T5947] hub 2-1:1.0: bad descriptor, ignoring hub [ 401.734386][ T5947] hub 2-1:1.0: probe with driver hub failed with error -5 [ 401.751370][ T5947] cdc_wdm 2-1:1.0: skipping garbage [ 401.767178][ T5947] cdc_wdm 2-1:1.0: skipping garbage [ 401.793884][ T5947] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 401.812998][ T5947] cdc_wdm 2-1:1.0: Unknown control protocol [ 402.574938][ T5947] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 402.816874][T11264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1517'. [ 402.875310][ T5947] usb 1-1: Using ep0 maxpacket: 16 [ 402.966044][ T5947] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.041787][ T5947] usb 1-1: config 0 interface 0 has no altsetting 0 [ 403.066671][ T5947] usb 1-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 403.151145][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.174991][ T5947] usb 1-1: config 0 descriptor?? [ 403.339232][T11274] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1518'. [ 403.539515][T11277] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.548041][T11277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 403.555666][T11277] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.562881][T11277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.701988][T11279] vim2m vim2m.0: vidioc_s_fmt queue busy [ 403.723092][T11277] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 403.744912][ T5914] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 403.781810][ T5947] microsoft 0003:045E:009D.001A: hidraw0: USB HID v0.07 Device [HID 045e:009d] on usb-dummy_hcd.0-1/input0 [ 403.795331][ T5947] microsoft 0003:045E:009D.001A: no inputs found [ 403.804472][ T5947] microsoft 0003:045E:009D.001A: could not initialize ff, continuing anyway [ 403.917454][ T5914] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 403.935792][ T5914] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 403.966407][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.979351][T11254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.994766][T11254] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.062142][T11281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.064249][ T5914] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 404.071740][T11281] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.167912][ T5898] usb 1-1: USB disconnect, device number 65 [ 404.754382][ T130] usb 2-1: USB disconnect, device number 65 [ 405.133916][ T5947] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 405.242811][ T5914] stv0680 4-1:4.0: Could not get descriptor 0200 [ 405.373927][ T5947] usb 1-1: Using ep0 maxpacket: 32 [ 405.381370][ T5947] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 405.404961][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.460816][ T5914] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 405.461853][ T5947] usb 1-1: config 0 descriptor?? [ 405.469544][ T5914] stv0680 4-1:4.0: last error: 2, command = 0x23 [ 405.495825][ T5914] usb 4-1: USB disconnect, device number 66 [ 405.714423][ T5947] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 406.027382][ T5947] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 406.048495][ T5947] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 406.055873][ T5947] usb 1-1: media controller created [ 406.083711][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 406.110418][ T5947] az6027: usb out operation failed. (-71) [ 406.132870][ T5947] az6027: usb out operation failed. (-71) [ 406.138728][ T5947] stb0899_attach: Driver disabled by Kconfig [ 406.153930][ T5947] az6027: no front-end attached [ 406.153930][ T5947] [ 406.164401][ T5947] az6027: usb out operation failed. (-71) [ 406.170152][ T5947] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 406.178811][T11309] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1525'. [ 406.190653][T11311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1525'. [ 406.257622][ T5947] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input34 [ 406.324068][ T5947] dvb-usb: schedule remote query interval to 400 msecs. [ 406.331375][T11311] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1525'. [ 406.340696][ T5947] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 406.460705][ T5947] usb 1-1: USB disconnect, device number 66 [ 406.635662][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1528'. [ 406.848530][ T5947] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 407.289665][ T130] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 407.673911][ T130] usb 4-1: Using ep0 maxpacket: 32 [ 407.679749][ T130] usb 4-1: no configurations [ 407.684798][ T130] usb 4-1: can't read configurations, error -22 [ 407.903899][ T130] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 408.197152][ T130] usb 4-1: Using ep0 maxpacket: 32 [ 408.239670][ T130] usb 4-1: no configurations [ 408.258227][ T130] usb 4-1: can't read configurations, error -22 [ 408.278656][ T130] usb usb4-port1: attempt power cycle [ 408.574360][T11341] fuse: Bad value for 'fd' [ 408.673866][ T130] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 408.714792][ T130] usb 4-1: Using ep0 maxpacket: 32 [ 408.720756][ T130] usb 4-1: no configurations [ 408.730638][ T130] usb 4-1: can't read configurations, error -22 [ 408.993929][ T130] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 409.036827][T11348] netlink: 'syz.0.1536': attribute type 5 has an invalid length. [ 409.054613][ T130] usb 4-1: Using ep0 maxpacket: 32 [ 409.060739][ T130] usb 4-1: no configurations [ 409.066762][ T130] usb 4-1: can't read configurations, error -22 [ 409.097482][ T130] usb usb4-port1: unable to enumerate USB device [ 409.123939][ T106] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 409.276460][ T106] usb 2-1: Using ep0 maxpacket: 8 [ 409.283238][ T106] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 409.294242][ T106] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 409.303405][ T106] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 409.315077][ T106] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 409.332164][ T106] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 409.341596][ T106] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.361915][ T106] hub 2-1:1.0: bad descriptor, ignoring hub [ 409.369259][ T106] hub 2-1:1.0: probe with driver hub failed with error -5 [ 409.378059][ T106] cdc_wdm 2-1:1.0: skipping garbage [ 409.383442][ T106] cdc_wdm 2-1:1.0: skipping garbage [ 409.390913][ T106] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 409.397751][ T106] cdc_wdm 2-1:1.0: Unknown control protocol [ 409.474067][ T5914] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 409.655092][ T5914] usb 3-1: config 0 has an invalid interface number: 69 but max is 0 [ 409.663332][ T5914] usb 3-1: config 0 has no interface number 0 [ 409.683864][ T5914] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 409.694224][ T5914] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 409.707804][ T5914] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 409.717924][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.726421][ T5914] usb 3-1: Product: syz [ 409.730606][ T5914] usb 3-1: Manufacturer: syz [ 409.735599][ T5914] usb 3-1: SerialNumber: syz [ 409.755141][ T5914] usb 3-1: config 0 descriptor?? [ 409.761023][T11355] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 409.770992][ T5914] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 409.783094][ T5914] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 410.177725][ T130] usb 3-1: USB disconnect, device number 64 [ 410.198354][ T130] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 410.212606][ T130] cyberjack 3-1:0.69: device disconnected [ 410.352109][T11370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1541'. [ 410.816064][ T5914] usb 2-1: USB disconnect, device number 66 [ 412.284053][T11387] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1545'. [ 412.975495][T11403] netlink: 'syz.4.1548': attribute type 5 has an invalid length. [ 413.497067][ T5947] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 413.960171][ T5947] usb 5-1: Using ep0 maxpacket: 16 [ 413.975090][ T5947] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 413.988876][ T5947] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 414.002589][ T5947] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 414.012262][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.032568][ T5947] usb 5-1: Product: syz [ 414.036921][ T5947] usb 5-1: Manufacturer: syz [ 414.074005][ T130] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 414.101139][ T5947] usb 5-1: SerialNumber: syz [ 414.122760][ T5947] usb 5-1: config 0 descriptor?? [ 414.141040][ T5947] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 414.162149][ T5947] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 414.233913][ T130] usb 3-1: Using ep0 maxpacket: 8 [ 414.258594][ T130] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 414.284127][ T130] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 414.302127][ T130] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 414.360555][ T130] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 414.406281][ T130] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 414.453951][ T130] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.592844][ T130] hub 3-1:1.0: bad descriptor, ignoring hub [ 414.619719][ T130] hub 3-1:1.0: probe with driver hub failed with error -5 [ 414.638804][ T130] cdc_wdm 3-1:1.0: skipping garbage [ 414.673920][T11432] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1558'. [ 414.686754][ T130] cdc_wdm 3-1:1.0: skipping garbage [ 414.694805][ T130] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 414.695854][T11432] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1558'. [ 414.701694][ T130] cdc_wdm 3-1:1.0: Unknown control protocol [ 414.798256][ T5947] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 414.825089][ T5947] em28xx 5-1:0.0: Config register raw data: 0x36 [ 414.837250][ T5947] em28xx 5-1:0.0: I2S Audio (3 sample rate(s)) [ 414.855798][ T5947] em28xx 5-1:0.0: No AC97 audio processor [ 415.264426][T11438] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1560'. [ 415.503436][ T5947] usb 5-1: USB disconnect, device number 75 [ 416.594174][ T30] audit: type=1326 audit(1768629769.185:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 416.617454][ T30] audit: type=1326 audit(1768629769.215:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 416.652811][ T30] audit: type=1326 audit(1768629769.215:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 416.696269][ T5876] usb 3-1: USB disconnect, device number 65 [ 416.723951][ T30] audit: type=1326 audit(1768629769.215:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.118743][ T30] audit: type=1326 audit(1768629769.215:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.145116][ T30] audit: type=1326 audit(1768629769.215:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.168857][ T30] audit: type=1326 audit(1768629769.215:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.193486][ T30] audit: type=1326 audit(1768629769.215:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.219908][ T30] audit: type=1326 audit(1768629769.215:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 417.281847][ T30] audit: type=1326 audit(1768629769.215:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11467 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb70ff8f749 code=0x7ffc0000 [ 418.256029][T11493] syz_tun: entered allmulticast mode [ 418.306556][T11493] tipc: Enabling of bearer rejected, failed to enable media [ 418.346088][T11492] syz_tun: left allmulticast mode [ 418.396174][ T130] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 418.579181][T11499] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 418.634716][ T130] usb 3-1: too many configurations: 35, using maximum allowed: 8 [ 418.635325][T11499] netlink: 'syz.0.1578': attribute type 6 has an invalid length. [ 418.653077][T11499] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1578'. [ 418.663800][ T130] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 418.680526][ T130] usb 3-1: can't read configurations, error -61 [ 418.844001][ T130] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 418.963913][ T5876] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 419.014553][ T130] usb 3-1: too many configurations: 35, using maximum allowed: 8 [ 419.061280][ T130] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 419.069676][ T130] usb 3-1: can't read configurations, error -61 [ 419.077496][ T130] usb usb3-port1: attempt power cycle [ 419.123894][ T5876] usb 1-1: Using ep0 maxpacket: 8 [ 419.131100][ T5876] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 419.156597][ T5876] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 419.170632][ T5876] usb 1-1: config 0 has no interface number 0 [ 419.180273][ T5876] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 419.202173][ T5876] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 419.263262][ T5876] usb 1-1: config 0 interface 255 has no altsetting 0 [ 419.272873][ T5876] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 419.285184][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.293298][ T5876] usb 1-1: Product: syz [ 419.304920][ T5876] usb 1-1: Manufacturer: syz [ 419.384142][ T5876] usb 1-1: SerialNumber: syz [ 419.412795][T11511] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1580'. [ 419.472092][ T130] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 419.515385][ T130] usb 3-1: too many configurations: 35, using maximum allowed: 8 [ 419.525568][ T130] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 419.535572][ T130] usb 3-1: can't read configurations, error -61 [ 419.557061][ T5876] usb 1-1: config 0 descriptor?? [ 419.576927][ T5876] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 419.589613][ T5876] usb 1-1: setting power ON [ 419.602204][ T5876] dvb-usb: bulk message failed: -22 (2/0) [ 419.626539][ T5876] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 419.656217][ T5876] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 419.674838][ T130] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 419.700198][ T5876] usb 1-1: media controller created [ 419.736161][ T5876] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 419.745687][ T130] usb 3-1: too many configurations: 35, using maximum allowed: 8 [ 419.758012][ T130] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 419.776535][T11499] dvb-usb: bulk message failed: -22 (3/0) [ 419.783582][T11499] dvb-usb: bulk message failed: -22 (3/0) [ 419.798985][ T130] usb 3-1: can't read configurations, error -61 [ 419.822710][ T130] usb usb3-port1: unable to enumerate USB device [ 419.826651][ T5876] usb 1-1: digital interface selection failed (-22) [ 419.898532][ T5876] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 419.911946][ T5876] usb 1-1: setting power OFF [ 419.922910][ T5876] dvb-usb: bulk message failed: -22 (2/0) [ 419.931642][ T5876] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 419.943136][ T5876] (NULL device *): no alternate interface [ 420.001582][ T5876] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 420.022387][ T5876] usb 1-1: USB disconnect, device number 67 [ 420.111435][T11517] FAULT_INJECTION: forcing a failure. [ 420.111435][T11517] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.134156][T11517] CPU: 1 UID: 0 PID: 11517 Comm: syz.3.1583 Tainted: G L syzkaller #0 PREEMPT(full) [ 420.134189][T11517] Tainted: [L]=SOFTLOCKUP [ 420.134195][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 420.134204][T11517] Call Trace: [ 420.134210][T11517] [ 420.134217][T11517] dump_stack_lvl+0xe8/0x150 [ 420.134240][T11517] should_fail_ex+0x414/0x560 [ 420.134259][T11517] _copy_to_iter+0x1de/0x1790 [ 420.134284][T11517] ? __pfx__copy_to_iter+0x10/0x10 [ 420.134303][T11517] ? chacha_block_generic+0x53/0xc80 [ 420.134327][T11517] get_random_bytes_user+0x1a0/0x380 [ 420.134349][T11517] ? __pfx_get_random_bytes_user+0x10/0x10 [ 420.134372][T11517] ? __pfx_vfs_write+0x10/0x10 [ 420.134393][T11517] ? import_ubuf+0xfb/0x1d0 [ 420.134411][T11517] __x64_sys_getrandom+0x16d/0x260 [ 420.134430][T11517] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 420.134446][T11517] ? ksys_write+0x22a/0x250 [ 420.134460][T11517] ? __pfx_ksys_write+0x10/0x10 [ 420.134482][T11517] do_syscall_64+0xec/0xf80 [ 420.134499][T11517] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.134517][T11517] ? trace_irq_disable+0x37/0x100 [ 420.134535][T11517] ? clear_bhb_loop+0x60/0xb0 [ 420.134555][T11517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.134568][T11517] RIP: 0033:0x7fda8ab8f749 [ 420.134582][T11517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.134595][T11517] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 420.134610][T11517] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 420.134621][T11517] RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000200000000240 [ 420.134630][T11517] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 420.134639][T11517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 420.134647][T11517] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 420.134670][T11517] [ 420.163997][ T130] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 420.524387][ T130] usb 5-1: Using ep0 maxpacket: 8 [ 420.543572][ T130] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 420.564498][ T130] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 420.575836][ T130] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 420.587906][ T130] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 420.602781][ T130] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 420.623631][ T130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.657750][ T130] hub 5-1:1.0: bad descriptor, ignoring hub [ 420.673940][ T130] hub 5-1:1.0: probe with driver hub failed with error -5 [ 420.696890][ T130] cdc_wdm 5-1:1.0: skipping garbage [ 420.705711][ T130] cdc_wdm 5-1:1.0: skipping garbage [ 420.722506][ T130] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 420.728698][ T130] cdc_wdm 5-1:1.0: Unknown control protocol [ 420.786391][T11525] openvswitch: netlink: Flow actions attr not present in new flow. [ 420.858369][ T5876] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 420.879329][ T5876] hid-generic 0000:0000:0000.001B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 421.054120][ T130] usb 4-1: new low-speed USB device number 71 using dummy_hcd [ 421.245403][ T130] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 421.266815][ T130] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 421.321094][ T130] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 421.354040][ T130] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 421.381595][ T130] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 421.393469][T11544] netlink: 'syz.0.1590': attribute type 5 has an invalid length. [ 421.413987][ T130] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 421.460228][ T130] usb 4-1: string descriptor 0 read error: -22 [ 421.477015][ T130] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 421.502196][ T130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.526544][ T130] usb 4-1: config 0 descriptor?? [ 421.636934][T11525] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 421.645429][ T130] hub 4-1:0.0: bad descriptor, ignoring hub [ 421.651404][ T130] hub 4-1:0.0: probe with driver hub failed with error -5 [ 421.666112][ T130] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input35 [ 422.455907][ C0] usb_acecad 4-1:0.0: can't resubmit intr, dummy_hcd.3-1/input0, status -1 [ 422.458808][ T5876] usb 4-1: USB disconnect, device number 71 [ 422.801369][T11559] netlink: 'syz.2.1593': attribute type 27 has an invalid length. [ 423.072345][T11559] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 423.150813][T11565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.170847][T11565] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.225655][T11565] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 423.304051][ T5931] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 423.393908][ T5938] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 423.405567][ T5947] usb 5-1: USB disconnect, device number 76 [ 423.484463][ T5931] usb 3-1: Using ep0 maxpacket: 16 [ 423.495020][ T5931] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 423.523597][ T5931] usb 3-1: config 0 has no interface number 0 [ 423.541305][ T5931] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 423.550604][ T5938] usb 4-1: Using ep0 maxpacket: 8 [ 423.566365][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.575264][ T5931] usb 3-1: Product: syz [ 423.579836][ T5931] usb 3-1: Manufacturer: syz [ 423.584801][ T5938] usb 4-1: unable to get BOS descriptor or descriptor too short [ 423.594102][ T5931] usb 3-1: SerialNumber: syz [ 423.599388][ T5938] usb 4-1: config 4 interface 0 has no altsetting 0 [ 423.616497][ T5938] usb 4-1: string descriptor 0 read error: -22 [ 423.654944][ T5931] usb 3-1: config 0 descriptor?? [ 423.660185][ T5938] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 423.714185][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.742000][ T5931] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 423.795623][ T5938] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 423.815204][ T5938] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 423.827303][ T5938] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 423.838865][ T5938] usb 4-1: media controller created [ 423.876146][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 424.264268][ T5931] gspca_spca1528: reg_w err -110 [ 424.284030][ T5931] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110 [ 424.634699][T11578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1596'. [ 424.925120][ T5938] zl10353_read_register: readreg error (reg=127, ret==0) [ 424.998194][ T5938] usb 4-1: USB disconnect, device number 72 [ 425.269290][T11588] netlink: 'syz.0.1600': attribute type 1 has an invalid length. [ 425.309838][T11588] bond3: entered promiscuous mode [ 425.327058][T11588] bond3: entered allmulticast mode [ 425.341085][T11590] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1600'. [ 425.379910][T11588] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1600'. [ 425.417070][T11590] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 425.619015][T11590] bond3: (slave bridge1): making interface the new active one [ 425.640992][T11590] bridge1: entered promiscuous mode [ 425.699813][ T130] usb 3-1: USB disconnect, device number 70 [ 425.739446][T11590] bridge1: entered allmulticast mode [ 425.775713][T11590] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 425.808442][T11588] bond3: left promiscuous mode [ 425.843738][T11588] bridge1: left promiscuous mode [ 425.872678][T11588] bond3: left allmulticast mode [ 425.901257][T11588] bridge1: left allmulticast mode [ 425.910722][T11588] 8021q: adding VLAN 0 to HW filter on device bond3 [ 425.990142][T11599] loop8: detected capacity change from 0 to 8 [ 426.012453][ T5825] Dev loop8: unable to read RDB block 8 [ 426.027012][ T5825] loop8: unable to read partition table [ 426.040136][ T5825] loop8: partition table beyond EOD, truncated [ 426.061445][T11599] Dev loop8: unable to read RDB block 8 [ 426.081975][T11599] loop8: unable to read partition table [ 426.150974][T11599] loop8: partition table beyond EOD, truncated [ 426.161465][T11599] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 426.253887][ T130] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 426.285188][ T5938] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 426.413894][ T130] usb 1-1: Using ep0 maxpacket: 8 [ 426.422384][ T130] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 426.431990][ T130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.440873][ T130] usb 1-1: Product: syz [ 426.447278][ T130] usb 1-1: Manufacturer: syz [ 426.451987][ T130] usb 1-1: SerialNumber: syz [ 426.458547][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.469725][ T5938] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 426.480852][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.489585][ T130] usb 1-1: config 0 descriptor?? [ 426.500241][ T130] gspca_main: se401-2.14.0 probing 047d:5003 [ 426.509732][ T5938] usb 3-1: config 0 descriptor?? [ 426.563921][ T5947] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 426.713911][ T5947] usb 2-1: Using ep0 maxpacket: 8 [ 426.721382][ T5947] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.742540][ T5947] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 426.753730][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 426.766244][ T5947] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 426.782042][ T5947] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 426.794163][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.814743][ T5947] hub 2-1:1.0: bad descriptor, ignoring hub [ 426.822665][ T5947] hub 2-1:1.0: probe with driver hub failed with error -5 [ 426.831836][ T5947] cdc_wdm 2-1:1.0: skipping garbage [ 426.841093][ T5947] cdc_wdm 2-1:1.0: skipping garbage [ 426.853757][ T5947] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 426.860209][ T5947] cdc_wdm 2-1:1.0: Unknown control protocol [ 426.940692][ T5938] steelseries 0003:1038:12B6.001C: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.2-1/input0 [ 426.996919][ T5914] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 427.158597][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 427.167964][ T5914] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 427.194129][ T5914] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 427.216131][ T5914] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 427.244172][ T5914] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 427.272143][ T5914] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 427.289413][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.303964][ T5914] usb 4-1: Product: syz [ 427.312900][ T5914] usb 4-1: Manufacturer: syz [ 427.323249][ T5914] usb 4-1: SerialNumber: syz [ 427.334927][ T130] usb 1-1: reset high-speed USB device number 68 using dummy_hcd [ 427.349019][ C1] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 427.360283][ T5914] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input36 [ 427.360410][T11599] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1604'. [ 427.392794][ T5931] usb 3-1: USB disconnect, device number 71 [ 427.634024][ T5914] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 427.642730][ T5914] (id 0x00) [ 427.704446][ T5914] rc_core: IR keymap rc-imon-pad not found [ 427.710814][ T5914] Registered IR keymap rc-empty [ 427.716595][ T5914] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 427.728658][ T5914] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 427.747544][ T130] gspca_se401: read req failed req 0x06 error -71 [ 427.758093][ T130] se401 1-1:0.0: probe with driver se401 failed with error -71 [ 427.774677][ T130] usb 1-1: USB disconnect, device number 68 [ 427.834889][ T5914] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 427.852801][ T5914] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input37 [ 427.882645][ T5914] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:73> initialized [ 428.513494][T11641] cdc_wdm 2-1:1.0: Error autopm - -16 [ 428.520704][ T5876] usb 2-1: USB disconnect, device number 67 [ 428.844649][T11653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1616'. [ 429.750475][ T5931] usb 4-1: USB disconnect, device number 73 [ 430.121949][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 430.121968][ T30] audit: type=1326 audit(1768629782.715:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11667 comm="syz.3.1621" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fda8ab8f749 code=0x0 [ 430.781950][T11686] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1625'. [ 430.886416][T11686] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1625'. [ 431.091241][T11686] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1625'. [ 432.207693][ T130] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 432.373880][ T130] usb 5-1: Using ep0 maxpacket: 8 [ 432.389229][ T130] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 432.452855][ T130] usb 5-1: config 0 has no interface number 0 [ 432.470924][T11720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1633'. [ 432.515749][ T130] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 432.525617][ T130] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.533636][ T130] usb 5-1: Product: syz [ 432.538036][ T130] usb 5-1: Manufacturer: syz [ 432.542636][ T130] usb 5-1: SerialNumber: syz [ 432.589504][ T130] usb 5-1: config 0 descriptor?? [ 432.623621][ T130] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 433.691457][ T30] audit: type=1326 audit(1768629786.285:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 433.801719][ T30] audit: type=1326 audit(1768629786.285:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 433.873075][ T30] audit: type=1326 audit(1768629786.285:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.008252][ T30] audit: type=1326 audit(1768629786.285:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.159122][ T30] audit: type=1326 audit(1768629786.285:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.194115][ T30] audit: type=1326 audit(1768629786.285:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.229854][ T30] audit: type=1326 audit(1768629786.285:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.277826][ T30] audit: type=1326 audit(1768629786.285:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.387170][ T30] audit: type=1326 audit(1768629786.285:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11734 comm="syz.3.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda8ab8f749 code=0x7ffc0000 [ 434.964026][ T130] gspca_sonixj: reg_r err -110 [ 434.969602][ T130] sonixj 5-1:0.4: probe with driver sonixj failed with error -110 [ 435.031196][T11754] input input38: cannot allocate more than FF_MAX_EFFECTS effects [ 435.523862][ T5919] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 435.750632][ T5919] usb 3-1: device descriptor read/64, error -71 [ 435.946285][ T130] usb 5-1: USB disconnect, device number 77 [ 436.003879][ T5919] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 436.013188][T11770] tipc: Started in network mode [ 436.021502][T11770] tipc: Node identity 4e8000b49c7b, cluster identity 4711 [ 436.036496][T11770] tipc: Enabled bearer , priority 0 [ 436.036843][T11772] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1649'. [ 436.066556][T11768] tipc: Resetting bearer [ 436.157448][ T5919] usb 3-1: device descriptor read/64, error -71 [ 436.286395][ T5919] usb usb3-port1: attempt power cycle [ 436.646781][ T5919] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 436.724419][ T5919] usb 3-1: device descriptor read/8, error -71 [ 436.994202][ T5914] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 437.017783][ T5919] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 437.057852][ T5919] usb 3-1: device descriptor read/8, error -71 [ 437.096156][ T5876] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 437.146912][ T5914] usb 2-1: Using ep0 maxpacket: 32 [ 437.171970][ T5914] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 437.182187][ T5919] usb usb3-port1: unable to enumerate USB device [ 437.193093][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 437.208771][ T5914] usb 2-1: config 0 has no interface number 0 [ 437.268450][ T5914] usb 2-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 437.301924][ T5876] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 437.314015][ T5914] usb 2-1: config 0 interface 8 has no altsetting 0 [ 437.332517][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.342573][ T5876] usb 4-1: Product: syz [ 437.347136][ T5876] usb 4-1: Manufacturer: syz [ 437.355360][ T5914] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb [ 437.371111][ T5876] usb 4-1: SerialNumber: syz [ 437.377571][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.393969][ T5914] usb 2-1: Product: syz [ 437.400116][ T5914] usb 2-1: Manufacturer: syz [ 437.405292][ T5914] usb 2-1: SerialNumber: syz [ 437.424958][ T5914] usb 2-1: config 0 descriptor?? [ 437.800695][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 437.828510][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 439.009868][T11768] tipc: Disabling bearer [ 439.034185][ T106] tipc: Node number set to 3539665076 [ 439.054164][T11785] bridge0: port 3(ipvlan2) entered blocking state [ 439.080146][T11785] bridge0: port 3(ipvlan2) entered disabled state [ 439.092607][T11785] ipvlan2: entered allmulticast mode [ 439.097930][T11793] input: syz0 as /devices/virtual/input/input39 [ 439.105114][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 439.144479][T11785] bridge0: entered allmulticast mode [ 439.176327][T11785] ipvlan2: left allmulticast mode [ 439.181571][T11785] bridge0: left allmulticast mode [ 439.242958][T11797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.286539][T11797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.852448][T11809] fuse: Bad value for 'fd' [ 439.877129][T11809] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1659'. [ 439.905007][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.911398][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.955746][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 439.987446][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 440.018156][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 440.051274][ T5876] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 440.179909][ T5876] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 440.214258][ T5876] usb 4-1: USB disconnect, device number 74 [ 440.348282][ T5914] ath6kl: Failed to submit usb control message: -71 [ 440.360397][ T5914] ath6kl: unable to send the bmi data to the device: -71 [ 440.385459][ T5914] ath6kl: Unable to send get target info: -71 [ 440.414901][ T5914] ath6kl: Failed to init ath6kl core: -71 [ 440.425382][ T5914] ath6kl_usb 2-1:0.8: probe with driver ath6kl_usb failed with error -71 [ 440.539673][ T5914] usb 2-1: USB disconnect, device number 68 [ 441.895319][T11842] FAULT_INJECTION: forcing a failure. [ 441.895319][T11842] name failslab, interval 1, probability 0, space 0, times 0 [ 441.950534][T11842] CPU: 1 UID: 0 PID: 11842 Comm: syz.2.1668 Tainted: G L syzkaller #0 PREEMPT(full) [ 441.950565][T11842] Tainted: [L]=SOFTLOCKUP [ 441.950572][T11842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.950583][T11842] Call Trace: [ 441.950591][T11842] [ 441.950599][T11842] dump_stack_lvl+0xe8/0x150 [ 441.950627][T11842] should_fail_ex+0x414/0x560 [ 441.950649][T11842] should_failslab+0xa8/0x100 [ 441.950671][T11842] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 441.950714][T11842] ? __alloc_skb+0x1dc/0x3a0 [ 441.950733][T11842] ? __local_bh_enable_ip+0xd0/0x130 [ 441.950752][T11842] ? __alloc_skb+0x198/0x3a0 [ 441.950772][T11842] __alloc_skb+0x1dc/0x3a0 [ 441.950796][T11842] _sctp_make_chunk+0x59/0x290 [ 441.950819][T11842] sctp_make_init+0x58b/0xd30 [ 441.950842][T11842] ? is_bpf_text_address+0x292/0x2b0 [ 441.950877][T11842] ? __pfx_sctp_make_init+0x10/0x10 [ 441.950913][T11842] ? stack_trace_save+0x9c/0xe0 [ 441.950937][T11842] ? __pfx_stack_trace_save+0x10/0x10 [ 441.950959][T11842] ? __asan_memset+0x22/0x50 [ 441.950984][T11842] sctp_sf_do_prm_asoc+0xd2/0x3f0 [ 441.951009][T11842] sctp_do_sm+0x1e7/0x5c40 [ 441.951030][T11842] ? __pfx_sctp_pname+0x10/0x10 [ 441.951049][T11842] ? kasan_save_track+0x4f/0x80 [ 441.951065][T11842] ? kasan_save_track+0x3e/0x80 [ 441.951081][T11842] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 441.951099][T11842] ? sctp_sendmsg_to_asoc+0x1307/0x18d0 [ 441.951118][T11842] ? __sys_sendto+0x3bd/0x520 [ 441.951135][T11842] ? __x64_sys_sendto+0xde/0x100 [ 441.951152][T11842] ? do_syscall_64+0xec/0xf80 [ 441.951168][T11842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.951190][T11842] ? __pfx_sctp_do_sm+0x10/0x10 [ 441.951251][T11842] ? __sk_mem_raise_allocated+0x70a/0x1270 [ 441.951275][T11842] ? __genradix_ptr+0x1e1/0x220 [ 441.951305][T11842] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 441.951331][T11842] sctp_sendmsg_to_asoc+0x1088/0x18d0 [ 441.951359][T11842] ? sctp_assoc_add_peer+0xce1/0x13b0 [ 441.951393][T11842] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 441.951413][T11842] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 441.951435][T11842] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 441.951455][T11842] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 441.951472][T11842] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 441.951490][T11842] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 441.951507][T11842] ? security_sctp_bind_connect+0x7e/0x2e0 [ 441.951529][T11842] sctp_sendmsg+0x1941/0x2840 [ 441.951564][T11842] ? __pfx_sctp_sendmsg+0x10/0x10 [ 441.951582][T11842] ? aa_sk_perm+0x15f/0x920 [ 441.951604][T11842] ? aa_sk_perm+0x7ee/0x920 [ 441.951629][T11842] ? __pfx_aa_sk_perm+0x10/0x10 [ 441.951652][T11842] ? sock_rps_record_flow+0x19/0x410 [ 441.951679][T11842] ? inet_sendmsg+0x2f4/0x370 [ 441.951701][T11842] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 441.951721][T11842] __sock_sendmsg+0x19c/0x270 [ 441.951749][T11842] __sys_sendto+0x3bd/0x520 [ 441.951772][T11842] ? __pfx___sys_sendto+0x10/0x10 [ 441.951790][T11842] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 441.951823][T11842] ? __fget_files+0x3a0/0x420 [ 441.951855][T11842] ? ksys_write+0x22a/0x250 [ 441.951875][T11842] ? __pfx_ksys_write+0x10/0x10 [ 441.951898][T11842] __x64_sys_sendto+0xde/0x100 [ 441.951921][T11842] do_syscall_64+0xec/0xf80 [ 441.951940][T11842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.951957][T11842] ? clear_bhb_loop+0x60/0xb0 [ 441.951978][T11842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.951995][T11842] RIP: 0033:0x7f65fe78f749 [ 441.952013][T11842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.952029][T11842] RSP: 002b:00007f65ff5bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 441.952049][T11842] RAX: ffffffffffffffda RBX: 00007f65fe9e5fa0 RCX: 00007f65fe78f749 [ 441.952063][T11842] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003 [ 441.952076][T11842] RBP: 00007f65ff5bd090 R08: 000020000005ffe4 R09: 000000000000001c [ 441.952089][T11842] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002 [ 441.952101][T11842] R13: 00007f65fe9e6038 R14: 00007f65fe9e5fa0 R15: 00007f65feb0fa28 [ 441.952131][T11842] [ 443.497070][T11866] FAULT_INJECTION: forcing a failure. [ 443.497070][T11866] name failslab, interval 1, probability 0, space 0, times 0 [ 443.514022][T11866] CPU: 0 UID: 0 PID: 11866 Comm: syz.1.1674 Tainted: G L syzkaller #0 PREEMPT(full) [ 443.514050][T11866] Tainted: [L]=SOFTLOCKUP [ 443.514057][T11866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 443.514068][T11866] Call Trace: [ 443.514075][T11866] [ 443.514083][T11866] dump_stack_lvl+0xe8/0x150 [ 443.514111][T11866] should_fail_ex+0x414/0x560 [ 443.514133][T11866] should_failslab+0xa8/0x100 [ 443.514155][T11866] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 443.514181][T11866] ? __alloc_skb+0x1dc/0x3a0 [ 443.514199][T11866] ? __local_bh_enable_ip+0xd0/0x130 [ 443.514219][T11866] ? __alloc_skb+0x198/0x3a0 [ 443.514237][T11866] __alloc_skb+0x1dc/0x3a0 [ 443.514256][T11866] ? inet6_rt_notify+0xaf/0x470 [ 443.514276][T11866] inet6_rt_notify+0x170/0x470 [ 443.514301][T11866] ? ip6_route_mpath_notify+0x2a/0x270 [ 443.514321][T11866] ip6_route_mpath_notify+0x113/0x270 [ 443.514340][T11866] ? ip6_route_mpath_notify+0x2a/0x270 [ 443.514366][T11866] inet6_rtm_newroute+0x13e6/0x18c0 [ 443.514389][T11866] ? kasan_quarantine_put+0xbb/0x1f0 [ 443.514406][T11866] ? lockdep_hardirqs_on+0x7b/0x110 [ 443.514428][T11866] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 443.514447][T11866] ? kmem_cache_free+0x197/0x620 [ 443.514465][T11866] ? nlmon_xmit+0xb0/0x100 [ 443.514512][T11866] ? lockdep_hardirqs_on+0x7b/0x110 [ 443.514555][T11866] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 443.514573][T11866] rtnetlink_rcv_msg+0x7cf/0xb70 [ 443.514595][T11866] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 443.514614][T11866] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 443.514632][T11866] ? ref_tracker_free+0x63a/0x7d0 [ 443.514651][T11866] ? __asan_memcpy+0x40/0x70 [ 443.514665][T11866] ? __pfx_ref_tracker_free+0x10/0x10 [ 443.514692][T11866] netlink_rcv_skb+0x208/0x470 [ 443.514716][T11866] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 443.514737][T11866] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 443.514767][T11866] ? netlink_deliver_tap+0x2e/0x1b0 [ 443.514804][T11866] netlink_unicast+0x82f/0x9e0 [ 443.514833][T11866] ? __pfx_netlink_unicast+0x10/0x10 [ 443.514853][T11866] ? __alloc_skb+0x198/0x3a0 [ 443.514873][T11866] ? netlink_sendmsg+0x642/0xb30 [ 443.514893][T11866] ? skb_put+0x11b/0x210 [ 443.514916][T11866] netlink_sendmsg+0x805/0xb30 [ 443.514947][T11866] ? __pfx_netlink_sendmsg+0x10/0x10 [ 443.514972][T11866] ? aa_sock_msg_perm+0xf1/0x1b0 [ 443.514996][T11866] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 443.515013][T11866] ? __pfx_netlink_sendmsg+0x10/0x10 [ 443.515036][T11866] __sock_sendmsg+0x21c/0x270 [ 443.515065][T11866] ____sys_sendmsg+0x52d/0x820 [ 443.515093][T11866] ? __pfx_____sys_sendmsg+0x10/0x10 [ 443.515122][T11866] ? import_iovec+0x74/0xa0 [ 443.515146][T11866] ___sys_sendmsg+0x21f/0x2a0 [ 443.515170][T11866] ? __pfx____sys_sendmsg+0x10/0x10 [ 443.515196][T11866] ? kstrtouint+0x6e/0xe0 [ 443.515238][T11866] ? __fget_files+0x2a/0x420 [ 443.515258][T11866] ? __fget_files+0x3a0/0x420 [ 443.515289][T11866] __sys_sendmmsg+0x227/0x430 [ 443.515317][T11866] ? __pfx___sys_sendmmsg+0x10/0x10 [ 443.515336][T11866] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 443.515387][T11866] ? rcu_is_watching+0x15/0xb0 [ 443.515415][T11866] __x64_sys_sendmmsg+0xa0/0xc0 [ 443.515439][T11866] do_syscall_64+0xec/0xf80 [ 443.515458][T11866] ? rcu_is_watching+0x15/0xb0 [ 443.515475][T11866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.515493][T11866] ? clear_bhb_loop+0x60/0xb0 [ 443.515513][T11866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.515530][T11866] RIP: 0033:0x7fb70ff8f749 [ 443.515547][T11866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.515563][T11866] RSP: 002b:00007fb710e31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 443.515583][T11866] RAX: ffffffffffffffda RBX: 00007fb7101e5fa0 RCX: 00007fb70ff8f749 [ 443.515597][T11866] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 443.515610][T11866] RBP: 00007fb710e31090 R08: 0000000000000000 R09: 0000000000000000 [ 443.515620][T11866] R10: 00000000000000fc R11: 0000000000000246 R12: 0000000000000002 [ 443.515631][T11866] R13: 00007fb7101e6038 R14: 00007fb7101e5fa0 R15: 00007fb71030fa28 [ 443.515661][T11866] [ 444.052726][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 444.052744][ T30] audit: type=1326 audit(1768629796.645:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11868 comm="syz.0.1676" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f801e18f749 code=0x0 [ 444.171352][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888031fec800: rx timeout, send abort [ 444.182029][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888031fec800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 444.232877][ T30] audit: type=1326 audit(1768629796.825:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 444.375175][ T30] audit: type=1326 audit(1768629796.825:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 444.401279][ T30] audit: type=1326 audit(1768629796.825:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 444.719949][ T30] audit: type=1326 audit(1768629796.825:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 444.814819][ T30] audit: type=1326 audit(1768629796.825:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 444.913540][ T30] audit: type=1326 audit(1768629796.825:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 445.108096][ T30] audit: type=1326 audit(1768629796.825:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 445.150096][ T30] audit: type=1326 audit(1768629796.825:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 445.186242][ T30] audit: type=1326 audit(1768629796.855:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11867 comm="syz.2.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fe78f749 code=0x7ffc0000 [ 445.471779][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888031fee400: rx timeout, send abort [ 445.481117][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff888031fee400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 446.143878][ T130] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 446.222595][T11902] FAULT_INJECTION: forcing a failure. [ 446.222595][T11902] name failslab, interval 1, probability 0, space 0, times 0 [ 446.373981][T11902] CPU: 1 UID: 0 PID: 11902 Comm: syz.3.1685 Tainted: G L syzkaller #0 PREEMPT(full) [ 446.374007][T11902] Tainted: [L]=SOFTLOCKUP [ 446.374012][T11902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 446.374018][T11902] Call Trace: [ 446.374023][T11902] [ 446.374029][T11902] dump_stack_lvl+0xe8/0x150 [ 446.374046][T11902] should_fail_ex+0x414/0x560 [ 446.374060][T11902] should_failslab+0xa8/0x100 [ 446.374074][T11902] __kvmalloc_node_noprof+0x175/0x920 [ 446.374086][T11902] ? pfifo_fast_init+0x112/0x6c0 [ 446.374101][T11902] pfifo_fast_init+0x112/0x6c0 [ 446.374114][T11902] qdisc_create_dflt+0x13b/0x4c0 [ 446.374128][T11902] mqprio_init+0x881/0x1e00 [ 446.374145][T11902] ? __pfx_mqprio_init+0x10/0x10 [ 446.374153][T11902] ? qdisc_alloc+0x680/0x900 [ 446.374167][T11902] ? __pfx_mqprio_init+0x10/0x10 [ 446.374176][T11902] qdisc_create+0x7ac/0xea0 [ 446.374191][T11902] tc_modify_qdisc+0x1547/0x2020 [ 446.374207][T11902] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 446.374231][T11902] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 446.374240][T11902] rtnetlink_rcv_msg+0x77c/0xb70 [ 446.374254][T11902] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 446.374265][T11902] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 446.374275][T11902] ? ref_tracker_free+0x63a/0x7d0 [ 446.374285][T11902] ? __asan_memcpy+0x40/0x70 [ 446.374300][T11902] netlink_rcv_skb+0x208/0x470 [ 446.374314][T11902] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 446.374326][T11902] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 446.374349][T11902] netlink_unicast+0x82f/0x9e0 [ 446.374365][T11902] ? __pfx_netlink_unicast+0x10/0x10 [ 446.374376][T11902] ? __alloc_skb+0x198/0x3a0 [ 446.374388][T11902] ? netlink_sendmsg+0x642/0xb30 [ 446.374399][T11902] ? skb_put+0x11b/0x210 [ 446.374412][T11902] netlink_sendmsg+0x805/0xb30 [ 446.374429][T11902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.374444][T11902] ? aa_sock_msg_perm+0xf1/0x1b0 [ 446.374458][T11902] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 446.374479][T11902] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.374492][T11902] __sock_sendmsg+0x21c/0x270 [ 446.374509][T11902] ____sys_sendmsg+0x505/0x820 [ 446.374525][T11902] ? __pfx_____sys_sendmsg+0x10/0x10 [ 446.374541][T11902] ? import_iovec+0x74/0xa0 [ 446.374555][T11902] ___sys_sendmsg+0x21f/0x2a0 [ 446.374568][T11902] ? __pfx____sys_sendmsg+0x10/0x10 [ 446.374597][T11902] ? __fget_files+0x2a/0x420 [ 446.374609][T11902] ? __fget_files+0x3a0/0x420 [ 446.374625][T11902] __x64_sys_sendmsg+0x19b/0x260 [ 446.374639][T11902] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 446.374656][T11902] ? __pfx_ksys_write+0x10/0x10 [ 446.374671][T11902] do_syscall_64+0xec/0xf80 [ 446.374683][T11902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.374692][T11902] ? trace_irq_disable+0x37/0x100 [ 446.374704][T11902] ? clear_bhb_loop+0x60/0xb0 [ 446.374716][T11902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.374725][T11902] RIP: 0033:0x7fda8ab8f749 [ 446.374735][T11902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.374744][T11902] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 446.374757][T11902] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 446.374764][T11902] RDX: 0000000020000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 446.374771][T11902] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 446.374777][T11902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.374784][T11902] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 446.374800][T11902] [ 446.754032][ T130] usb 5-1: Using ep0 maxpacket: 8 [ 446.774953][ T130] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 446.783359][ T130] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 446.838437][ T130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 446.902072][ T130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 446.954873][ T130] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 447.025363][T11908] FAULT_INJECTION: forcing a failure. [ 447.025363][T11908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.038610][ T130] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 447.052226][T11908] CPU: 0 UID: 0 PID: 11908 Comm: syz.3.1687 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.052256][T11908] Tainted: [L]=SOFTLOCKUP [ 447.052262][T11908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 447.052273][T11908] Call Trace: [ 447.052282][T11908] [ 447.052290][T11908] dump_stack_lvl+0xe8/0x150 [ 447.052317][T11908] should_fail_ex+0x414/0x560 [ 447.052339][T11908] _copy_from_iter+0x1cd/0x1630 [ 447.052370][T11908] ? __pfx__copy_from_iter+0x10/0x10 [ 447.052391][T11908] ? __build_skb_around+0x22d/0x3c0 [ 447.052413][T11908] ? __alloc_skb+0x198/0x3a0 [ 447.052443][T11908] ? netlink_sendmsg+0x642/0xb30 [ 447.052465][T11908] ? skb_put+0x11b/0x210 [ 447.052488][T11908] netlink_sendmsg+0x6b2/0xb30 [ 447.052519][T11908] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.052545][T11908] ? aa_sock_msg_perm+0xf1/0x1b0 [ 447.052568][T11908] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 447.052585][T11908] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.052609][T11908] __sock_sendmsg+0x21c/0x270 [ 447.052637][T11908] ____sys_sendmsg+0x505/0x820 [ 447.052663][T11908] ? __pfx_____sys_sendmsg+0x10/0x10 [ 447.052691][T11908] ? import_iovec+0x74/0xa0 [ 447.052714][T11908] ___sys_sendmsg+0x21f/0x2a0 [ 447.052737][T11908] ? __pfx____sys_sendmsg+0x10/0x10 [ 447.052786][T11908] ? __fget_files+0x2a/0x420 [ 447.052806][T11908] ? __fget_files+0x3a0/0x420 [ 447.052835][T11908] __x64_sys_sendmsg+0x19b/0x260 [ 447.052859][T11908] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 447.052889][T11908] ? __pfx_ksys_write+0x10/0x10 [ 447.052914][T11908] do_syscall_64+0xec/0xf80 [ 447.052933][T11908] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.052949][T11908] ? trace_irq_disable+0x37/0x100 [ 447.052969][T11908] ? clear_bhb_loop+0x60/0xb0 [ 447.052989][T11908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.053006][T11908] RIP: 0033:0x7fda8ab8f749 [ 447.053022][T11908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.053037][T11908] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 447.053055][T11908] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 447.053068][T11908] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 447.053079][T11908] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 447.053090][T11908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.053101][T11908] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 447.053126][T11908] [ 447.473217][ T130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.513872][ T5938] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 447.591008][T11920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1691'. [ 447.603971][ T5947] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 447.665710][ T5938] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 447.676151][ T5938] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 447.687487][ T5938] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 447.696688][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.716909][ T5938] usb 3-1: config 0 descriptor?? [ 447.986619][T11931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 448.001348][T11931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 448.058837][ T5938] usb 3-1: string descriptor 0 read error: -71 [ 448.080719][ T5938] usb 3-1: USB disconnect, device number 76 [ 448.281621][T11932] usbtmc 5-1:16.0: simple usb_control_msg failed -32 [ 448.449706][T11934] FAULT_INJECTION: forcing a failure. [ 448.449706][T11934] name failslab, interval 1, probability 0, space 0, times 0 [ 448.495814][T11934] CPU: 0 UID: 0 PID: 11934 Comm: syz.3.1694 Tainted: G L syzkaller #0 PREEMPT(full) [ 448.495844][T11934] Tainted: [L]=SOFTLOCKUP [ 448.495853][T11934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 448.495862][T11934] Call Trace: [ 448.495869][T11934] [ 448.495877][T11934] dump_stack_lvl+0xe8/0x150 [ 448.495905][T11934] should_fail_ex+0x414/0x560 [ 448.495930][T11934] should_failslab+0xa8/0x100 [ 448.495954][T11934] __kmalloc_noprof+0xdf/0x800 [ 448.495973][T11934] ? bcm_tx_setup+0x598/0x1bd0 [ 448.495998][T11934] bcm_tx_setup+0x598/0x1bd0 [ 448.496035][T11934] bcm_sendmsg+0x45c/0x6a0 [ 448.496060][T11934] ? __pfx_bcm_sendmsg+0x10/0x10 [ 448.496085][T11934] ? aa_sock_msg_perm+0xf1/0x1b0 [ 448.496110][T11934] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 448.496126][T11934] ? __pfx_bcm_sendmsg+0x10/0x10 [ 448.496145][T11934] __sock_sendmsg+0x21c/0x270 [ 448.496173][T11934] ____sys_sendmsg+0x505/0x820 [ 448.496201][T11934] ? __pfx_____sys_sendmsg+0x10/0x10 [ 448.496232][T11934] ? import_iovec+0x74/0xa0 [ 448.496257][T11934] ___sys_sendmsg+0x21f/0x2a0 [ 448.496281][T11934] ? __pfx____sys_sendmsg+0x10/0x10 [ 448.496346][T11934] ? __fget_files+0x2a/0x420 [ 448.496367][T11934] ? __fget_files+0x3a0/0x420 [ 448.496398][T11934] __x64_sys_sendmsg+0x19b/0x260 [ 448.496423][T11934] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 448.496454][T11934] ? __pfx_ksys_write+0x10/0x10 [ 448.496481][T11934] do_syscall_64+0xec/0xf80 [ 448.496501][T11934] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.496518][T11934] ? trace_irq_disable+0x37/0x100 [ 448.496540][T11934] ? clear_bhb_loop+0x60/0xb0 [ 448.496560][T11934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.496577][T11934] RIP: 0033:0x7fda8ab8f749 [ 448.496594][T11934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.496610][T11934] RSP: 002b:00007fda8bab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 448.496630][T11934] RAX: ffffffffffffffda RBX: 00007fda8ade5fa0 RCX: 00007fda8ab8f749 [ 448.496644][T11934] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 448.496656][T11934] RBP: 00007fda8bab8090 R08: 0000000000000000 R09: 0000000000000000 [ 448.496668][T11934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.496680][T11934] R13: 00007fda8ade6038 R14: 00007fda8ade5fa0 R15: 00007fda8af0fa28 [ 448.496710][T11934] [ 449.019842][T11945] binder: 11944:11945 ioctl c0306201 2000000021c0 returned -22 [ 449.094302][T11950] warning: `syz.1.1699' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 449.265200][ T5876] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 449.403433][T11964] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1701'. [ 449.455849][ T5876] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 449.469811][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.485367][ T5876] usb 4-1: Product: syz [ 449.490952][ T5876] usb 4-1: Manufacturer: syz [ 449.499742][ T5876] usb 4-1: SerialNumber: syz [ 449.510403][ T5876] usb 4-1: config 0 descriptor?? [ 449.747071][ T5876] hso 4-1:0.0: Failed to find BULK IN ep [ 449.773377][ T5876] usb-storage 4-1:0.0: USB Mass Storage device detected [ 449.970554][ T5876] usb 4-1: USB disconnect, device number 75 [ 450.036673][T11971] FAULT_INJECTION: forcing a failure. [ 450.036673][T11971] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 450.069775][ T5938] usb 5-1: USB disconnect, device number 79 [ 450.110009][T11971] CPU: 0 UID: 0 PID: 11971 Comm: syz.2.1705 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.110039][T11971] Tainted: [L]=SOFTLOCKUP [ 450.110046][T11971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 450.110057][T11971] Call Trace: [ 450.110064][T11971] [ 450.110082][T11971] dump_stack_lvl+0xe8/0x150 [ 450.110109][T11971] should_fail_ex+0x414/0x560 [ 450.110130][T11971] prepare_alloc_pages+0x22b/0x650 [ 450.110158][T11971] __alloc_frozen_pages_noprof+0x123/0x370 [ 450.110182][T11971] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 450.110215][T11971] alloc_pages_bulk_noprof+0x560/0x710 [ 450.110237][T11971] ? trace_kmalloc+0x1f/0xb0 [ 450.110253][T11971] ? copy_splice_read+0x143/0xa50 [ 450.110278][T11971] copy_splice_read+0x173/0xa50 [ 450.110308][T11971] ? __pfx_copy_splice_read+0x10/0x10 [ 450.110330][T11971] ? look_up_lock_class+0x57/0x110 [ 450.110349][T11971] ? register_lock_class+0x31/0x2e0 [ 450.110369][T11971] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 450.110392][T11971] ? alloc_pipe_info+0x374/0x4d0 [ 450.110411][T11971] ? __pfx_copy_splice_read+0x10/0x10 [ 450.110431][T11971] splice_direct_to_actor+0x4a9/0xcc0 [ 450.110471][T11971] ? __pfx_direct_splice_actor+0x10/0x10 [ 450.110492][T11971] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 450.110523][T11971] do_splice_direct+0x181/0x270 [ 450.110548][T11971] ? __pfx_do_splice_direct+0x10/0x10 [ 450.110567][T11971] ? common_file_perm+0x1b5/0x220 [ 450.110590][T11971] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 450.110615][T11971] ? bpf_lsm_file_permission+0x9/0x20 [ 450.110633][T11971] ? security_file_permission+0x75/0x290 [ 450.110654][T11971] ? rw_verify_area+0x255/0x4d0 [ 450.110680][T11971] do_sendfile+0x4da/0x7e0 [ 450.110700][T11971] ? __pfx_vfs_write+0x10/0x10 [ 450.110722][T11971] ? __pfx_do_sendfile+0x10/0x10 [ 450.110742][T11971] ? __fget_files+0x3a0/0x420 [ 450.110773][T11971] __se_sys_sendfile64+0x13e/0x190 [ 450.110796][T11971] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 450.110827][T11971] do_syscall_64+0xec/0xf80 [ 450.110847][T11971] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.110865][T11971] ? trace_irq_disable+0x37/0x100 [ 450.110885][T11971] ? clear_bhb_loop+0x60/0xb0 [ 450.110907][T11971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.110925][T11971] RIP: 0033:0x7f65fe78f749 [ 450.110942][T11971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.110959][T11971] RSP: 002b:00007f65ff5bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 450.110979][T11971] RAX: ffffffffffffffda RBX: 00007f65fe9e5fa0 RCX: 00007f65fe78f749 [ 450.110993][T11971] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 450.111004][T11971] RBP: 00007f65ff5bd090 R08: 0000000000000000 R09: 0000000000000000 [ 450.111016][T11971] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000001 [ 450.111028][T11971] R13: 00007f65fe9e6038 R14: 00007f65fe9e5fa0 R15: 00007f65feb0fa28 [ 450.111058][T11971] [ 450.112351][T11970] ttyS ttyS3: tty_port_close_start: tty->count = 1 port count = 2 [ 450.112624][T11970] [ 450.112632][T11970] ====================================================== [ 450.112642][T11970] WARNING: possible circular locking dependency detected [ 450.112660][T11970] syzkaller #0 Tainted: G L [ 450.112670][T11970] ------------------------------------------------------ [ 450.112677][T11970] syz.2.1705/11970 is trying to acquire lock: [ 450.112687][T11970] ffffffff8df35920 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x11a/0xb00 [ 450.112732][T11970] [ 450.112732][T11970] but task is already holding lock: [ 450.112738][T11970] ffff8881417c8d40 (&port->lock#2){-.-.}-{3:3}, at: tty_port_close_start+0x5e/0x580 [ 450.112781][T11970] [ 450.112781][T11970] which lock already depends on the new lock. [ 450.112781][T11970] [ 450.112788][T11970] [ 450.112788][T11970] the existing dependency chain (in reverse order) is: [ 450.112795][T11970] [ 450.112795][T11970] -> #2 (&port->lock#2){-.-.}-{3:3}: [ 450.112820][T11970] _raw_spin_lock_irqsave+0x40/0x60 [ 450.112838][T11970] tty_port_default_wakeup+0x23/0x170 [ 450.112856][T11970] serial8250_tx_chars+0x72e/0x970 [ 450.112870][T11970] serial8250_handle_irq+0x633/0xbb0 [ 450.112884][T11970] serial8250_default_handle_irq+0xbf/0x200 [ 450.112900][T11970] serial8250_interrupt+0x8d/0x180 [ 450.112920][T11970] __handle_irq_event_percpu+0x217/0x970 [ 450.112940][T11970] handle_irq_event+0x8b/0x1e0 [ 450.112959][T11970] handle_edge_irq+0x23b/0xa10 [ 450.112977][T11970] __common_interrupt+0x141/0x1f0 [ 450.112997][T11970] common_interrupt+0xb6/0xe0 [ 450.113016][T11970] asm_common_interrupt+0x26/0x40 [ 450.113030][T11970] pv_native_safe_halt+0x13/0x20 [ 450.113045][T11970] default_idle+0x13/0x20 [ 450.113062][T11970] default_idle_call+0x73/0xb0 [ 450.113090][T11970] do_idle+0x1be/0x4d0 [ 450.113105][T11970] cpu_startup_entry+0x44/0x60 [ 450.113122][T11970] rest_init+0x2de/0x300 [ 450.113141][T11970] start_kernel+0x381/0x3d0 [ 450.113157][T11970] x86_64_start_reservations+0x24/0x30 [ 450.113178][T11970] x86_64_start_kernel+0x143/0x1c0 [ 450.113197][T11970] common_startup_64+0x13e/0x147 [ 450.113216][T11970] [ 450.113216][T11970] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 450.113241][T11970] _raw_spin_lock_irqsave+0x40/0x60 [ 450.113256][T11970] serial8250_console_write+0x155/0x1b60 [ 450.113272][T11970] console_flush_all+0x713/0xb00 [ 450.113291][T11970] console_unlock+0xbb/0x190 [ 450.113307][T11970] vprintk_emit+0x47b/0x550 [ 450.113323][T11970] _printk+0xcf/0x120 [ 450.113343][T11970] register_console+0xa8b/0xf90 [ 450.113361][T11970] univ8250_console_init+0x3a/0x70 [ 450.113376][T11970] console_init+0xfc/0x3f0 [ 450.113396][T11970] start_kernel+0x227/0x3d0 [ 450.113412][T11970] x86_64_start_reservations+0x24/0x30 [ 450.113434][T11970] x86_64_start_kernel+0x143/0x1c0 [ 450.113456][T11970] common_startup_64+0x13e/0x147 [ 450.113474][T11970] [ 450.113474][T11970] -> #0 (console_owner){-.-.}-{0:0}: [ 450.113535][T11970] __lock_acquire+0x15a6/0x2cf0 [ 450.113552][T11970] lock_acquire+0x107/0x340 [ 450.113566][T11970] console_flush_all+0x6bc/0xb00 [ 450.113584][T11970] console_unlock+0xbb/0x190 [ 450.113601][T11970] vprintk_emit+0x47b/0x550 [ 450.113618][T11970] _printk+0xcf/0x120 [ 450.113636][T11970] tty_port_close_start+0x3f4/0x580 [ 450.113655][T11970] tty_port_close+0x2a/0x170 [ 450.113672][T11970] tty_release+0x389/0x1720 [ 450.113694][T11970] __fput+0x44c/0xa70 [ 450.113713][T11970] task_work_run+0x1d4/0x260 [ 450.113732][T11970] exit_to_user_mode_loop+0xef/0x4e0 [ 450.113751][T11970] do_syscall_64+0x2c1/0xf80 [ 450.113766][T11970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.113780][T11970] [ 450.113780][T11970] other info that might help us debug this: [ 450.113780][T11970] [ 450.113787][T11970] Chain exists of: [ 450.113787][T11970] console_owner --> &port_lock_key --> &port->lock#2 [ 450.113787][T11970] [ 450.113815][T11970] Possible unsafe locking scenario: [ 450.113815][T11970] [ 450.113820][T11970] CPU0 CPU1 [ 450.113826][T11970] ---- ---- [ 450.113831][T11970] lock(&port->lock#2); [ 450.113847][T11970] lock(&port_lock_key); [ 450.113860][T11970] lock(&port->lock#2); [ 450.113877][T11970] lock(console_owner); [ 450.113889][T11970] [ 450.113889][T11970] *** DEADLOCK *** [ 450.113889][T11970] [ 450.113894][T11970] 4 locks held by syz.2.1705/11970: [ 450.113904][T11970] #0: ffff8880292cf1c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_release+0x72/0x1720 [ 450.113944][T11970] #1: ffff8881417c8d40 (&port->lock#2){-.-.}-{3:3}, at: tty_port_close_start+0x5e/0x580 [ 450.113990][T11970] #2: ffffffff8df35980 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 [ 450.114030][T11970] #3: ffffffff8de1d238 (console_srcu){....}-{0:0}, at: console_flush_all+0x11a/0xb00 [ 450.114079][T11970] [ 450.114079][T11970] stack backtrace: [ 450.114090][T11970] CPU: 0 UID: 0 PID: 11970 Comm: syz.2.1705 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.114112][T11970] Tainted: [L]=SOFTLOCKUP [ 450.114119][T11970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 450.114129][T11970] Call Trace: [ 450.114136][T11970] [ 450.114143][T11970] dump_stack_lvl+0xe8/0x150 [ 450.114163][T11970] print_circular_bug+0x2e2/0x300 [ 450.114185][T11970] check_noncircular+0x12e/0x150 [ 450.114206][T11970] __lock_acquire+0x15a6/0x2cf0 [ 450.114232][T11970] ? console_flush_all+0x11a/0xb00 [ 450.114252][T11970] lock_acquire+0x107/0x340 [ 450.114267][T11970] ? console_flush_all+0x11a/0xb00 [ 450.114290][T11970] ? do_raw_spin_unlock+0x122/0x240 [ 450.114311][T11970] ? console_flush_all+0x11a/0xb00 [ 450.114332][T11970] console_flush_all+0x6bc/0xb00 [ 450.114351][T11970] ? console_flush_all+0x11a/0xb00 [ 450.114373][T11970] ? console_flush_all+0x11a/0xb00 [ 450.114397][T11970] ? __pfx_console_flush_all+0x10/0x10 [ 450.114419][T11970] ? is_printk_cpu_sync_owner+0x32/0x40 [ 450.114442][T11970] console_unlock+0xbb/0x190 [ 450.114462][T11970] ? __pfx_console_unlock+0x10/0x10 [ 450.114480][T11970] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 450.114498][T11970] ? _printk+0xcf/0x120 [ 450.114521][T11970] vprintk_emit+0x47b/0x550 [ 450.114542][T11970] ? __pfx_vprintk_emit+0x10/0x10 [ 450.114562][T11970] ? trace_contention_end+0x39/0x100 [ 450.114584][T11970] _printk+0xcf/0x120 [ 450.114608][T11970] ? __pfx__printk+0x10/0x10 [ 450.114629][T11970] ? do_raw_spin_lock+0x121/0x290 [ 450.114654][T11970] tty_port_close_start+0x3f4/0x580 [ 450.114676][T11970] tty_port_close+0x2a/0x170 [ 450.114694][T11970] ? __pfx_uart_close+0x10/0x10 [ 450.114710][T11970] tty_release+0x389/0x1720 [ 450.114727][T11970] ? do_raw_spin_unlock+0x122/0x240 [ 450.114750][T11970] ? tty_kref_put+0x176/0x1a0 [ 450.114771][T11970] ? tty_fasync+0x2ec/0x350 [ 450.114789][T11970] ? __pfx_tty_release+0x10/0x10 [ 450.114805][T11970] __fput+0x44c/0xa70 [ 450.114829][T11970] task_work_run+0x1d4/0x260 [ 450.114851][T11970] ? __pfx_task_work_run+0x10/0x10 [ 450.114876][T11970] exit_to_user_mode_loop+0xef/0x4e0 [ 450.114893][T11970] ? rcu_is_watching+0x15/0xb0 [ 450.114913][T11970] do_syscall_64+0x2c1/0xf80 [ 450.114931][T11970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.114947][T11970] ? trace_irq_disable+0x37/0x100 [ 450.114967][T11970] ? clear_bhb_loop+0x60/0xb0 [ 450.114984][T11970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.115000][T11970] RIP: 0033:0x7f65fe78f749 [ 450.115015][T11970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.115030][T11970] RSP: 002b:00007f65feb0fb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 450.115047][T11970] RAX: 0000000000000000 RBX: 00007f65fe9e7da0 RCX: 00007f65fe78f749 [ 450.115060][T11970] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 450.115080][T11970] RBP: 00007f65fe9e7da0 R08: 0000000000000000 R09: 00000003feb0fe7f [ 450.115092][T11970] R10: 000000000003fdc4 R11: 0000000000000246 R12: 000000000006e0e1 [ 450.115104][T11970] R13: 00007f65feb0fc80 R14: ffffffffffffffff R15: 00007f65feb0fca0 [ 450.115124][T11970] [ 451.516632][T11976] veth3: entered allmulticast mode