last executing test programs: 8.06391816s ago: executing program 4 (id=3729): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x33822}, [@IFLA_MASTER={0x8, 0xa, r1}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x3c}, 0x1, 0x3f, 0x0, 0x1}, 0x20040040) 8.022387285s ago: executing program 3 (id=3730): modify_ldt$write(0x1, &(0x7f0000000040)={0x401, 0x1000, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write2(0x11, &(0x7f0000000080)={0x20008, 0x0, 0x400, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010b2abd7000ffdbdf250e00000029c53002fe1baa4a710808059a7969a3b704fbb94d31361caa281d27f2b73f413c23398dd04885647b0b14c3a0720667c37f449667cc8c524f9f66614bae5171727149b8b414dba35ff34c46e1304f32651e01e8360870e8f785a1c7018906c6f49dddfe8d46848236e4e0ca208ce2e1258cb3bdd6e44ea6c6eba06175cc242ba3dd218d1ad968669c956b53c977f0d2058ac075eb0208e37ad8c02bc7517a63f22421e159236dd0f79388a49e454d7a7946dd1290048bed36ee3293ec8a39c2cfd62893676eaf88e4d4a10cd2411521fa67e4b5609736a026d4488a3a93bc2a505a7c360a2a9328d5b4df6a5ea9e2f66639fa2756b4a4d8353a4b109a"], 0x14}}, 0x0) r2 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x9) connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) sendmsg$AUDIT_SET_FEATURE(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3fa, 0x400, 0x70bd26, 0x25dfdbff, {0x7ffffffe, 0x0, 0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x800) r5 = syz_io_uring_setup(0x9e, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x118, &(0x7f0000000140)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x6, &(0x7f0000000380), 0x0, 0x4}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000003f040000000000002d400300000000006504000001ed00007b130000000000006c440000000000007b0a00fe000000007b13000000000000b5000000000000009500000000000000023bc865b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a621a464a3778433e6e393002e7f3be361957adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9aa0d7d600c095090000100000000031eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7005005b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fc152b7b9da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33290933896a59ff61622cfd9aa58fe8d485f062ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed415561c459565b1cd17572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7c00007502c7596566d674e425da5e87e59602a9f6590521d31d381eb3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2e454da0c052427d14c37960242b104e20dc2d9b0c3567aea26454a47b0f0797a7308d402ccdd9069bd50b994fda7a9de54022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c53c18294270a1ad10c80fef7c24b78b4ad83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca57138000b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae037f27feeb744ddcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0602a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844cea001ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e078b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1bb5916b9671b7000000000040f4bee5ad2dea2d070095265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879c8e7dc00624726042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b25393f7536bcda9f64b7c5640bf89d4a74d51dc233dee628c1dfbb55669f84784174b34eb234481547e484c6af101396b6977dd668b401391c1d2e242edccf1cabe6be9868d383ebf1db5aee9b73e92bb82c164ab14bb25189817742e054886ed6d7abbacf6319f3c050e7d53df64633eafcb64291b81188fab69b5a06fe029ce46c5cac1bb1ea8ea98aee207fa4c9618a9ce80bd8b530f4b9ba8860bf1e887ec670312ef0502e3d0a0e30dbaf38c042b7fd207c61e6b73d3b61d194acb4bf4d3e0187d62ee27cbee175eb2312209f68747eeeea30c1634d54799f42753df8e7462c6f5331ea8e56b5c4a373dfe9f111d0206f4e90f71c03bc24960dd84345e59e1289d47a929158babfb331f27370928198d2cd367e928e98c54c67b6382cb958fec947d2ece3695755bc71d55a84bb0a0da43cb9f526a20566e9d00cf9fe6be3adf3e0a05771d66664239d199ce84aa7f684c0ce4c342a85d654624736a3b9b067e2bd298ae8a2527ce59fba9448b13655281431335496da08ac626fe0b57ebb4ad0b9495a183587108b4308bc68eeca9062873703ed0ee726a7867436e01dcd6edf1583e7e17043afda8f46fdd688d461125d724404a310"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb, 0x0, 0xffffffffffffffff, 0xffb9}, 0x48) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', r8}, 0x14) 7.473207582s ago: executing program 4 (id=3735): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, '-'}]}, 0x24}}, 0x48000) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r4, @ANYBLOB="05005b"], 0x24}}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000026c0)={0x24, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, '\b'}]}, 0x24}}, 0x0) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.current\x00', 0x275a, 0x0) write$binfmt_misc(r12, &(0x7f0000000040), 0xe09) syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x40000) r13 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/sync_on_suspend', 0xc2602, 0x2bd) r14 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r15 = dup(r14) write$6lowpan_enable(r15, &(0x7f0000000000)='0', 0xfffffd2c) r16 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xfbc6, 0x10100, 0x8000003, 0x3, 0x0, r13}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r17, r18, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index, 0x0, 0x0, 0x0, {0x230}}) r19 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r15) sendmsg$TIPC_NL_BEARER_ENABLE(r12, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x70, r19, 0x300, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x5c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x400}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9ef5}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x14}, 0x44095) io_uring_enter(r16, 0x2ded, 0xed99, 0x0, 0x0, 0x0) r20 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r20, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) 6.345993858s ago: executing program 4 (id=3740): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) madvise(&(0x7f0000be8000/0x1000)=nil, 0x1000, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904ac00018fe7e20009058f"], 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000000000101e04000000000000000000022400010000000009040000010300000009210700ffffffff000905810300020000004d83f6607c794e32b9360b0a3087d790d4a5c03bb8f6038f98713ccfb6029f0e459bff27e3600a"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000700)=ANY=[@ANYBLOB="0180c209000e00000000000008004508007800000000000190780a010102ac1414aa0400907809000000000000000d00000000110000000000000a010101440c0001e00000014e2100004434ff21e000000100000000000000000000b62a1a9a1404000000000a010102000000030000000000000000e000000100000000003a906b7e000001"], 0x0) syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x400, 0x48940) ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f00000007c0)=""/166) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r4 = socket(0x22, 0x4, 0x0) bind$inet6(r4, &(0x7f0000000040)={0x1e, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0xfffffffd}, 0xa) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r4}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000180)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r5, 0xc01064c2, &(0x7f00000002c0)={0x0}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001", @ANYBLOB="8df773e39279b4a73702c8f67ac5c45494"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000d6915ed9a04ad1bbcb40e13aa740000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000000800038004000080"], 0x34}}, 0x8000) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f0000000380)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r12}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r5, 0xc01864cd, &(0x7f0000000340)={&(0x7f0000000400)=[r12, 0x0, r7, r8, r9, 0x0, 0x0, 0x0, r12, r11, r9, r6, r12, r12, r8, r7], &(0x7f0000000500), 0x10}) 5.69964951s ago: executing program 3 (id=3742): r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x3, 0xffff}, {0x0, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb07000000000000000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) syz_usb_connect(0x3, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e95b1710720500cbc9bb010203010902340001fb0000000904ca010338e88006090501021000060206090500000002f803070905061000041c0d090705c17a"], 0x0) r5 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x14f}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x6040051}, 0x40054) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9c, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 4.637024029s ago: executing program 4 (id=3750): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x38df, 0x4) connect$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "25beb819521eb41d", "cae5e9937ba539347092dd17d39ed975", 'LP3F', "50f641306280c4e9"}, 0x28) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6(0xa, 0x5, 0x7) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100002}, 0x94) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r2 = memfd_create(&(0x7f0000000440)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0 P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce\xff\a\x00\x00\x00\x00\x00\x00j+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2\xab\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x05\x11', 0x2) close(0x3) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x3) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x0, 0x0, 0x8000}) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x229) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x0, 0x20) pipe(&(0x7f0000000280)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r5, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r4], 0x38}}, 0x10) r6 = openat$sndseq(0xffffff9c, &(0x7f00000000c0), 0x20280) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r6, 0x404c534a, &(0x7f0000000100)={0x4a8, 0x805}) 4.365555564s ago: executing program 0 (id=3752): mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3) r0 = socket(0x1d, 0x2, 0x6) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x6a, 0x5, 0x0, &(0x7f0000000000)=0xfffffffffffffde4) 4.364709322s ago: executing program 4 (id=3753): modify_ldt$write(0x1, &(0x7f0000000040)={0x401, 0x1000, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10) modify_ldt$write2(0x11, &(0x7f0000000080)={0x20008, 0x0, 0x400, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010b2abd7000ffdbdf250e00000029c53002fe1baa4a710808059a7969a3b704fbb94d31361caa281d27f2b73f413c23398dd04885647b0b14c3a0720667c37f449667cc8c524f9f66614bae5171727149b8b414dba35ff34c46e1304f32651e01e8360870e8f785a1c7018906c6f49dddfe8d46848236e4e0ca208ce2e1258cb3bdd6e44ea6c6eba06175cc242ba3dd218d1ad968669c956b53c977f0d2058ac075eb0208e37ad8c02bc7517a63f22421e159236dd0f79388a49e454d7a7946dd1290048bed36ee3293ec8a39c2cfd62893676eaf88e4d4a10cd2411521fa67e4b5609736a026d4488a3a93bc2a505a7c360a2a9328d5b4df6a5ea9e2f66639fa2756b4a4d8353a4b109a"], 0x14}}, 0x0) r2 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x9) connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) sendmsg$AUDIT_SET_FEATURE(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3fa, 0x400, 0x70bd26, 0x25dfdbff, {0x7ffffffe, 0x0, 0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x800) r5 = syz_io_uring_setup(0x9e, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x118, &(0x7f0000000140)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x6, &(0x7f0000000380), 0x0, 0x4}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000003f040000000000002d400300000000006504000001ed00007b130000000000006c440000000000007b0a00fe000000007b13000000000000b5000000000000009500000000000000023bc865b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a621a464a3778433e6e393002e7f3be361957adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9aa0d7d600c095090000100000000031eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7005005b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fc152b7b9da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33290933896a59ff61622cfd9aa58fe8d485f062ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed415561c459565b1cd17572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7c00007502c7596566d674e425da5e87e59602a9f6590521d31d381eb3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2e454da0c052427d14c37960242b104e20dc2d9b0c3567aea26454a47b0f0797a7308d402ccdd9069bd50b994fda7a9de54022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c53c18294270a1ad10c80fef7c24b78b4ad83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca57138000b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae037f27feeb744ddcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0602a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844cea001ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e078b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1bb5916b9671b7000000000040f4bee5ad2dea2d070095265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879c8e7dc00624726042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b25393f7536bcda9f64b7c5640bf89d4a74d51dc233dee628c1dfbb55669f84784174b34eb234481547e484c6af101396b6977dd668b401391c1d2e242edccf1cabe6be9868d383ebf1db5aee9b73e92bb82c164ab14bb25189817742e054886ed6d7abbacf6319f3c050e7d53df64633eafcb64291b81188fab69b5a06fe029ce46c5cac1bb1ea8ea98aee207fa4c9618a9ce80bd8b530f4b9ba8860bf1e887ec670312ef0502e3d0a0e30dbaf38c042b7fd207c61e6b73d3b61d194acb4bf4d3e0187d62ee27cbee175eb2312209f68747eeeea30c1634d54799f42753df8e7462c6f5331ea8e56b5c4a373dfe9f111d0206f4e90f71c03bc24960dd84345e59e1289d47a929158babfb331f27370928198d2cd367e928e98c54c67b6382cb958fec947d2ece3695755bc71d55a84bb0a0da43cb9f526a20566e9d00cf9fe6be3adf3e0a05771d66664239d199ce84aa7f684c0ce4c342a85d654624736a3b9b067e2bd298ae8a2527ce59fba9448b13655281431335496da08ac626fe0b57ebb4ad0b9495a183587108b4308bc68eeca9062873703ed0ee726a7867436e01dcd6edf1583e7e17043afda8f46fdd688d461125d724404a310"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb, 0x0, 0xffffffffffffffff, 0xffb9}, 0x48) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', r8}, 0x14) 4.076875482s ago: executing program 2 (id=3754): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000280)='|', 0x1, 0xc010, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc) sendto$inet6(r0, &(0x7f0000000040)='\b', 0x1, 0x4040804, 0x0, 0x0) writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1) 4.039059999s ago: executing program 0 (id=3755): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="024000000000000050001280080001007369740044000280060010000300000008000300ac1414bb0500090089000000050004000300000008000300e0000001050005004000000005000a000000000008000300e000010108000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x80}}, 0x0) 3.607446957s ago: executing program 2 (id=3756): r0 = epoll_create1(0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0xb4, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x88, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0x8, 0x8, 0x6, 0x1, 0x2, 0xb, 0x8, 0xe796, [{0x101, 0x8000, 0xfff, 0xdea2}, {0x4c8f, 0x0, 0x0, 0x7}, {0x4, 0x0, 0x0, 0x8}, {0xe, 0x7, 0xfffffff7, 0xb464}, {0x4932d8f8, 0x5, 0x83, 0x10000}, {0x8, 0x9, 0x0, 0x8}]}}, @TCA_U32_MARK={0x10, 0xa, {0x7, 0xffff}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0) r11 = userfaultfd(0x801) ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0xc0, &(0x7f00000017c0)=0x9, 0xc06620, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r12, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r12, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r12, &(0x7f0000000080)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r12, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x12, r12, 0x604ab000) 3.249497668s ago: executing program 1 (id=3757): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x40004}, 0x20050840) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r1 = openat$zero(0xffffff9c, &(0x7f0000000100), 0x12800, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) 3.19976574s ago: executing program 0 (id=3758): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x89}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}, 0x1, 0xa000000}, 0x0) 3.14251847s ago: executing program 3 (id=3759): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x90, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffff1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x5}, @TCA_FQ_FLOW_REFILL_DELAY={0x8}]}}, @TCA_STAB={0x50, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, {0xfffffffffffffd2f, 0x2, [0x0, 0x0, 0x0, 0x0]}}]}]}, 0x90}}, 0x0) 3.005331201s ago: executing program 0 (id=3760): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003940)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {0x0, 0xfff1}, {0xc, 0x4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x64, 0x0, 0x1, 0x80000001}]}}]}}]}, 0x44}}, 0x0) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x3a) ftruncate(r3, 0x6000000) (async, rerun: 64) fremovexattr(r3, &(0x7f0000000100)=@random={'security.', '\x00'}) (async, rerun: 64) copy_file_range(r3, 0x0, r3, &(0x7f00000004c0)=0x100, 0x9, 0x0) (async, rerun: 64) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x140c, 0x2, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x10) (rerun: 64) 2.809355834s ago: executing program 3 (id=3761): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="f8000000100013040000000000000000e000000100000000000000000000000020010000000000000000000000000002fffd00004e2400090200002000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="64010100000000000000000000000000000000202b000000fe8000000000000000000000000000aa00000000000000000700000400000000000000ffffffffffffffff0400000000000000f2ffffffffffffff000000000000000003000000010000000800000000000000cc0000000000000000000000000000000d0000000000000000000000000000000000000002000001080000000800160006000000cba2008374fd9d4ae19379dbd24f0bf4d31f0f26855f1e521a819e0a6bf81b1904ee607d9c0e976427fe935a1f936e656a085a0cb9d2a1c65a730dc309019987d6403eb00174707db55be2ac17576fab8d52ef45d68dbf3e4fb6f3a0420fd7cfe1f361a991d9ea15057113eca147f44adc31c1cac7d58464a29bfc13997e8da120c3b12dd156c9c73e4e5d17851ea1d685a7c1b048a01d1fca8d937ef021359cf38c2228b40408608a0c1866ed62ee51fcd90d708ce9ee054ef9845ea84cfb2255b3ff4222a5661241e7a16fe6d4f58ad775783f903f911a05c3c56cebeb98b64acaa6c3530f3483d5"], 0xf8}}, 0x4880) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r2, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x80}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x1e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x49}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0000}, 0x20000004) 2.751268364s ago: executing program 1 (id=3762): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x1ff}, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) r4 = syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x680) ioctl$NBD_SET_BLKSIZE(r4, 0xab01, 0x9) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r3, 0x0, 0x0, 0x800) recvmsg(r5, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) syz_open_dev$video4linux(&(0x7f0000000c80), 0x200007, 0x8482) openat$sndseq(0xffffff9c, &(0x7f0000000140), 0x8080) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYRES32, @ANYBLOB='\x00'/14, @ANYRES32=0x0, @ANYRES32], 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xc0, 0x49, 0x7fff0000}]}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0xc040128b, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) 2.706133643s ago: executing program 2 (id=3763): r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/cgroup.procs\x00', 0x2, 0x128) io_setup(0x1000, &(0x7f0000001d00)=0x0) io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f00000009c0)="331e", 0x2, 0x4}]) r2 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r2, 0x4008941a, &(0x7f0000000080)) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) writev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000200)="9c30fb4d", 0x4}], 0x1) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x7}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r8}, {}, {0x46, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r10 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r10, 0xc0184800, &(0x7f0000000100)={0x20004, r7, 0x80000}) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00') mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000001c0)={r11, 0xa1, &(0x7f0000000200)}, 0x14) 2.54148441s ago: executing program 0 (id=3764): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x20, 0x0, 0x0, 0xc1f, 0xa, 0x0, 0x80, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x3000000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x1000, 0x0, 0xa, 0x20}, {}, {0x1, 0x6, 0x0, 0xfffffffffffffffe}}}, 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) 2.084299561s ago: executing program 3 (id=3765): socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) (async, rerun: 32) r0 = userfaultfd(0x801) r1 = socket$inet6_udp(0xa, 0x2, 0x0) (async, rerun: 32) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000380)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x8000, 0x80, 0x3ff, 0x40, {{0x18, 0x4, 0x2, 0x8, 0x60, 0x64, 0x0, 0x1, 0x29, 0x0, @remote, @empty, {[@generic={0x0, 0x12, "cc09c2ce32ee0f0c3b960b6e2ad6166f"}, @cipso={0x86, 0x21, 0x3, [{0x0, 0x11, "7c92d5b52d7f9c43cf4eeb7ed8a8be"}, {0x0, 0xa, "346ed216935a3c12"}]}, @rr={0x7, 0x17, 0x95, [@remote, @loopback, @multicast1, @local, @empty]}]}}}}}) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'syztnl0\x00', r2, 0x29, 0x8, 0x3, 0x9, 0x30, @local, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x20, 0xe, 0x7, 0x81}}) (async) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x318}) (async, rerun: 32) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async, rerun: 32) r4 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000000340)=@ethtool_link_settings={0x4d, 0x81, 0x2, 0x6, 0x4, 0x7, 0xfb, 0x7f, 0x5, 0xd0, [0x10001, 0x7, 0x4f5579d5, 0x2e4, 0x0, 0x1000, 0x5, 0x6]}}) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f92705f69643d", @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x0, 0x0, 0x0) (async) mount$fuseblk(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x330e0, 0x0) (async) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (async) ioctl$UFFDIO_CONTINUE(r0, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) (async) r5 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff) r6 = add_key$user(&(0x7f0000000140), &(0x7f0000002840)={'syz', 0x0}, &(0x7f0000002880)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eccab940ab5c96cb5d81dac1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb75b9138dde818a3c6b96dd80", 0xc0, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000500)={r6, r6, r5}, &(0x7f0000000b40)=""/4111, 0x100f, 0x0) (async, rerun: 64) r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async, rerun: 64) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0) (async, rerun: 32) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0, 0x2000}) (rerun: 32) ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000080)) r9 = eventfd2(0x80000d, 0x80000) (async) r10 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f0000000800)={0xa0000015}) (async) ioctl$VHOST_SET_VRING_ERR(r8, 0x4008af22, &(0x7f00000001c0)={0x0, r9}) (async) ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0xffff1000}) (async) ioctl$VHOST_SET_VRING_KICK(r8, 0x4008af20, &(0x7f0000000000)={0x0, r9}) (async, rerun: 32) ioctl$VHOST_VSOCK_SET_RUNNING(r8, 0x4004af61, &(0x7f00000000c0)=0x1) (async, rerun: 32) keyctl$KEYCTL_MOVE(0x1e, r7, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1) 2.013004024s ago: executing program 0 (id=3766): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x1, 0x0) socket$kcm(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000080000000200000005000000", @ANYRES32=r0], 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x22, 0xa, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1000}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x10000}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x810) r10 = socket$unix(0x1, 0x1, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r12, {0x0, 0xf}, {0x2, 0xb}, {0x4, 0xb}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x280, 0x7f, 0xfff, 0xe2}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000180)) 1.820394322s ago: executing program 4 (id=3767): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = open(0x0, 0x80ff, 0x88) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000)=0x0) timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$char_usb(r2, 0x0, 0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SUBDIVIDE(r6, 0xc0045009, &(0x7f0000000140)=0x1) r7 = socket$packet(0x11, 0x3, 0x300) set_mempolicy(0x3, &(0x7f0000000100)=0x3, 0x9) r8 = socket$kcm(0x2, 0x200000000000001, 0x106) r9 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0185647, &(0x7f00000001c0)={0x990000, 0x4, 0x400, r3, 0x0, &(0x7f0000000180)={0x990966, 0x800, '\x00', @value64=0x5}}) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x50, 0x9d, 0x10, 0x40, 0x61d, 0xc170, 0xb188, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd4, 0x0, 0x0, 0x4b, 0x72, 0x86}}]}}]}}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r11, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r11, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x9}, @TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80015}, 0x4000) sendmsg$inet(r8, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) setsockopt$packet_tx_ring(r7, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc, 0x2000000}, 0x1c) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) 1.418160492s ago: executing program 2 (id=3768): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="024000000000000050001280080001007369740044000280060010000300000008000300ac1414bb0500090089000000050004000300000008000300e0000001050005004000000005000a000000000008000300e000010108000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x80}}, 0x0) 1.389863234s ago: executing program 3 (id=3769): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/bpf', 0xe0a82, 0x0) madvise(&(0x7f000078e000/0x4000)=nil, 0x4000, 0x17) r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x26}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c0000001000000400000000000000e600000000a242dec70c5616d79ee76a9c6eeed74ed16a75520305a2e8cd9c83d65458fff78c7fa675af69f6581d7d04c857602674d538a8ff463366f5e8e474cafa356d0a2b1c8b2799a9cbd9fb1cf2566c5f49aa2258397d5cdf08c98ba6e471f1ba7493cdc82107cdb5d63209aba84a94d853a8af68343bd8e1fba3f9bc121750dd293258be6a447196fd17532baf153ac1ab2a927b70448ac3647372fc7af51df3551273c1c8a2981c", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="00000000051401000a000100aaaaaaaaaafb00000800040080000000"], 0x5c}}, 0x0) openat$cgroup_ro(r2, &(0x7f0000000400)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r5, &(0x7f00000000c0), 0x2) read(r5, &(0x7f00000001c0)=""/93, 0x5d) r6 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x414, 0x0, 0x9403, 0x0, 0x240, 0x2c0, 0x34c, 0x3d8, 0x3d8, 0x34c, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x218, 0x240, 0x1d, {}, [@inet=@rpfilter={{0x24}, {0x4}}, @common=@inet=@hashlimit2={{0x150}, {'syz_tun\x00', {0x100, 0xffffffff, 0x2, 0x56, 0x1000000, 0x1, 0x800, 0x40, 0x8}, {0xffff0001}}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x8, 0x1}}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x3, 0x40a, 0x6, 'snmp_trap\x00', 'syz1\x00', {0x1}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x470) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xba9, 0x2, 0xffffffff, 0x2e6}, 0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c0, 0x20, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000000)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(0xffffffffffffffff, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000003e00)}}], 0x1, 0x0, 0x0) r9 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r9, &(0x7f0000000240)={0xa, 0xfffd, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x42}, 0x1c) connect$inet6(r9, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000100)={'macvtap0\x00', &(0x7f0000000180)=@ethtool_link_settings={0x1, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, [0x0, 0x7, 0x0, 0x100, 0xf, 0x79, 0x1, 0x4]}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) 1.169465778s ago: executing program 1 (id=3770): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) read(r0, &(0x7f0000000140)=""/238, 0xee) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) close(r0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000003, 0x12, r1, 0x8000000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000080)=0x2000000, 0x200000, 0x4) 780.085304ms ago: executing program 2 (id=3771): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) (async) ptrace(0x10, 0x1) (async) open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) (async) r0 = socket(0x10, 0x3, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-serpent-avx2\x00'}, 0x58) (async) socket(0x10, 0x3, 0x0) (async) creat(&(0x7f0000000040)='./file0\x00', 0x2) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) (async) landlock_restrict_self(r1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) (async) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1add7bb5ac607d93}, [@IFLA_IFNAME={0x14, 0x3, 'ip6tnl0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x8}]}}}]}, 0x50}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x3, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES16=r3], 0x0) 629.566272ms ago: executing program 1 (id=3772): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000340)={@local, @random="fad1e048716e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080046080020cb215a238f2723eb00000000000000004402000000004e2000089078"], 0x0) 423.15744ms ago: executing program 1 (id=3773): r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000140)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e23, 0xe, @dev={0xfe, 0x80, '\x00', 0x25}, 0x4}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x7b, {{0xa, 0x4e22, 0xba, @private1={0xfc, 0x1, '\x00', 0x1}, 0xd}}, {{0xa, 0x4e21, 0x6, @dev={0xfe, 0x80, '\x00', 0xe}, 0x7ff}}}, 0x104) (async) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x104, 0x4) (async) sendmmsg$inet6(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000480)="b48ded36af", 0x5}], 0x1}}], 0x1, 0x0) 137.107035ms ago: executing program 2 (id=3774): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000080), 0x8000000000000001, 0x1c1280) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/resume_offset', 0x40901, 0x10) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000440)={r1, 0x0, {0x0, 0x0, 0x0, 0x400, 0xfff, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d2000000000000004db5ca3000", "24431a1e77a68e174b0000000000000c0010e200000000000000000200000200", [0x0, 0xfffffffffffffffe]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 0s ago: executing program 1 (id=3775): r0 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x8040) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffe, 0x6, 0x46, @buffer={0x0, 0x0, 0x0}, &(0x7f00000000c0)="aaedaec886dd", 0x0, 0x3, 0x10006, 0x0, 0x0}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r1, &(0x7f0000002c40)=""/4119, 0x1017, 0x3) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) syz_open_dev$media(0x0, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_ABSBIT(r6, 0x40045567, 0x2) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340), 0x0, 0x2, 0x0, 0x0, r8}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f0000000440)={0x1, r9, r8}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, 0x0) write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x0, 0x1, 0x2, 0x8}}, 0x11c) r10 = syz_open_dev$vcsa(0x0, 0x1b86, 0x0) ioctl$int_in(r7, 0x5452, &(0x7f0000001840)=0x4d4) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r10, 0x7a5, 0x0) write$UHID_DESTROY(r3, &(0x7f0000000200), 0x4) lseek(r1, 0x746bfcfc, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) kernel console output (not intermixed with test programs): cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 880.545064][T17424] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 880.545087][T17424] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 880.545102][T17424] RDX: 00000000ffffff96 RSI: 0000000000000000 RDI: 0000000000000000 [ 880.545116][T17424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 880.545130][T17424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 880.545143][T17424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 880.545176][T17424] [ 881.127962][T17257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 881.172544][T17257] veth0_vlan: entered promiscuous mode [ 881.185768][T17257] veth1_vlan: entered promiscuous mode [ 881.257893][T17257] veth0_macvtap: entered promiscuous mode [ 881.269148][T17257] veth1_macvtap: entered promiscuous mode [ 881.290881][T17257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 881.336128][T17257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 881.412378][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.422030][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.445311][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.503720][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.205415][ T3427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.241001][T17445] x_tables: ip_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 882.256868][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 882.256884][ T30] audit: type=1326 audit(1766347299.644:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 882.444313][ T3427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.508705][ T30] audit: type=1326 audit(1766347299.644:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 882.564226][ T52] Bluetooth: hci2: command 0x0406 tx timeout [ 882.586255][ T3727] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 882.594799][ T30] audit: type=1326 audit(1766347299.644:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 882.662550][ T3727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 882.677802][ T30] audit: type=1326 audit(1766347299.644:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 882.794251][ T30] audit: type=1326 audit(1766347299.644:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 882.968025][ T30] audit: type=1326 audit(1766347299.644:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 883.107415][ T30] audit: type=1326 audit(1766347299.654:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 883.214061][ T30] audit: type=1326 audit(1766347299.654:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 883.338636][ T30] audit: type=1326 audit(1766347299.654:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 883.421838][ T30] audit: type=1326 audit(1766347299.654:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17440 comm="syz.3.3346" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 884.027546][T17463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3347'. [ 884.363029][T10395] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 884.462526][T15795] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 884.483151][T15673] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 884.524827][T10395] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 884.534375][T10395] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 884.546402][T10395] usb 3-1: config 0 descriptor?? [ 884.583104][T10395] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input58 [ 884.625171][T15795] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 884.633473][T15673] usb 2-1: Using ep0 maxpacket: 8 [ 884.639545][T15795] usb 4-1: config 0 has no interface number 0 [ 884.646152][T15673] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 884.646201][T15673] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 884.662023][T15795] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 884.679729][T17477] FAULT_INJECTION: forcing a failure. [ 884.679729][T17477] name failslab, interval 1, probability 0, space 0, times 0 [ 884.689787][T15673] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 884.706365][T15673] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 884.716665][T15673] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 884.725402][T15673] usb 2-1: Product:   [ 884.726477][T15795] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 884.730267][T15673] usb 2-1: Manufacturer: 倊 [ 884.746372][T17477] CPU: 1 UID: 0 PID: 17477 Comm: syz.4.3352 Tainted: G L syzkaller #0 PREEMPT(full) [ 884.746407][T17477] Tainted: [L]=SOFTLOCKUP [ 884.746416][T17477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 884.746431][T17477] Call Trace: [ 884.746441][T17477] [ 884.746451][T17477] dump_stack_lvl+0xe8/0x150 [ 884.746484][T17477] should_fail_ex+0x414/0x560 [ 884.746524][T17477] should_failslab+0xa8/0x100 [ 884.746553][T17477] __kmalloc_cache_noprof+0x84/0x700 [ 884.746576][T17477] ? sctp_add_bind_addr+0x8c/0x370 [ 884.746612][T17477] sctp_add_bind_addr+0x8c/0x370 [ 884.746646][T17477] sctp_copy_local_addr_list+0x30b/0x4e0 [ 884.746689][T17477] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 884.746720][T17477] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 884.746756][T17477] ? sctp_v4_is_any+0x35/0x60 [ 884.746788][T17477] ? sctp_copy_one_addr+0x93/0x360 [ 884.746823][T17477] sctp_bind_addr_copy+0xb3/0x3c0 [ 884.746856][T17477] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 884.746886][T17477] sctp_connect_new_asoc+0x2e0/0x690 [ 884.746910][T17477] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 884.746938][T17477] ? __local_bh_enable_ip+0xd0/0x130 [ 884.746959][T17477] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 884.746981][T17477] ? security_sctp_bind_connect+0x7e/0x2e0 [ 884.747005][T17477] sctp_sendmsg+0x155c/0x2840 [ 884.747039][T17477] ? __pfx_sctp_sendmsg+0x10/0x10 [ 884.747056][T17477] ? aa_sk_perm+0x15f/0x920 [ 884.747083][T17477] ? aa_sk_perm+0x7ee/0x920 [ 884.747113][T17477] ? __pfx_aa_sk_perm+0x10/0x10 [ 884.747140][T17477] ? sock_rps_record_flow+0x19/0x410 [ 884.747172][T17477] ? inet_sendmsg+0x2f4/0x370 [ 884.747206][T17477] __sock_sendmsg+0x19c/0x270 [ 884.747242][T17477] ____sys_sendmsg+0x505/0x820 [ 884.747276][T17477] ? __pfx_____sys_sendmsg+0x10/0x10 [ 884.747309][T17477] ? kstrtouint+0x6e/0xe0 [ 884.747351][T17477] ___sys_sendmsg+0x21f/0x2a0 [ 884.747381][T17477] ? __pfx____sys_sendmsg+0x10/0x10 [ 884.747408][T17477] ? get_pid_task+0x20/0x1f0 [ 884.747436][T17477] ? get_pid_task+0x20/0x1f0 [ 884.747461][T17477] ? get_pid_task+0x20/0x1f0 [ 884.747522][T17477] ? __fget_files+0x2a/0x420 [ 884.747550][T17477] ? __fget_files+0x3a0/0x420 [ 884.747589][T17477] __sys_sendmsg+0x164/0x220 [ 884.747618][T17477] ? __pfx___sys_sendmsg+0x10/0x10 [ 884.747656][T17477] ? __pfx_ksys_write+0x10/0x10 [ 884.747701][T17477] __do_fast_syscall_32+0x1dc/0x560 [ 884.747727][T17477] ? lockdep_hardirqs_on+0x7b/0x110 [ 884.747748][T17477] ? do_fast_syscall_32+0x34/0x80 [ 884.747773][T17477] ? irqentry_exit+0x10f/0x660 [ 884.747799][T17477] do_fast_syscall_32+0x34/0x80 [ 884.747825][T17477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 884.747853][T17477] RIP: 0023:0xf70cd539 [ 884.747873][T17477] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 884.747892][T17477] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 884.747916][T17477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000700 [ 884.747932][T17477] RDX: 0000000024000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 884.747946][T17477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 884.747959][T17477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 884.747973][T17477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 884.748006][T17477] [ 884.785793][T15673] usb 2-1: SerialNumber: 㰁 [ 884.937024][T15795] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 885.113153][T17467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 885.130058][T15795] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 885.141635][T15795] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 885.152905][T15795] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 885.166393][T15795] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 885.175594][T15795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.190115][T17467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 885.199027][T17469] loop8: detected capacity change from 0 to 8 [ 885.208754][T17469] Dev loop8: unable to read RDB block 8 [ 885.219880][T15795] usb 4-1: config 0 descriptor?? [ 885.233850][T17472] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 885.241349][T17472] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 885.251828][T17469] loop8: unable to read partition table [ 885.258688][T17469] loop8: partition table beyond EOD, truncated [ 885.269708][T15795] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 885.278110][T17469] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 885.330233][T15673] cdc_ncm 2-1:1.0: bind() failure [ 885.354150][T15673] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 885.366340][T15673] cdc_ncm 2-1:1.1: bind() failure [ 885.414776][T15673] usb 2-1: USB disconnect, device number 64 [ 885.460529][T17480] fuse: Unknown parameter 'f' [ 886.064510][ T5944] usb 4-1: USB disconnect, device number 9 [ 886.090163][ T5944] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 886.157841][T17486] bond0: (slave syz_tun): Releasing backup interface [ 886.177933][T17490] program syz.3.3358 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 886.466711][T17486] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 887.024236][T15673] usb 3-1: USB disconnect, device number 10 [ 887.156353][T16567] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 887.282769][T15793] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 887.372371][T16567] usb 2-1: Using ep0 maxpacket: 16 [ 887.379245][T16567] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 887.412371][T15793] usb 4-1: device descriptor read/64, error -71 [ 887.419500][T16567] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 887.442975][T16567] usb 2-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 887.454486][T16567] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.467416][T16567] usb 2-1: config 0 descriptor?? [ 887.663260][T15793] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 887.812705][T15793] usb 4-1: device descriptor read/64, error -71 [ 887.821272][T17550] syzkaller0: entered promiscuous mode [ 887.828960][T17550] syzkaller0: entered allmulticast mode [ 887.963071][T15793] usb usb4-port1: attempt power cycle [ 887.969451][T16567] zydacron 0003:13EC:0006.0032: unknown main item tag 0x0 [ 887.973146][T17550] FAULT_INJECTION: forcing a failure. [ 887.973146][T17550] name failslab, interval 1, probability 0, space 0, times 0 [ 887.988428][T16567] zydacron 0003:13EC:0006.0032: unknown main item tag 0x0 [ 888.000021][T16567] zydacron 0003:13EC:0006.0032: unknown main item tag 0x0 [ 888.010092][T16567] zydacron 0003:13EC:0006.0032: unknown main item tag 0x0 [ 888.017459][T17550] CPU: 0 UID: 0 PID: 17550 Comm: syz.0.3379 Tainted: G L syzkaller #0 PREEMPT(full) [ 888.017485][T17550] Tainted: [L]=SOFTLOCKUP [ 888.017491][T17550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 888.017501][T17550] Call Trace: [ 888.017509][T17550] [ 888.017518][T17550] dump_stack_lvl+0xe8/0x150 [ 888.017543][T17550] should_fail_ex+0x414/0x560 [ 888.017572][T17550] should_failslab+0xa8/0x100 [ 888.017593][T17550] __kmalloc_cache_noprof+0x84/0x700 [ 888.017611][T17550] ? __tipc_nl_bearer_enable+0xab3/0x13f0 [ 888.017633][T17550] __tipc_nl_bearer_enable+0xab3/0x13f0 [ 888.017656][T17550] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 888.017669][T17550] ? __mutex_lock+0x335/0x1350 [ 888.017722][T17550] ? __asan_memcpy+0x40/0x70 [ 888.017757][T17550] ? nla_put+0xd0/0x150 [ 888.017786][T17550] ? tipc_nl_compat_bearer_enable+0x427/0x5d0 [ 888.017822][T17550] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 888.017846][T17550] ? __nla_parse+0x40/0x60 [ 888.017865][T17550] tipc_nl_compat_doit+0x3bc/0x5f0 [ 888.017890][T17550] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 888.017919][T17550] ? bpf_lsm_capable+0x9/0x20 [ 888.017937][T17550] ? security_capable+0x7e/0x2e0 [ 888.017960][T17550] tipc_nl_compat_recv+0x83c/0xbe0 [ 888.017982][T17550] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 888.018000][T17550] ? __mutex_trylock_common+0x153/0x260 [ 888.018021][T17550] ? __pfx___mutex_trylock_common+0x10/0x10 [ 888.018039][T17550] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 888.018053][T17550] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 888.018078][T17550] ? trace_contention_end+0x39/0x100 [ 888.018104][T17550] genl_family_rcv_msg_doit+0x215/0x300 [ 888.018124][T17550] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 888.018156][T17550] genl_rcv_msg+0x60e/0x790 [ 888.018175][T17550] ? __pfx_genl_rcv_msg+0x10/0x10 [ 888.018188][T17550] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 888.018209][T17550] ? __asan_memcpy+0x40/0x70 [ 888.018231][T17550] ? __pfx_ref_tracker_free+0x10/0x10 [ 888.018245][T17550] ? __skb_clone+0x63/0x7a0 [ 888.018268][T17550] netlink_rcv_skb+0x208/0x470 [ 888.018288][T17550] ? __pfx_genl_rcv_msg+0x10/0x10 [ 888.018303][T17550] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 888.018319][T17550] ? genl_rcv+0x19/0x40 [ 888.018373][T17550] ? down_read+0x274/0x2e0 [ 888.018390][T17550] ? genl_rcv+0xd/0x40 [ 888.018414][T17550] genl_rcv+0x28/0x40 [ 888.018436][T17550] netlink_unicast+0x82f/0x9e0 [ 888.018460][T17550] ? __pfx_netlink_unicast+0x10/0x10 [ 888.018476][T17550] ? __alloc_skb+0x198/0x3a0 [ 888.018492][T17550] ? netlink_sendmsg+0x642/0xb30 [ 888.018511][T17550] ? skb_put+0x11b/0x210 [ 888.018530][T17550] netlink_sendmsg+0x805/0xb30 [ 888.018556][T17550] ? __pfx_netlink_sendmsg+0x10/0x10 [ 888.018578][T17550] ? __import_iovec+0x5d4/0x7f0 [ 888.018595][T17550] ? aa_sock_msg_perm+0xf1/0x1b0 [ 888.018618][T17550] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 888.018633][T17550] ? __pfx_netlink_sendmsg+0x10/0x10 [ 888.018653][T17550] __sock_sendmsg+0x21c/0x270 [ 888.018679][T17550] ____sys_sendmsg+0x505/0x820 [ 888.018714][T17550] ? __pfx_____sys_sendmsg+0x10/0x10 [ 888.018763][T17550] ? kstrtouint+0x6e/0xe0 [ 888.018792][T17550] ___sys_sendmsg+0x21f/0x2a0 [ 888.018830][T17550] ? __pfx____sys_sendmsg+0x10/0x10 [ 888.018856][T17550] ? get_pid_task+0x20/0x1f0 [ 888.018883][T17550] ? get_pid_task+0x20/0x1f0 [ 888.018909][T17550] ? get_pid_task+0x20/0x1f0 [ 888.018962][T17550] ? __fget_files+0x2a/0x420 [ 888.018981][T17550] ? __fget_files+0x3a0/0x420 [ 888.019008][T17550] __sys_sendmsg+0x164/0x220 [ 888.019029][T17550] ? __pfx___sys_sendmsg+0x10/0x10 [ 888.019054][T17550] ? __pfx_ksys_write+0x10/0x10 [ 888.019078][T17550] __do_fast_syscall_32+0x1dc/0x560 [ 888.019096][T17550] ? lockdep_hardirqs_on+0x7b/0x110 [ 888.019110][T17550] ? do_fast_syscall_32+0x34/0x80 [ 888.019127][T17550] ? irqentry_exit+0x10f/0x660 [ 888.019145][T17550] do_fast_syscall_32+0x34/0x80 [ 888.019162][T17550] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 888.019181][T17550] RIP: 0023:0xf702d539 [ 888.019195][T17550] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 888.019209][T17550] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 888.019226][T17550] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800002c0 [ 888.019236][T17550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 888.019246][T17550] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 888.019254][T17550] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 888.019264][T17550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 888.019286][T17550] [ 888.483515][T16567] zydacron 0003:13EC:0006.0032: unknown main item tag 0x0 [ 888.533672][T16567] zydacron 0003:13EC:0006.0032: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.1-1/input0 [ 888.586816][T16567] usb 2-1: USB disconnect, device number 65 [ 888.701260][T17553] fido_id[17553]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 888.812364][T15793] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 888.845443][T15793] usb 4-1: device descriptor read/8, error -71 [ 888.992478][T15795] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 889.102721][T15793] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 889.142393][T15795] usb 5-1: device descriptor read/64, error -71 [ 889.143897][T15793] usb 4-1: device descriptor read/8, error -71 [ 889.267273][T15793] usb usb4-port1: unable to enumerate USB device [ 889.339584][T17571] bond1: entered promiscuous mode [ 889.344760][T17571] bond1: entered allmulticast mode [ 889.382773][T15795] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 889.523299][T15795] usb 5-1: device descriptor read/64, error -71 [ 889.652972][T15795] usb usb5-port1: attempt power cycle [ 890.016686][T15795] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 890.024851][T10404] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 890.073376][T15795] usb 5-1: device descriptor read/8, error -71 [ 890.182423][T10404] usb 2-1: Using ep0 maxpacket: 8 [ 890.204147][T10404] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 890.214137][T10404] usb 2-1: config 0 has no interface number 0 [ 890.233102][T10404] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 890.332765][T15795] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 890.357632][T10404] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 890.371044][T15795] usb 5-1: device descriptor read/8, error -71 [ 890.377665][T10404] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 890.423589][T10404] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 890.445958][T10404] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 890.493245][T15795] usb usb5-port1: unable to enumerate USB device [ 890.501534][T10404] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.509809][T10404] usb 2-1: Product: syz [ 890.571446][T10404] usb 2-1: Manufacturer: syz [ 890.579927][T10404] usb 2-1: SerialNumber: syz [ 890.665863][T10404] usb 2-1: config 0 descriptor?? [ 890.903035][T10404] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 891.527324][T17612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3396'. [ 891.624054][T17614] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 892.185388][T17628] FAULT_INJECTION: forcing a failure. [ 892.185388][T17628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 892.199072][T17628] CPU: 1 UID: 0 PID: 17628 Comm: syz.2.3403 Tainted: G L syzkaller #0 PREEMPT(full) [ 892.199105][T17628] Tainted: [L]=SOFTLOCKUP [ 892.199117][T17628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 892.199129][T17628] Call Trace: [ 892.199137][T17628] [ 892.199145][T17628] dump_stack_lvl+0xe8/0x150 [ 892.199175][T17628] should_fail_ex+0x414/0x560 [ 892.199214][T17628] _copy_from_iter+0x1cd/0x1630 [ 892.199247][T17628] ? __pfx__copy_from_iter+0x10/0x10 [ 892.199267][T17628] ? sock_alloc_send_pskb+0x86b/0x980 [ 892.199301][T17628] ? __pfx__copy_from_iter+0x10/0x10 [ 892.199334][T17628] ? page_copy_sane+0x4e/0x280 [ 892.199358][T17628] copy_page_from_iter+0xdd/0x170 [ 892.199386][T17628] skb_copy_datagram_from_iter+0x306/0x720 [ 892.199428][T17628] tun_get_user+0x1683/0x3dc0 [ 892.199476][T17628] ? aa_file_perm+0x44c/0x1530 [ 892.199505][T17628] ? __pfx_tun_get_user+0x10/0x10 [ 892.199534][T17628] ? __lock_acquire+0x6b6/0x2cf0 [ 892.199577][T17628] ? kstrtoull+0x12f/0x1d0 [ 892.199618][T17628] ? ref_tracker_alloc+0x318/0x460 [ 892.199638][T17628] ? get_pid_task+0x20/0x1f0 [ 892.199668][T17628] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 892.199692][T17628] ? tun_get+0x1c/0x2f0 [ 892.199717][T17628] ? tun_get+0x1c/0x2f0 [ 892.199748][T17628] ? tun_get+0x1c/0x2f0 [ 892.199774][T17628] ? tun_get+0x1c/0x2f0 [ 892.199804][T17628] tun_chr_write_iter+0x113/0x200 [ 892.199833][T17628] vfs_write+0x5c9/0xb30 [ 892.199860][T17628] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 892.199887][T17628] ? __pfx_vfs_write+0x10/0x10 [ 892.199919][T17628] ? __fget_files+0x2a/0x420 [ 892.199956][T17628] ksys_write+0x145/0x250 [ 892.199980][T17628] ? __pfx_ksys_write+0x10/0x10 [ 892.200012][T17628] __do_fast_syscall_32+0x1dc/0x560 [ 892.200038][T17628] ? lockdep_hardirqs_on+0x7b/0x110 [ 892.200059][T17628] ? do_fast_syscall_32+0x34/0x80 [ 892.200083][T17628] ? irqentry_exit+0x10f/0x660 [ 892.200110][T17628] do_fast_syscall_32+0x34/0x80 [ 892.200135][T17628] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 892.200161][T17628] RIP: 0023:0xf7f15539 [ 892.200181][T17628] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 892.200200][T17628] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 892.200223][T17628] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002280 [ 892.200238][T17628] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000 [ 892.200252][T17628] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 892.200265][T17628] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 892.200277][T17628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 892.200309][T17628] [ 892.951549][T16567] usb 2-1: USB disconnect, device number 66 [ 893.054348][T17639] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3406'. [ 893.221991][T17645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3407'. [ 893.319323][T17650] FAULT_INJECTION: forcing a failure. [ 893.319323][T17650] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 893.332738][T10404] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 893.341387][T17650] CPU: 0 UID: 0 PID: 17650 Comm: syz.2.3410 Tainted: G L syzkaller #0 PREEMPT(full) [ 893.341422][T17650] Tainted: [L]=SOFTLOCKUP [ 893.341431][T17650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 893.341444][T17650] Call Trace: [ 893.341453][T17650] [ 893.341463][T17650] dump_stack_lvl+0xe8/0x150 [ 893.341497][T17650] should_fail_ex+0x414/0x560 [ 893.341537][T17650] prepare_alloc_pages+0x22b/0x650 [ 893.341571][T17650] __alloc_frozen_pages_noprof+0x123/0x370 [ 893.341602][T17650] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 893.341634][T17650] ? lruvec_stat_mod_folio+0x6f/0x2e0 [ 893.341666][T17650] ? policy_nodemask+0x27c/0x720 [ 893.341698][T17650] alloc_pages_mpol+0x232/0x4a0 [ 893.341730][T17650] vma_alloc_folio_noprof+0xe4/0x200 [ 893.341757][T17650] ? page_table_check_set+0x148/0x610 [ 893.341778][T17650] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 893.341802][T17650] ? css_rstat_updated+0x239/0x520 [ 893.341841][T17650] ? ___pte_offset_map+0x29/0x240 [ 893.341875][T17650] folio_prealloc+0x30/0x180 [ 893.341899][T17650] do_pte_missing+0x14e8/0x3330 [ 893.341964][T17650] handle_mm_fault+0x1b26/0x32b0 [ 893.341997][T17650] ? __pte_offset_map_lock+0x13e/0x210 [ 893.342041][T17650] ? handle_mm_fault+0xdb/0x32b0 [ 893.342082][T17650] ? __pfx_handle_mm_fault+0x10/0x10 [ 893.342114][T17650] ? follow_page_pte+0x7ef/0x13e0 [ 893.342154][T17650] ? __pfx_follow_page_pte+0x10/0x10 [ 893.342194][T17650] __get_user_pages+0x1650/0x29f0 [ 893.342254][T17650] populate_vma_page_range+0x29f/0x3a0 [ 893.342286][T17650] ? __pfx_populate_vma_page_range+0x10/0x10 [ 893.342318][T17650] ? down_read+0x274/0x2e0 [ 893.342341][T17650] ? __mm_populate+0x160/0x380 [ 893.342370][T17650] __mm_populate+0x24c/0x380 [ 893.342401][T17650] ? __pfx___mm_populate+0x10/0x10 [ 893.342437][T17650] do_mlock+0x612/0x720 [ 893.342474][T17650] ? __pfx_do_mlock+0x10/0x10 [ 893.342524][T17650] __ia32_sys_mlock+0x5f/0x70 [ 893.342551][T17650] __do_fast_syscall_32+0x1dc/0x560 [ 893.342575][T17650] ? lockdep_hardirqs_on+0x7b/0x110 [ 893.342596][T17650] ? do_fast_syscall_32+0x34/0x80 [ 893.342619][T17650] ? irqentry_exit+0x10f/0x660 [ 893.342646][T17650] do_fast_syscall_32+0x34/0x80 [ 893.342671][T17650] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 893.342698][T17650] RIP: 0023:0xf7f15539 [ 893.342718][T17650] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 893.342738][T17650] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000096 [ 893.342761][T17650] RAX: ffffffffffffffda RBX: 0000000080bff000 RCX: 0000000000400000 [ 893.342777][T17650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 893.342789][T17650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 893.342803][T17650] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 893.342816][T17650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 893.342848][T17650] [ 893.702384][T10404] usb 4-1: device descriptor read/64, error -71 [ 893.728992][T15795] IPVS: starting estimator thread 0... [ 893.832900][T17657] IPVS: using max 27 ests per chain, 64800 per kthread [ 893.919558][T17661] tipc: Started in network mode [ 893.926865][T16567] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 893.936275][T17661] tipc: Node identity 4a3f95f11242, cluster identity 4711 [ 893.942742][T10404] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 893.945349][T17661] tipc: Enabled bearer , priority 0 [ 893.962391][T17661] syzkaller0: entered promiscuous mode [ 893.968620][T17661] syzkaller0: entered allmulticast mode [ 894.036650][T17661] tipc: Resetting bearer [ 894.050052][T17660] tipc: Resetting bearer [ 894.082672][T10404] usb 4-1: device descriptor read/64, error -71 [ 894.095615][T17660] tipc: Disabling bearer [ 894.122891][T16567] usb 2-1: Using ep0 maxpacket: 16 [ 894.150593][T16567] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 894.165068][T16567] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 894.182362][T16567] usb 2-1: Product: syz [ 894.187381][T16567] usb 2-1: Manufacturer: syz [ 894.191995][T16567] usb 2-1: SerialNumber: syz [ 894.194388][T10404] usb usb4-port1: attempt power cycle [ 894.218848][T16567] usb 2-1: config 0 descriptor?? [ 894.563370][T10404] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 894.615258][T10404] usb 4-1: device descriptor read/8, error -71 [ 894.685032][T16567] usb 2-1: USB disconnect, device number 67 [ 894.895026][T10404] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 894.933110][T10404] usb 4-1: device descriptor read/8, error -71 [ 894.945808][T17678] fuse: Bad value for 'fd' [ 895.072953][T10404] usb usb4-port1: unable to enumerate USB device [ 895.324475][T17683] bridge0: port 4(syz_tun) entered blocking state [ 895.364814][T17683] bridge0: port 4(syz_tun) entered disabled state [ 895.380492][T17683] syz_tun: entered allmulticast mode [ 895.405887][T17683] syz_tun: entered promiscuous mode [ 895.410272][T17685] input: syz1 as /devices/virtual/input/input60 [ 895.438868][T17683] bridge0: port 4(syz_tun) entered blocking state [ 895.445571][T17683] bridge0: port 4(syz_tun) entered forwarding state [ 895.481979][T17688] FAULT_INJECTION: forcing a failure. [ 895.481979][T17688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 895.500604][T17688] CPU: 1 UID: 0 PID: 17688 Comm: syz.1.3421 Tainted: G L syzkaller #0 PREEMPT(full) [ 895.500634][T17688] Tainted: [L]=SOFTLOCKUP [ 895.500641][T17688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 895.500651][T17688] Call Trace: [ 895.500659][T17688] [ 895.500668][T17688] dump_stack_lvl+0xe8/0x150 [ 895.500696][T17688] should_fail_ex+0x414/0x560 [ 895.500728][T17688] _copy_from_user+0x2d/0xb0 [ 895.500751][T17688] input_event_from_user+0xf9/0x280 [ 895.500774][T17688] ? __pfx_input_event_from_user+0x10/0x10 [ 895.500802][T17688] uinput_write+0x279/0xfc0 [ 895.500834][T17688] ? __pfx_uinput_write+0x10/0x10 [ 895.500856][T17688] ? bpf_lsm_file_permission+0x9/0x20 [ 895.500875][T17688] ? security_file_permission+0x75/0x290 [ 895.500894][T17688] ? rw_verify_area+0x255/0x4d0 [ 895.500921][T17688] ? __pfx_uinput_write+0x10/0x10 [ 895.500944][T17688] vfs_write+0x27e/0xb30 [ 895.500967][T17688] ? __pfx_vfs_write+0x10/0x10 [ 895.500986][T17688] ? __fget_files+0x2a/0x420 [ 895.501011][T17688] ? __fget_files+0x2a/0x420 [ 895.501034][T17688] ? __fget_files+0x3a0/0x420 [ 895.501054][T17688] ? __fget_files+0x2a/0x420 [ 895.501093][T17688] ksys_write+0x145/0x250 [ 895.501112][T17688] ? __pfx_ksys_write+0x10/0x10 [ 895.501139][T17688] __do_fast_syscall_32+0x1dc/0x560 [ 895.501159][T17688] ? lockdep_hardirqs_on+0x7b/0x110 [ 895.501176][T17688] ? do_fast_syscall_32+0x34/0x80 [ 895.501195][T17688] ? irqentry_exit+0x10f/0x660 [ 895.501217][T17688] do_fast_syscall_32+0x34/0x80 [ 895.501238][T17688] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 895.501260][T17688] RIP: 0023:0xf70cd539 [ 895.501277][T17688] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 895.501292][T17688] RSP: 002b:00000000f549c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 895.501311][T17688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 895.501323][T17688] RDX: 000000000000fe4f RSI: 0000000000000000 RDI: 0000000000000000 [ 895.501334][T17688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 895.501344][T17688] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 895.501355][T17688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 895.501380][T17688] [ 895.819303][T17687] bridge0: port 4(syz_tun) entered disabled state [ 895.826400][T17687] syz_tun: left allmulticast mode [ 895.831522][T17687] syz_tun: left promiscuous mode [ 895.841764][T17687] bridge0: port 4(syz_tun) entered disabled state [ 895.860372][T17687] bridge0: port 2(bridge_slave_1) entered disabled state [ 895.868751][T17687] bridge0: port 1(bridge_slave_0) entered disabled state [ 896.007038][T17687] batadv0: left allmulticast mode [ 896.014781][T17687] batadv0: left promiscuous mode [ 896.020926][T17687] bridge0: port 3(batadv0) entered disabled state [ 896.077955][T17687] bridge_slave_0: left allmulticast mode [ 896.118094][T17687] bridge_slave_0: left promiscuous mode [ 896.151269][T17687] bridge0: port 1(bridge_slave_0) entered disabled state [ 896.275063][T17687] bridge_slave_1: left allmulticast mode [ 896.295190][T17687] bridge_slave_1: left promiscuous mode [ 896.313348][T17687] bridge0: port 2(bridge_slave_1) entered disabled state [ 896.375464][T17687] bond0: (slave bond_slave_0): Releasing backup interface [ 896.395897][T17687] bond0: (slave bond_slave_1): Releasing backup interface [ 896.420852][T17687] team0: Port device team_slave_0 removed [ 896.451242][T17687] team0: Port device team_slave_1 removed [ 896.471894][T17687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 896.489136][T17687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 896.504508][ T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 896.505036][T17687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 896.528600][T17687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 896.553281][T17687] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 896.662959][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 896.673101][ T9] usb 4-1: config 1 has an invalid interface number: 19 but max is 0 [ 896.681258][ T9] usb 4-1: config 1 has no interface number 0 [ 896.690044][ T9] usb 4-1: config 1 interface 19 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 896.713757][ T9] usb 4-1: config 1 interface 19 has no altsetting 0 [ 896.753578][ T9] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 7.c9 [ 896.776138][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.799223][ T9] usb 4-1: Product: syz [ 896.810063][T17701] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3427'. [ 896.819474][ T9] usb 4-1: Manufacturer: syz [ 896.832396][ T9] usb 4-1: SerialNumber: syz [ 896.917811][ T9] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 897.192101][T17706] macvlan2: entered promiscuous mode [ 897.263884][T17711] tipc: Enabled bearer , priority 0 [ 897.272187][T17711] syzkaller0: entered promiscuous mode [ 897.278614][T17711] syzkaller0: entered allmulticast mode [ 897.379419][T17706] macvlan3: entered promiscuous mode [ 897.512128][T17711] syzkaller0: mtu less than device minimum [ 897.521038][T17710] tipc: Resetting bearer [ 897.550776][T17710] tipc: Disabling bearer [ 898.019301][ T61] usb 4-1: Failed to submit usb control message: -110 [ 898.032820][ T61] usb 4-1: unable to send the bmi data to the device: -110 [ 898.040157][ T61] usb 4-1: unable to get target info from device [ 898.047178][ T61] usb 4-1: could not get target info (-110) [ 898.053695][ T61] usb 4-1: could not probe fw (-110) [ 898.499190][T17737] usb usb8: usbfs: process 17737 (syz.4.3436) did not claim interface 0 before use [ 898.512601][T17737] FAULT_INJECTION: forcing a failure. [ 898.512601][T17737] name failslab, interval 1, probability 0, space 0, times 0 [ 898.526996][T17737] CPU: 0 UID: 0 PID: 17737 Comm: syz.4.3436 Tainted: G L syzkaller #0 PREEMPT(full) [ 898.527030][T17737] Tainted: [L]=SOFTLOCKUP [ 898.527039][T17737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 898.527052][T17737] Call Trace: [ 898.527062][T17737] [ 898.527070][T17737] dump_stack_lvl+0xe8/0x150 [ 898.527105][T17737] should_fail_ex+0x414/0x560 [ 898.527132][T17737] should_failslab+0xa8/0x100 [ 898.527153][T17737] kmem_cache_alloc_noprof+0x88/0x710 [ 898.527177][T17737] ? __kernfs_new_node+0xdc/0x880 [ 898.527198][T17737] __kernfs_new_node+0xdc/0x880 [ 898.527219][T17737] ? __pfx___kernfs_new_node+0x10/0x10 [ 898.527236][T17737] ? kernfs_root+0x1c/0x230 [ 898.527256][T17737] ? kernfs_root+0x1c/0x230 [ 898.527271][T17737] ? kernfs_root+0x1c/0x230 [ 898.527290][T17737] kernfs_new_node+0x102/0x210 [ 898.527310][T17737] kernfs_create_link+0xa7/0x200 [ 898.527334][T17737] sysfs_do_create_link_sd+0x83/0x110 [ 898.527352][T17737] driver_sysfs_add+0xec/0x210 [ 898.527370][T17737] device_bind_driver+0x17/0x60 [ 898.527385][T17737] usb_driver_claim_interface+0x23a/0x450 [ 898.527413][T17737] claimintf+0x166/0x240 [ 898.527430][T17737] proc_clearhalt+0x61c/0x770 [ 898.527460][T17737] usbdev_ioctl+0xab8/0x20b0 [ 898.527484][T17737] ? __fget_files+0x2a/0x420 [ 898.527515][T17737] ? __pfx_usbdev_ioctl+0x10/0x10 [ 898.527537][T17737] ? __fget_files+0x3a0/0x420 [ 898.527556][T17737] ? __fget_files+0x2a/0x420 [ 898.527577][T17737] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 898.527597][T17737] __ia32_compat_sys_ioctl+0x543/0x840 [ 898.527615][T17737] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 898.527630][T17737] ? __fget_files+0x3a0/0x420 [ 898.527655][T17737] ? fput+0xa0/0xd0 [ 898.527696][T17737] ? ksys_write+0x22a/0x250 [ 898.527712][T17737] ? __pfx_ksys_write+0x10/0x10 [ 898.527735][T17737] __do_fast_syscall_32+0x1dc/0x560 [ 898.527855][T17737] ? lockdep_hardirqs_on+0x7b/0x110 [ 898.527870][T17737] ? do_fast_syscall_32+0x34/0x80 [ 898.527902][T17737] ? irqentry_exit+0x10f/0x660 [ 898.527921][T17737] do_fast_syscall_32+0x34/0x80 [ 898.527941][T17737] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 898.527961][T17737] RIP: 0023:0xf70cd539 [ 898.527977][T17737] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 898.527991][T17737] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 898.528007][T17737] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080045515 [ 898.528018][T17737] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 898.528027][T17737] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 898.528036][T17737] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 898.528045][T17737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 898.528066][T17737] [ 899.002409][T10404] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 899.155055][T10404] usb 2-1: Using ep0 maxpacket: 8 [ 899.183615][T10404] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 899.195611][T10404] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 899.214699][T10404] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 899.233633][T10404] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 899.243051][T10404] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.251102][T10404] usb 2-1: Product:   [ 899.255842][T10404] usb 2-1: Manufacturer: 倊 [ 899.260525][T10404] usb 2-1: SerialNumber: 㰁 [ 899.494364][T17731] loop8: detected capacity change from 0 to 8 [ 899.516740][T13721] Dev loop8: unable to read RDB block 8 [ 899.527142][T13721] loop8: unable to read partition table [ 899.535545][T13721] loop8: partition table beyond EOD, truncated [ 899.554348][T17731] Dev loop8: unable to read RDB block 8 [ 899.564789][T17731] loop8: unable to read partition table [ 899.580360][T17731] loop8: partition table beyond EOD, truncated [ 899.599313][T17731] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 899.625140][T10404] cdc_ncm 2-1:1.0: bind() failure [ 899.654486][T10404] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 899.671058][T10404] cdc_ncm 2-1:1.1: bind() failure [ 899.710364][T10404] usb 2-1: USB disconnect, device number 68 [ 899.929893][ T9] usb 4-1: USB disconnect, device number 18 [ 900.048846][T17766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3441'. [ 900.341856][T17771] bond2: option arp_all_targets: invalid value (63) [ 900.406709][T17771] bond2 (unregistering): Released all slaves [ 900.545909][T17779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3444'. [ 900.587104][T17779] openvswitch: netlink: Missing key (keys=40, expected=80) [ 901.252372][T15795] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 901.356715][T17777] ALSA: mixer_oss: invalid OSS volume '' [ 901.467174][T15795] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 901.487864][T15795] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 901.516463][T15795] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 901.534477][T15795] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 901.582379][T15795] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 901.613270][T15795] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 901.623280][T15795] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 901.638741][T15795] usb 5-1: Product: syz [ 901.648463][T15795] usb 5-1: Manufacturer: syz [ 901.689476][T17793] FAULT_INJECTION: forcing a failure. [ 901.689476][T17793] name failslab, interval 1, probability 0, space 0, times 0 [ 901.744101][T17793] CPU: 0 UID: 0 PID: 17793 Comm: syz.1.3449 Tainted: G L syzkaller #0 PREEMPT(full) [ 901.744136][T17793] Tainted: [L]=SOFTLOCKUP [ 901.744144][T17793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 901.744159][T17793] Call Trace: [ 901.744168][T17793] [ 901.744178][T17793] dump_stack_lvl+0xe8/0x150 [ 901.744214][T17793] should_fail_ex+0x414/0x560 [ 901.744253][T17793] should_failslab+0xa8/0x100 [ 901.744283][T17793] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 901.744327][T17793] ? __alloc_skb+0x198/0x3a0 [ 901.744350][T17793] ? __alloc_skb+0x1dc/0x3a0 [ 901.744370][T17793] ? __local_bh_enable_ip+0xd0/0x130 [ 901.744392][T17793] ? __alloc_skb+0x198/0x3a0 [ 901.744415][T17793] __alloc_skb+0x1dc/0x3a0 [ 901.744441][T17793] netlink_sendmsg+0x5c6/0xb30 [ 901.744479][T17793] ? __pfx_netlink_sendmsg+0x10/0x10 [ 901.744510][T17793] ? __import_iovec+0x5d4/0x7f0 [ 901.744534][T17793] ? aa_sock_msg_perm+0xf1/0x1b0 [ 901.744564][T17793] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 901.744588][T17793] ? __pfx_netlink_sendmsg+0x10/0x10 [ 901.744616][T17793] __sock_sendmsg+0x21c/0x270 [ 901.744651][T17793] ____sys_sendmsg+0x505/0x820 [ 901.744683][T17793] ? __pfx_____sys_sendmsg+0x10/0x10 [ 901.744714][T17793] ? kstrtouint+0x6e/0xe0 [ 901.744753][T17793] ___sys_sendmsg+0x21f/0x2a0 [ 901.744781][T17793] ? __pfx____sys_sendmsg+0x10/0x10 [ 901.744804][T17793] ? get_pid_task+0x20/0x1f0 [ 901.744831][T17793] ? get_pid_task+0x20/0x1f0 [ 901.744856][T17793] ? get_pid_task+0x20/0x1f0 [ 901.744920][T17793] ? __fget_files+0x2a/0x420 [ 901.744947][T17793] ? __fget_files+0x3a0/0x420 [ 901.744984][T17793] __sys_sendmsg+0x164/0x220 [ 901.745011][T17793] ? __pfx___sys_sendmsg+0x10/0x10 [ 901.745051][T17793] ? __pfx_ksys_write+0x10/0x10 [ 901.745085][T17793] __do_fast_syscall_32+0x1dc/0x560 [ 901.745110][T17793] ? lockdep_hardirqs_on+0x7b/0x110 [ 901.745131][T17793] ? do_fast_syscall_32+0x34/0x80 [ 901.745153][T17793] ? irqentry_exit+0x10f/0x660 [ 901.745176][T17793] do_fast_syscall_32+0x34/0x80 [ 901.745201][T17793] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 901.745227][T17793] RIP: 0023:0xf70cd539 [ 901.745245][T17793] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 901.745263][T17793] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 901.745286][T17793] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 901.745308][T17793] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 901.745321][T17793] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 901.745335][T17793] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 901.745347][T17793] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 901.745379][T17793] [ 901.750296][T15795] cdc_wdm 5-1:1.0: skipping garbage [ 902.040593][T10404] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 902.206247][T15795] cdc_wdm 5-1:1.0: skipping garbage [ 902.222884][T15795] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 902.240615][T15795] cdc_wdm 5-1:1.0: Unknown control protocol [ 902.247425][T10404] usb 3-1: Using ep0 maxpacket: 8 [ 902.258664][T10404] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 902.270551][T10404] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 902.294166][T15795] usb 5-1: USB disconnect, device number 121 [ 902.310253][T10404] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 902.383293][T10404] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 902.399255][T10404] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.411039][T17797] macvlan2: entered promiscuous mode [ 902.423777][T10404] usb 3-1: Product:   [ 902.438245][T10404] usb 3-1: Manufacturer: 倊 [ 902.446674][T10404] usb 3-1: SerialNumber: 㰁 [ 902.454435][T17797] macvlan3: entered promiscuous mode [ 902.671751][T10404] cdc_ncm 3-1:1.0: bind() failure [ 902.705746][T10404] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 902.724390][T10404] cdc_ncm 3-1:1.1: bind() failure [ 902.782912][T10404] usb 3-1: USB disconnect, device number 11 [ 903.122934][T15795] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 903.284040][T15795] usb 2-1: Using ep0 maxpacket: 8 [ 903.321185][T15795] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 903.336350][T15795] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 903.349079][T15795] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 903.376932][T15795] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 903.391290][T15795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 903.399960][T15795] usb 2-1: Product:   [ 903.406750][T15795] usb 2-1: Manufacturer: 倊 [ 903.411736][T15795] usb 2-1: SerialNumber: 㰁 [ 903.628625][T17805] loop8: detected capacity change from 0 to 8 [ 903.637364][T17805] Dev loop8: unable to read RDB block 8 [ 903.649245][T17805] loop8: unable to read partition table [ 903.656123][T17805] loop8: partition table beyond EOD, truncated [ 903.664101][T17805] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 903.681913][T15795] cdc_ncm 2-1:1.0: bind() failure [ 903.704324][T15795] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 903.711866][T15795] cdc_ncm 2-1:1.1: bind() failure [ 903.729391][T15795] usb 2-1: USB disconnect, device number 69 [ 903.862835][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 904.052412][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 904.059934][ T9] usb 3-1: config 1 interface 0 altsetting 9 bulk endpoint 0x3 has invalid maxpacket 8 [ 904.069869][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 904.079050][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 904.088771][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.100210][ T9] usb 3-1: Product: syz [ 904.104831][ T9] usb 3-1: Manufacturer: syz [ 904.110507][ T9] usb 3-1: SerialNumber: syz [ 904.118474][T17820] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 904.232376][T15795] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 904.420530][T15795] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 904.442454][T15795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.457734][T15795] usb 4-1: Product: syz [ 904.462979][T15795] usb 4-1: Manufacturer: syz [ 904.467697][T15795] usb 4-1: SerialNumber: syz [ 904.554433][T17831] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000 [ 904.565537][T17831] tipc: Enabled bearer , priority 10 [ 904.862379][T10404] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 904.904297][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 904.922393][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 905.022406][T10404] usb 5-1: Using ep0 maxpacket: 32 [ 905.030501][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 905.039343][T10404] usb 5-1: can't read configurations, error -22 [ 905.172428][T10404] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 905.332348][T10404] usb 5-1: Using ep0 maxpacket: 32 [ 905.344981][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 905.354758][T10404] usb 5-1: can't read configurations, error -22 [ 905.391464][T10404] usb usb5-port1: attempt power cycle [ 905.682649][T16567] tipc: Node number set to 3265517125 [ 905.742464][T10404] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 905.785833][T10404] usb 5-1: Using ep0 maxpacket: 32 [ 905.795092][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 905.804596][T10404] usb 5-1: can't read configurations, error -22 [ 905.952513][T10404] usb 5-1: new high-speed USB device number 125 using dummy_hcd [ 906.073698][T10404] usb 5-1: Using ep0 maxpacket: 32 [ 906.081529][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 73 [ 906.092450][T10404] usb 5-1: can't read configurations, error -22 [ 906.099481][T10404] usb usb5-port1: unable to enumerate USB device [ 906.200809][T17845] fuse: Invalid gid '00000000000000000000003' [ 906.326384][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 906.436766][ T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 906.456935][ T9] usb 3-1: USB disconnect, device number 12 [ 906.463377][T16567] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 906.509376][T17850] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3469'. [ 906.520678][T17850] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3469'. [ 906.530114][T17850] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3469'. [ 906.614488][T17852] syzkaller0: entered promiscuous mode [ 906.620036][T17852] syzkaller0: entered allmulticast mode [ 906.641819][T16567] usb 2-1: Using ep0 maxpacket: 8 [ 906.650050][T16567] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 906.661354][T16567] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 906.675096][T16567] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 906.687816][T16567] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 906.697761][T16567] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 906.706917][T16567] usb 2-1: Product:   [ 906.711274][T16567] usb 2-1: Manufacturer: 倊 [ 906.716508][T16567] usb 2-1: SerialNumber: 㰁 [ 906.938137][T16567] cdc_ncm 2-1:1.0: bind() failure [ 906.978240][T16567] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 906.985699][T16567] cdc_ncm 2-1:1.1: bind() failure [ 907.001853][T16567] usb 2-1: USB disconnect, device number 70 [ 907.146908][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -EPROTO [ 907.179268][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 907.205072][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 907.228254][T15795] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 907.258994][T15795] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 907.285786][T15795] usb 4-1: USB disconnect, device number 19 [ 908.361092][T17870] binder: BINDER_SET_CONTEXT_MGR already set [ 908.402854][T17870] binder: 17867:17870 ioctl 4018620d 80000040 returned -16 [ 909.054143][T10404] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 909.102590][T15795] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 909.233225][T10404] usb 4-1: Using ep0 maxpacket: 8 [ 909.258944][T10404] usb 4-1: config 0 has an invalid interface number: 151 but max is 1 [ 909.279170][T15795] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 909.292611][T10404] usb 4-1: config 0 has no interface number 1 [ 909.304724][T15795] usb 2-1: config 0 has no interface number 0 [ 909.311313][T10404] usb 4-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 909.329991][T10404] usb 4-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 909.347186][T15795] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 909.362577][T15795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.370753][T10404] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024 [ 909.397690][T15795] usb 2-1: Product: syz [ 909.401933][T15795] usb 2-1: Manufacturer: syz [ 909.407146][T10404] usb 4-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 909.421061][T17891] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3484'. [ 909.430374][T15795] usb 2-1: SerialNumber: syz [ 909.437616][T15795] usb 2-1: config 0 descriptor?? [ 909.451949][T10404] usb 4-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 909.470666][T10404] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC9, changing to 0x89 [ 909.486810][T10404] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 909.501861][T10404] usb 4-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 909.511951][T10404] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.520719][T10404] usb 4-1: Product: syz [ 909.525532][T10404] usb 4-1: Manufacturer: syz [ 909.530257][T10404] usb 4-1: SerialNumber: syz [ 909.547660][T10404] usb 4-1: config 0 descriptor?? [ 909.567458][T17881] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 909.589197][T10404] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 909.615425][T10404] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 909.624119][T17893] FAULT_INJECTION: forcing a failure. [ 909.624119][T17893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 909.658257][T17893] CPU: 0 UID: 0 PID: 17893 Comm: syz.0.3485 Tainted: G L syzkaller #0 PREEMPT(full) [ 909.658293][T17893] Tainted: [L]=SOFTLOCKUP [ 909.658302][T17893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 909.658316][T17893] Call Trace: [ 909.658325][T17893] [ 909.658336][T17893] dump_stack_lvl+0xe8/0x150 [ 909.658367][T17893] should_fail_ex+0x414/0x560 [ 909.658407][T17893] _copy_from_user+0x2d/0xb0 [ 909.658434][T17893] get_compat_msghdr+0xad/0x4a0 [ 909.658463][T17893] ? __pfx_get_compat_msghdr+0x10/0x10 [ 909.658492][T17893] ? rcu_is_watching+0x15/0xb0 [ 909.658519][T17893] ? ___sys_recvmsg+0x1c4/0x510 [ 909.658553][T17893] ___sys_recvmsg+0x17f/0x510 [ 909.658587][T17893] ? _parse_integer_limit+0x1ae/0x1f0 [ 909.658622][T17893] ? __pfx____sys_recvmsg+0x10/0x10 [ 909.658647][T17893] ? kstrtoull+0x12f/0x1d0 [ 909.658682][T17893] ? __fget_files+0x2a/0x420 [ 909.658740][T17893] do_recvmmsg+0x36a/0x770 [ 909.658774][T17893] ? __pfx_do_recvmmsg+0x10/0x10 [ 909.658802][T17893] ? ksys_write+0x1cb/0x250 [ 909.658843][T17893] ? __fget_files+0x3a0/0x420 [ 909.658877][T17893] __sys_recvmmsg+0x19d/0x280 [ 909.658907][T17893] ? __pfx___sys_recvmmsg+0x10/0x10 [ 909.658934][T17893] ? __pfx_ksys_write+0x10/0x10 [ 909.658963][T17893] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 909.658999][T17893] __do_fast_syscall_32+0x1dc/0x560 [ 909.659025][T17893] ? lockdep_hardirqs_on+0x7b/0x110 [ 909.659046][T17893] ? do_fast_syscall_32+0x34/0x80 [ 909.659070][T17893] ? irqentry_exit+0x10f/0x660 [ 909.659098][T17893] do_fast_syscall_32+0x34/0x80 [ 909.659124][T17893] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.659151][T17893] RIP: 0023:0xf702d539 [ 909.659171][T17893] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 909.659191][T17893] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 909.659215][T17893] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 909.659231][T17893] RDX: 000000000000049e RSI: 00000000000000fe RDI: 0000000000000000 [ 909.659245][T17893] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 909.659259][T17893] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 909.659271][T17893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.659303][T17893] [ 909.744260][T15795] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state [ 909.943473][T10404] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 909.987182][T10404] usb 4-1: USB disconnect, device number 20 [ 910.168287][T17901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3489'. [ 910.170201][T15795] usb 2-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2 [ 910.189047][T17901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3489'. [ 910.198514][T15795] usb 2-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw [ 910.582887][T15793] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 910.744386][T15793] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 910.754255][T15793] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 910.770002][T15793] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 910.789816][T15793] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 910.815959][T15793] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 910.856646][T15793] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 910.886426][T15793] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 910.940163][T15793] usb 5-1: Product: syz [ 910.950516][T15793] usb 5-1: Manufacturer: syz [ 910.994903][T15793] cdc_wdm 5-1:1.0: skipping garbage [ 911.001262][T15793] cdc_wdm 5-1:1.0: skipping garbage [ 911.041819][T15793] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 911.082695][T15793] cdc_wdm 5-1:1.0: Unknown control protocol [ 911.245998][T10404] usb 5-1: USB disconnect, device number 126 [ 911.441462][T17921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3496'. [ 913.234147][T17937] bridge0: port 1(erspan0) entered blocking state [ 913.264836][T17937] bridge0: port 1(erspan0) entered disabled state [ 913.278324][T17937] erspan0: entered allmulticast mode [ 913.311371][T17937] erspan0: entered promiscuous mode [ 913.321211][T17937] bridge0: port 1(erspan0) entered blocking state [ 913.327833][T17937] bridge0: port 1(erspan0) entered forwarding state [ 913.414845][T17938] erspan0: left allmulticast mode [ 913.420310][T17938] erspan0: left promiscuous mode [ 913.449307][T17938] bridge0: port 1(erspan0) entered disabled state [ 913.663362][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 913.663385][ T30] audit: type=1326 audit(1766347330.944:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 913.705787][ T30] audit: type=1326 audit(1766347331.114:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 913.828448][T17946] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3503'. [ 913.880356][ T30] audit: type=1326 audit(1766347331.204:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.036852][ T30] audit: type=1326 audit(1766347331.214:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.089684][ T30] audit: type=1326 audit(1766347331.214:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.260702][ T30] audit: type=1326 audit(1766347331.214:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.314671][ T30] audit: type=1326 audit(1766347331.214:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.347500][ T30] audit: type=1326 audit(1766347331.214:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.433785][ T30] audit: type=1326 audit(1766347331.214:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 914.501749][ T30] audit: type=1326 audit(1766347331.214:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17942 comm="syz.3.3502" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 916.515004][T17988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3517'. [ 916.789023][T17994] fuse: Bad value for 'fd' [ 917.683468][T10404] usb 5-1: new low-speed USB device number 127 using dummy_hcd [ 917.874340][T10404] usb 5-1: Invalid ep0 maxpacket: 16 [ 917.982010][T18010] netdevsim netdevsim0: Firmware load for '..' refused, path contains '..' component [ 918.001554][T18008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3524'. [ 918.012329][T18010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3525'. [ 918.022337][T10404] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 918.040532][T18008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3524'. [ 918.081027][T18008] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3524'. [ 918.121310][T18008] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3524'. [ 918.192752][T10404] usb 5-1: Invalid ep0 maxpacket: 16 [ 918.202637][T10404] usb usb5-port1: attempt power cycle [ 918.552357][T10404] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 918.603005][T10404] usb 5-1: Invalid ep0 maxpacket: 16 [ 918.708286][T18027] FAULT_INJECTION: forcing a failure. [ 918.708286][T18027] name fail_futex, interval 1, probability 0, space 0, times 1 [ 918.730036][T18027] CPU: 1 UID: 0 PID: 18027 Comm: syz.0.3531 Tainted: G L syzkaller #0 PREEMPT(full) [ 918.730068][T18027] Tainted: [L]=SOFTLOCKUP [ 918.730076][T18027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 918.730090][T18027] Call Trace: [ 918.730099][T18027] [ 918.730109][T18027] dump_stack_lvl+0xe8/0x150 [ 918.730144][T18027] should_fail_ex+0x414/0x560 [ 918.730184][T18027] get_futex_key+0x1a8/0x1660 [ 918.730219][T18027] ? __pfx_get_futex_key+0x10/0x10 [ 918.730244][T18027] ? __pfx___mutex_trylock_common+0x10/0x10 [ 918.730281][T18027] futex_wake+0xf8/0x560 [ 918.730315][T18027] ? __pfx_futex_wake+0x10/0x10 [ 918.730345][T18027] ? exit_mm_release+0x1a/0x30 [ 918.730391][T18027] do_futex+0x395/0x420 [ 918.730413][T18027] ? __might_fault+0xb0/0x130 [ 918.730452][T18027] ? __pfx_do_futex+0x10/0x10 [ 918.730480][T18027] ? __might_fault+0xb0/0x130 [ 918.730517][T18027] mm_release+0x103/0x290 [ 918.730543][T18027] exit_mm+0x52/0x230 [ 918.730571][T18027] ? unwind_deferred_task_exit+0x68/0xa0 [ 918.730603][T18027] do_exit+0x627/0x22f0 [ 918.730637][T18027] ? cgroup1_freezing+0x20/0x350 [ 918.730666][T18027] ? __pfx_do_exit+0x10/0x10 [ 918.730698][T18027] ? cgroup1_freezing+0x20/0x350 [ 918.730724][T18027] ? cgroup1_freezing+0x20/0x350 [ 918.730759][T18027] do_group_exit+0x21c/0x2d0 [ 918.730788][T18027] ? _raw_spin_unlock_irq+0x23/0x50 [ 918.730838][T18027] get_signal+0x1285/0x1340 [ 918.730872][T18027] arch_do_signal_or_restart+0x9a/0x7a0 [ 918.730901][T18027] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 918.730943][T18027] exit_to_user_mode_loop+0x87/0x4e0 [ 918.730970][T18027] ? rcu_is_watching+0x15/0xb0 [ 918.730994][T18027] __do_fast_syscall_32+0x38e/0x560 [ 918.731014][T18027] ? lockdep_hardirqs_on+0x7b/0x110 [ 918.731031][T18027] ? do_fast_syscall_32+0x34/0x80 [ 918.731051][T18027] ? irqentry_exit+0x10f/0x660 [ 918.731068][T18027] ? rcu_is_watching+0x15/0xb0 [ 918.731092][T18027] do_fast_syscall_32+0x34/0x80 [ 918.731112][T18027] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 918.731135][T18027] RIP: 0023:0xf702d539 [ 918.731152][T18027] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 918.731167][T18027] RSP: 002b:00000000f53db55c EFLAGS: 00000206 ORIG_RAX: 0000000000000139 [ 918.731187][T18027] RAX: fffffffffffffe00 RBX: 0000000000000007 RCX: 0000000000000000 [ 918.731199][T18027] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000f3a [ 918.731210][T18027] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 918.731220][T18027] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 918.731231][T18027] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 918.731255][T18027] [ 919.323865][T10404] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 919.354378][T10404] usb 5-1: Invalid ep0 maxpacket: 16 [ 919.402417][T10404] usb usb5-port1: unable to enumerate USB device [ 920.771015][T18040] sctp: [Deprecated]: syz.1.3534 (pid 18040) Use of struct sctp_assoc_value in delayed_ack socket option. [ 920.771015][T18040] Use struct sctp_sack_info instead [ 921.185808][T18046] netlink: 'syz.4.3538': attribute type 12 has an invalid length. [ 921.705093][T18055] syzkaller0: entered promiscuous mode [ 921.710675][T18055] syzkaller0: entered allmulticast mode [ 922.121363][T18044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3537'. [ 922.262581][T18044] warning: `syz.0.3537' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 923.091830][T18077] bridge0: port 1(syz_tun) entered blocking state [ 923.102914][T18077] bridge0: port 1(syz_tun) entered disabled state [ 923.141670][T18077] syz_tun: entered allmulticast mode [ 923.196356][T18077] syz_tun: entered promiscuous mode [ 923.228875][T18083] lo: entered promiscuous mode [ 923.255610][T18083] lo: entered allmulticast mode [ 923.284662][T18083] tunl0: entered promiscuous mode [ 923.289766][T18083] tunl0: entered allmulticast mode [ 923.330575][T18083] gre0: entered promiscuous mode [ 923.352065][T18083] gre0: entered allmulticast mode [ 923.397975][T18083] gretap0: entered promiscuous mode [ 923.427737][T18083] gretap0: entered allmulticast mode [ 923.447072][T18083] erspan0: entered promiscuous mode [ 923.464685][T18083] erspan0: entered allmulticast mode [ 923.488132][T18083] ip_vti0: entered promiscuous mode [ 923.503554][T18083] ip_vti0: entered allmulticast mode [ 923.521266][T18083] ip6_vti0: entered promiscuous mode [ 923.549024][T18083] ip6_vti0: entered allmulticast mode [ 923.559032][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 923.594022][T18083] sit0: entered promiscuous mode [ 923.599020][T18083] sit0: entered allmulticast mode [ 923.661343][T18083] ip6tnl0: entered promiscuous mode [ 923.667821][T18083] ip6tnl0: entered allmulticast mode [ 923.676751][T18083] ip6gre0: entered promiscuous mode [ 923.693357][T18083] ip6gre0: entered allmulticast mode [ 923.705430][T18083] bridge0: port 1(syz_tun) entered disabled state [ 923.736338][T18083] ip6gretap0: entered promiscuous mode [ 923.774377][T18083] bridge0: entered promiscuous mode [ 923.779641][T18083] bridge0: entered allmulticast mode [ 923.813931][T18083] vcan0: entered promiscuous mode [ 923.819018][T18083] vcan0: entered allmulticast mode [ 923.893763][T18083] bond0: entered promiscuous mode [ 923.899212][T18083] mac80211_hwsim hwsim18 wlan1: entered promiscuous mode [ 923.949236][T18083] bond0: entered allmulticast mode [ 923.962484][T18083] mac80211_hwsim hwsim18 wlan1: entered allmulticast mode [ 923.990900][T18083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 924.017766][T18083] dummy0: entered promiscuous mode [ 924.023728][T18083] dummy0: entered allmulticast mode [ 924.034865][T18083] nlmon0: entered promiscuous mode [ 924.040195][T18083] nlmon0: entered allmulticast mode [ 924.049073][T18083] caif0: entered promiscuous mode [ 924.056149][T18083] caif0: entered allmulticast mode [ 924.062552][T18083] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 924.225068][T18094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3554'. [ 924.234590][T18094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3554'. [ 924.442988][T18103] kvm: apic: phys broadcast and lowest prio [ 924.449511][T18103] kvm: apic: phys broadcast and lowest prio [ 924.687968][T18107] tipc: Enabled bearer , priority 0 [ 924.699677][T18107] syzkaller0: entered promiscuous mode [ 924.706613][T18107] syzkaller0: entered allmulticast mode [ 924.721697][T18107] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 924.849001][T18107] tipc: Resetting bearer [ 924.914137][T18113] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3559'. [ 925.396619][T18121] PKCS7: Unknown OID: [5] (bad) [ 925.402406][T18121] PKCS7: Only support pkcs7_signedData type [ 925.415308][T18120] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3553'. [ 925.428734][T18106] tipc: Resetting bearer [ 925.486974][T18120] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3553'. [ 925.515569][T18106] tipc: Disabling bearer [ 926.143513][T18131] program syz.3.3563 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 926.524917][T18138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3566'. [ 926.556592][T18138] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3566'. [ 926.567712][T18138] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3566'. [ 926.861420][T18147] program syz.4.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 926.892448][T10404] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 927.044616][T10404] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 927.067121][T10404] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 927.102444][T10404] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 927.122371][T10404] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.147343][T18143] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 927.162540][T18143] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 927.188515][T10404] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 927.241972][T18147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3570'. [ 927.448618][T18143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 927.462780][T18155] bridge0: port 1(erspan0) entered blocking state [ 927.470130][T18155] bridge0: port 1(erspan0) entered disabled state [ 927.478249][T18155] erspan0: entered allmulticast mode [ 927.495344][T18155] erspan0: entered promiscuous mode [ 927.519197][T18155] erspan0: left allmulticast mode [ 927.524756][T18155] erspan0: left promiscuous mode [ 927.530141][T18155] bridge0: port 1(erspan0) entered disabled state [ 927.574729][T18143] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 927.589301][T18143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 927.601430][T18143] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 927.684934][T18156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 927.696450][T18156] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 927.919204][T10404] usb 4-1: USB disconnect, device number 21 [ 928.247380][T18160] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 928.596729][T18169] syzkaller0: entered promiscuous mode [ 928.606470][T18169] syzkaller0: entered allmulticast mode [ 928.640726][T18171] tipc: Cannot configure node identity twice [ 928.661744][T18173] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3579'. [ 928.672806][T18169] tipc: Started in network mode [ 928.677736][T18169] tipc: Node identity 52e280c544a, cluster identity 4711 [ 928.691208][T18169] FAULT_INJECTION: forcing a failure. [ 928.691208][T18169] name failslab, interval 1, probability 0, space 0, times 0 [ 928.705518][T18169] CPU: 0 UID: 0 PID: 18169 Comm: syz.4.3578 Tainted: G L syzkaller #0 PREEMPT(full) [ 928.705551][T18169] Tainted: [L]=SOFTLOCKUP [ 928.705560][T18169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 928.705574][T18169] Call Trace: [ 928.705583][T18169] [ 928.705593][T18169] dump_stack_lvl+0xe8/0x150 [ 928.705627][T18169] should_fail_ex+0x414/0x560 [ 928.705666][T18169] should_failslab+0xa8/0x100 [ 928.705695][T18169] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 928.705732][T18169] ? __alloc_skb+0x1dc/0x3a0 [ 928.705761][T18169] __alloc_skb+0x1dc/0x3a0 [ 928.705789][T18169] tipc_buf_acquire+0x2b/0xe0 [ 928.705822][T18169] tipc_disc_create+0x92/0x4a0 [ 928.705852][T18169] ? __tipc_nl_bearer_enable+0xab3/0x13f0 [ 928.705881][T18169] __tipc_nl_bearer_enable+0xdee/0x13f0 [ 928.705914][T18169] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 928.705934][T18169] ? __mutex_lock+0xd3b/0x1350 [ 928.705969][T18169] ? __asan_memcpy+0x40/0x70 [ 928.706005][T18169] ? nla_put+0xd0/0x150 [ 928.706033][T18169] ? tipc_nl_compat_bearer_enable+0x427/0x5d0 [ 928.706068][T18169] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 928.706099][T18169] ? __nla_parse+0x40/0x60 [ 928.706127][T18169] tipc_nl_compat_doit+0x3bc/0x5f0 [ 928.706170][T18169] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 928.706213][T18169] ? bpf_lsm_capable+0x9/0x20 [ 928.706245][T18169] ? security_capable+0x7e/0x2e0 [ 928.706279][T18169] tipc_nl_compat_recv+0x83c/0xbe0 [ 928.706312][T18169] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 928.706338][T18169] ? __mutex_trylock_common+0x153/0x260 [ 928.706369][T18169] ? __pfx___mutex_trylock_common+0x10/0x10 [ 928.706397][T18169] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 928.706417][T18169] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 928.706453][T18169] ? trace_contention_end+0x39/0x100 [ 928.706493][T18169] genl_family_rcv_msg_doit+0x215/0x300 [ 928.706522][T18169] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 928.706569][T18169] genl_rcv_msg+0x60e/0x790 [ 928.706598][T18169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 928.706618][T18169] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 928.706649][T18169] ? __asan_memcpy+0x40/0x70 [ 928.706682][T18169] ? __pfx_ref_tracker_free+0x10/0x10 [ 928.706702][T18169] ? __skb_clone+0x63/0x7a0 [ 928.706736][T18169] netlink_rcv_skb+0x208/0x470 [ 928.706766][T18169] ? __pfx_genl_rcv_msg+0x10/0x10 [ 928.706790][T18169] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 928.706814][T18169] ? genl_rcv+0x19/0x40 [ 928.706866][T18169] ? down_read+0x274/0x2e0 [ 928.706890][T18169] ? genl_rcv+0xd/0x40 [ 928.706925][T18169] genl_rcv+0x28/0x40 [ 928.706956][T18169] netlink_unicast+0x82f/0x9e0 [ 928.706992][T18169] ? __pfx_netlink_unicast+0x10/0x10 [ 928.707016][T18169] ? __alloc_skb+0x198/0x3a0 [ 928.707039][T18169] ? netlink_sendmsg+0x642/0xb30 [ 928.707066][T18169] ? skb_put+0x11b/0x210 [ 928.707094][T18169] netlink_sendmsg+0x805/0xb30 [ 928.707133][T18169] ? __pfx_netlink_sendmsg+0x10/0x10 [ 928.707165][T18169] ? __import_iovec+0x5d4/0x7f0 [ 928.707188][T18169] ? aa_sock_msg_perm+0xf1/0x1b0 [ 928.707218][T18169] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 928.707246][T18169] ? __pfx_netlink_sendmsg+0x10/0x10 [ 928.707275][T18169] __sock_sendmsg+0x21c/0x270 [ 928.707311][T18169] ____sys_sendmsg+0x505/0x820 [ 928.707343][T18169] ? __pfx_____sys_sendmsg+0x10/0x10 [ 928.707375][T18169] ? kstrtouint+0x6e/0xe0 [ 928.707415][T18169] ___sys_sendmsg+0x21f/0x2a0 [ 928.707444][T18169] ? __pfx____sys_sendmsg+0x10/0x10 [ 928.707469][T18169] ? get_pid_task+0x20/0x1f0 [ 928.707496][T18169] ? get_pid_task+0x20/0x1f0 [ 928.707522][T18169] ? get_pid_task+0x20/0x1f0 [ 928.707583][T18169] ? __fget_files+0x2a/0x420 [ 928.707610][T18169] ? __fget_files+0x3a0/0x420 [ 928.707649][T18169] __sys_sendmsg+0x164/0x220 [ 928.707678][T18169] ? __pfx___sys_sendmsg+0x10/0x10 [ 928.707715][T18169] ? __pfx_ksys_write+0x10/0x10 [ 928.707750][T18169] __do_fast_syscall_32+0x1dc/0x560 [ 928.707774][T18169] ? lockdep_hardirqs_on+0x7b/0x110 [ 928.707795][T18169] ? do_fast_syscall_32+0x34/0x80 [ 928.707818][T18169] ? irqentry_exit+0x10f/0x660 [ 928.707844][T18169] do_fast_syscall_32+0x34/0x80 [ 928.707870][T18169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 928.707897][T18169] RIP: 0023:0xf70cd539 [ 928.707916][T18169] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 928.707935][T18169] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 928.707959][T18169] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800002c0 [ 928.707974][T18169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 928.707988][T18169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 928.708001][T18169] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 928.708014][T18169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 928.708048][T18169] [ 928.708084][T18169] tipc: Disabling bearer [ 929.252834][T18169] tipc: Enabling of bearer rejected, failed to create discoverer [ 930.419353][T18196] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 930.446296][T18196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3587'. [ 930.599823][T18200] loop5: detected capacity change from 0 to 7 [ 930.683673][T17255] Dev loop5: unable to read RDB block 7 [ 930.689435][T17255] loop5: unable to read partition table [ 930.705223][T17255] loop5: partition table beyond EOD, truncated [ 930.817088][T18200] Dev loop5: unable to read RDB block 7 [ 930.824372][T18200] loop5: unable to read partition table [ 930.834550][T18200] loop5: partition table beyond EOD, truncated [ 930.863869][T18200] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 931.043076][T15673] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 931.060621][T18204] FAULT_INJECTION: forcing a failure. [ 931.060621][T18204] name failslab, interval 1, probability 0, space 0, times 0 [ 931.080933][T18204] CPU: 0 UID: 0 PID: 18204 Comm: syz.3.3592 Tainted: G L syzkaller #0 PREEMPT(full) [ 931.080968][T18204] Tainted: [L]=SOFTLOCKUP [ 931.080977][T18204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 931.080991][T18204] Call Trace: [ 931.081000][T18204] [ 931.081010][T18204] dump_stack_lvl+0xe8/0x150 [ 931.081043][T18204] should_fail_ex+0x414/0x560 [ 931.081080][T18204] should_failslab+0xa8/0x100 [ 931.081117][T18204] __kmalloc_noprof+0xdf/0x800 [ 931.081139][T18204] ? blk_rq_map_user_iov+0x2ec/0x1770 [ 931.081166][T18204] ? copy_page_from_iter+0x14a/0x170 [ 931.081195][T18204] blk_rq_map_user_iov+0x2ec/0x1770 [ 931.081242][T18204] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 931.081275][T18204] ? __import_iovec+0x40e/0x7f0 [ 931.081311][T18204] ? import_iovec+0x74/0xa0 [ 931.081339][T18204] blk_rq_map_user_io+0x2e6/0x3a0 [ 931.081372][T18204] ? rcu_is_watching+0x15/0xb0 [ 931.081397][T18204] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 931.081424][T18204] ? trace_contention_end+0x39/0x100 [ 931.081487][T18204] ? sg_link_reserve+0x28e/0x540 [ 931.081517][T18204] sg_common_write+0xcd8/0x13d0 [ 931.081558][T18204] ? __pfx_sg_common_write+0x10/0x10 [ 931.081583][T18204] ? capable+0x82/0xe0 [ 931.081606][T18204] ? scsi_cmd_allowed+0x70f/0x810 [ 931.081633][T18204] ? sg_allow_access+0xdb/0x120 [ 931.081659][T18204] sg_new_write+0x5a6/0x7b0 [ 931.081681][T18204] ? kasan_quarantine_put+0xbb/0x1f0 [ 931.081708][T18204] ? __pfx_sg_new_write+0x10/0x10 [ 931.081769][T18204] sg_ioctl+0x11af/0x2230 [ 931.081801][T18204] ? __pfx_sg_ioctl+0x10/0x10 [ 931.081824][T18204] ? __fget_files+0x2a/0x420 [ 931.081855][T18204] ? __fget_files+0x3a0/0x420 [ 931.081881][T18204] ? __fget_files+0x2a/0x420 [ 931.081911][T18204] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 931.081939][T18204] __ia32_compat_sys_ioctl+0x543/0x840 [ 931.081963][T18204] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 931.081984][T18204] ? __fget_files+0x3a0/0x420 [ 931.082018][T18204] ? fput+0xa0/0xd0 [ 931.082047][T18204] ? ksys_write+0x22a/0x250 [ 931.082071][T18204] ? __pfx_ksys_write+0x10/0x10 [ 931.082111][T18204] __do_fast_syscall_32+0x1dc/0x560 [ 931.082136][T18204] ? lockdep_hardirqs_on+0x7b/0x110 [ 931.082157][T18204] ? do_fast_syscall_32+0x34/0x80 [ 931.082179][T18204] ? irqentry_exit+0x10f/0x660 [ 931.082210][T18204] do_fast_syscall_32+0x34/0x80 [ 931.082232][T18204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 931.082259][T18204] RIP: 0023:0xf7fc7539 [ 931.082278][T18204] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 931.082296][T18204] RSP: 002b:00000000f54b655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 931.082321][T18204] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000002285 [ 931.082336][T18204] RDX: 00000000800005c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 931.082350][T18204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 931.082363][T18204] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 931.082376][T18204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 931.082407][T18204] [ 931.502635][T15673] usb 5-1: Using ep0 maxpacket: 16 [ 931.509582][T15673] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 931.519372][T15673] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 931.530087][T15673] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 931.543859][T15673] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 931.553802][T15673] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 931.561856][T15673] usb 5-1: Product: syz [ 931.566188][T15673] usb 5-1: Manufacturer: syz [ 931.570838][T15673] usb 5-1: SerialNumber: syz [ 931.678169][T18215] sctp: [Deprecated]: syz.2.3595 (pid 18215) Use of int in max_burst socket option deprecated. [ 931.678169][T18215] Use struct sctp_assoc_value instead [ 931.807167][T18217] loop5: detected capacity change from 0 to 7 [ 931.908115][T18217] Dev loop5: unable to read RDB block 7 [ 931.914465][T18217] loop5: unable to read partition table [ 931.930370][T18217] loop5: partition table beyond EOD, truncated [ 931.983163][T18217] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 931.995326][T15673] usb 5-1: 0:2 : does not exist [ 932.037890][T15673] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 932.081497][T15673] usb 5-1: USB disconnect, device number 5 [ 932.294550][T17255] udevd[17255]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 932.913491][T18231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3597'. [ 933.200238][T18242] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3604'. [ 933.230489][T18242] netlink: 'syz.1.3604': attribute type 10 has an invalid length. [ 933.302664][T15673] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 933.391724][T18255] FAULT_INJECTION: forcing a failure. [ 933.391724][T18255] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 933.420678][T18255] CPU: 1 UID: 0 PID: 18255 Comm: syz.1.3606 Tainted: G L syzkaller #0 PREEMPT(full) [ 933.420704][T18255] Tainted: [L]=SOFTLOCKUP [ 933.420711][T18255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 933.420721][T18255] Call Trace: [ 933.420728][T18255] [ 933.420736][T18255] dump_stack_lvl+0xe8/0x150 [ 933.420761][T18255] should_fail_ex+0x414/0x560 [ 933.420789][T18255] prepare_alloc_pages+0x22b/0x650 [ 933.420814][T18255] __alloc_frozen_pages_noprof+0x123/0x370 [ 933.420835][T18255] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 933.420857][T18255] ? lruvec_stat_mod_folio+0x6f/0x2e0 [ 933.420880][T18255] ? policy_nodemask+0x27c/0x720 [ 933.420916][T18255] alloc_pages_mpol+0x232/0x4a0 [ 933.420938][T18255] vma_alloc_folio_noprof+0xe4/0x200 [ 933.420957][T18255] ? page_table_check_set+0x148/0x610 [ 933.420973][T18255] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 933.420990][T18255] ? css_rstat_updated+0x239/0x520 [ 933.421019][T18255] ? ___pte_offset_map+0x29/0x240 [ 933.421043][T18255] folio_prealloc+0x30/0x180 [ 933.421060][T18255] do_pte_missing+0x14e8/0x3330 [ 933.421090][T18255] handle_mm_fault+0x1b26/0x32b0 [ 933.421113][T18255] ? __pte_offset_map_lock+0x13e/0x210 [ 933.421144][T18255] ? handle_mm_fault+0xdb/0x32b0 [ 933.421173][T18255] ? __pfx_handle_mm_fault+0x10/0x10 [ 933.421201][T18255] ? follow_page_pte+0x7ef/0x13e0 [ 933.421229][T18255] ? __pfx_follow_page_pte+0x10/0x10 [ 933.421258][T18255] __get_user_pages+0x1650/0x29f0 [ 933.421300][T18255] populate_vma_page_range+0x29f/0x3a0 [ 933.421322][T18255] ? __pfx_populate_vma_page_range+0x10/0x10 [ 933.421345][T18255] ? down_read+0x274/0x2e0 [ 933.421362][T18255] ? __mm_populate+0x160/0x380 [ 933.421383][T18255] __mm_populate+0x24c/0x380 [ 933.421405][T18255] ? __pfx___mm_populate+0x10/0x10 [ 933.421432][T18255] do_mlock+0x612/0x720 [ 933.421458][T18255] ? __pfx_do_mlock+0x10/0x10 [ 933.421477][T18255] ? fput+0xa0/0xd0 [ 933.421498][T18255] ? ksys_write+0x22a/0x250 [ 933.421514][T18255] ? __pfx_ksys_write+0x10/0x10 [ 933.421535][T18255] __ia32_sys_mlock+0x5f/0x70 [ 933.421554][T18255] __do_fast_syscall_32+0x1dc/0x560 [ 933.421572][T18255] ? lockdep_hardirqs_on+0x7b/0x110 [ 933.421586][T18255] ? do_fast_syscall_32+0x34/0x80 [ 933.421603][T18255] ? irqentry_exit+0x10f/0x660 [ 933.421621][T18255] do_fast_syscall_32+0x34/0x80 [ 933.421639][T18255] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 933.421658][T18255] RIP: 0023:0xf70cd539 [ 933.421672][T18255] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 933.421686][T18255] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000096 [ 933.421702][T18255] RAX: ffffffffffffffda RBX: 0000000080bff000 RCX: 0000000000400000 [ 933.421726][T18255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 933.421735][T18255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 933.421744][T18255] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 933.421754][T18255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 933.421775][T18255] [ 933.752644][T15673] usb 3-1: Using ep0 maxpacket: 8 [ 933.783805][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 933.816043][T15673] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 933.842600][T10404] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 933.858331][T15673] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 933.882339][T15673] usb 3-1: config 0 has no interface number 0 [ 933.904130][T15673] usb 3-1: config 0 interface 1 altsetting 0 has an endpoint descriptor with address 0xB6, changing to 0x86 [ 933.930463][T15673] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 933.960202][T15673] usb 3-1: config 0 interface 1 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0 [ 933.981474][T15673] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 934.002789][T15673] usb 3-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 934.014116][T15673] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 934.042309][T10404] usb 5-1: Using ep0 maxpacket: 16 [ 934.050362][T10404] usb 5-1: config 1 has an invalid interface number: 64 but max is 0 [ 934.058790][T10404] usb 5-1: config 1 has no interface number 0 [ 934.064971][T10404] usb 5-1: config 1 interface 64 altsetting 3 endpoint 0x2 has invalid maxpacket 1032, setting to 1024 [ 934.076168][T10404] usb 5-1: config 1 interface 64 altsetting 3 bulk endpoint 0xD has invalid maxpacket 1023 [ 934.086755][T10404] usb 5-1: config 1 interface 64 altsetting 3 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 934.098057][T10404] usb 5-1: config 1 interface 64 altsetting 3 has a duplicate endpoint with address 0xA, skipping [ 934.108890][T10404] usb 5-1: config 1 interface 64 has no altsetting 0 [ 934.129088][T15673] usb 3-1: SerialNumber: syz [ 934.135190][T10404] usb 5-1: New USB device found, idVendor=12d1, idProduct=f473, bcdDevice=79.59 [ 934.144529][T10404] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 934.152760][T10404] usb 5-1: Product: 뤵쥪ഔ쇃菗椓ᴰ鋖촯蒹쫪靽닅㕤柉皡竀磶昅ᵀꈧ橆ሐ䅯갷肚㥆皏妣쀗놉泉ᡨ酕ⲏȔ䝶䵮꿍᫸ۙ醋跼髿䃶ᇤ⹾ۡ鞩췶쏤ꦝ놥杻ﲶ䝠璚棥ﶿ䔆灡ᛄ蚛袚렢ᷖ뒍꡻ﱞ竺붤藺ƀ [ 934.161946][T15673] usb 3-1: config 0 descriptor?? [ 934.220764][T18263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3610'. [ 934.222454][T10404] usb 5-1: Manufacturer: 䀊 [ 934.235256][T15673] hso 3-1:0.1: Failed to find BULK OUT ep [ 934.251910][T10404] usb 5-1: SerialNumber: syz [ 934.280928][T18248] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 934.295244][T18248] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 934.426059][T18237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 934.446873][T18237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 934.462923][T15673] usb 3-1: USB disconnect, device number 13 [ 934.528197][T18248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 934.576985][T18248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 934.588781][T18248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 934.607568][T18248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 934.637361][T18248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 934.657439][T18248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 934.668753][T18248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 934.688845][T18248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 934.701008][T18269] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3611'. [ 934.761692][T10404] option 5-1:1.64: GSM modem (1-port) converter detected [ 934.778697][T10404] usb 5-1: USB disconnect, device number 6 [ 934.815827][T10404] option 5-1:1.64: device disconnected [ 935.552476][T10404] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 935.702310][T10404] usb 5-1: Using ep0 maxpacket: 16 [ 935.708282][T10404] usb 5-1: too many configurations: 247, using maximum allowed: 8 [ 935.717747][T10404] usb 5-1: config index 0 descriptor too short (expected 259, got 86) [ 935.726527][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 1 [ 935.735593][T10404] usb 5-1: can't read configurations, error -22 [ 935.873247][T10404] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 936.042330][T10404] usb 5-1: Using ep0 maxpacket: 16 [ 936.048683][T10404] usb 5-1: too many configurations: 247, using maximum allowed: 8 [ 936.059816][T10404] usb 5-1: config index 0 descriptor too short (expected 259, got 86) [ 936.068578][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 1 [ 936.079110][T10404] usb 5-1: can't read configurations, error -22 [ 936.086883][T10404] usb usb5-port1: attempt power cycle [ 936.442474][T10404] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 936.473010][T10404] usb 5-1: Using ep0 maxpacket: 16 [ 936.478796][T10404] usb 5-1: too many configurations: 247, using maximum allowed: 8 [ 936.488178][T10404] usb 5-1: config index 0 descriptor too short (expected 259, got 86) [ 936.499594][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 1 [ 936.508149][T10404] usb 5-1: can't read configurations, error -22 [ 936.642545][T10404] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 936.663119][T10404] usb 5-1: Using ep0 maxpacket: 16 [ 936.670747][T10404] usb 5-1: too many configurations: 247, using maximum allowed: 8 [ 936.679273][T16429] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 936.688432][T10404] usb 5-1: config index 0 descriptor too short (expected 259, got 86) [ 936.697437][T10404] usb 5-1: invalid descriptor for config index 0: type = 0x2, length = 1 [ 936.706053][T10404] usb 5-1: can't read configurations, error -22 [ 936.712778][T10404] usb usb5-port1: unable to enumerate USB device [ 936.806849][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.813477][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.844870][T16429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 936.856076][T16429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 936.866446][T16429] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 936.875721][T16429] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 936.886928][T16429] usb 3-1: config 0 descriptor?? [ 937.097956][T18303] syzkaller0: entered promiscuous mode [ 937.104443][T18303] syzkaller0: entered allmulticast mode [ 937.138179][T18303] tipc: Enabled bearer , priority 0 [ 937.146991][T18302] tipc: Resetting bearer [ 937.175205][T18302] tipc: Disabling bearer [ 937.445089][T18307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3623'. [ 937.457475][T18307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3623'. [ 937.499399][T16429] usbhid 3-1:0.0: can't add hid device: -71 [ 937.505672][T16429] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 937.523935][T16429] usb 3-1: USB disconnect, device number 14 [ 937.712380][T10404] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 937.872372][T10404] usb 4-1: Using ep0 maxpacket: 8 [ 937.879806][T10404] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 937.890426][T10404] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.913624][T10404] pvrusb2: Hardware description: Terratec Grabster AV400 [ 937.931288][T10404] pvrusb2: ********** [ 937.935494][T10404] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 937.946870][T10404] pvrusb2: Important functionality might not be entirely working. [ 937.955617][T10404] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 937.967495][T10404] pvrusb2: ********** [ 938.008350][T18309] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3624'. [ 938.111799][ T2345] pvrusb2: Invalid write control endpoint [ 938.142677][T10404] usb 4-1: USB disconnect, device number 22 [ 938.228550][ T2345] pvrusb2: Invalid write control endpoint [ 938.235548][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 938.248218][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 938.258350][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 938.285755][ T2345] pvrusb2: Device being rendered inoperable [ 938.291957][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 938.299994][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 938.324001][ T2345] pvrusb2: Attached sub-driver cx25840 [ 938.340476][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 938.370650][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 938.685197][T18328] loop5: detected capacity change from 0 to 7 [ 938.696704][T18328] Dev loop5: unable to read RDB block 7 [ 938.714854][T18328] loop5: unable to read partition table [ 938.732669][T18328] loop5: partition table beyond EOD, truncated [ 938.745926][T18328] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 939.149718][T18340] syzkaller0: entered promiscuous mode [ 939.170241][T18340] syzkaller0: entered allmulticast mode [ 939.477300][T18345] tipc: Enabled bearer , priority 0 [ 939.488219][T18339] tipc: Resetting bearer [ 939.647093][T18339] tipc: Disabling bearer [ 939.931569][T18355] netlink: 'syz.1.3637': attribute type 21 has an invalid length. [ 939.939759][T18355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3637'. [ 939.949269][T18355] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 940.160361][T18358] ipip0: entered promiscuous mode [ 940.165906][T18358] ipip0: entered allmulticast mode [ 940.197289][T18359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3638'. [ 940.410626][T18363] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3640'. [ 940.855347][T18374] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3643'. [ 941.768869][T18390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3649'. [ 941.911005][T18393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3650'. [ 943.678680][T12884] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 943.735258][T12884] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 943.793410][T12884] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 943.826438][T12884] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 944.192372][T16429] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 944.385307][T16429] usb 3-1: Using ep0 maxpacket: 16 [ 944.398984][T16429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 944.411225][T16429] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 944.420799][T16429] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 944.436516][T16429] usb 3-1: config 0 descriptor?? [ 944.485972][T18434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3663'. [ 944.520942][T18431] bond2: option arp_all_targets: invalid value (63) [ 944.536201][T18431] bond2 (unregistering): Released all slaves [ 944.625751][T18438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3664'. [ 944.884467][T16429] mcp2221 0003:04D8:00DD.0033: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 945.062299][T10404] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 945.146024][T18423] i2c i2c-1: unsupported multi-msg i2c transaction [ 945.254856][T16429] usb 3-1: USB disconnect, device number 15 [ 945.382321][T10404] usb 5-1: device descriptor read/64, error -71 [ 945.643537][T10404] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 945.782323][T10404] usb 5-1: device descriptor read/64, error -71 [ 945.892684][T10404] usb usb5-port1: attempt power cycle [ 945.931827][T18457] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3670'. [ 945.990219][T18459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3671'. [ 946.242519][T10404] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 946.317870][T10404] usb 5-1: device descriptor read/8, error -71 [ 946.391996][T18469] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3672'. [ 946.442308][T17662] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 946.562667][T10404] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 946.594617][T10404] usb 5-1: device descriptor read/8, error -71 [ 946.615159][T17662] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 946.625897][T17662] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 946.640520][T17662] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 946.663378][T17662] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 946.716531][T10404] usb usb5-port1: unable to enumerate USB device [ 946.733468][T17662] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 946.751073][T17662] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 946.760528][T17662] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 946.768828][T17662] usb 3-1: Product: syz [ 946.773464][T17662] usb 3-1: Manufacturer: syz [ 946.858457][T17662] cdc_wdm 3-1:1.0: skipping garbage [ 946.858483][T17662] cdc_wdm 3-1:1.0: skipping garbage [ 946.866886][T17662] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 946.866911][T17662] cdc_wdm 3-1:1.0: Unknown control protocol [ 947.076525][ C0] wdm_int_callback: 778 callbacks suppressed [ 947.076556][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.089273][ C0] wdm_int_callback: 778 callbacks suppressed [ 947.089303][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.102614][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.109264][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.115908][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.122606][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.129638][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.136281][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.142963][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.149600][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.157280][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.163936][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.170278][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.176928][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.183574][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.190234][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.196513][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.203149][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.209491][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 947.216132][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 947.222916][T15793] usb 3-1: USB disconnect, device number 16 [ 947.384067][T18474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3676'. [ 947.504509][T18474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3676'. [ 947.922745][T18486] ip6t_REJECT: ECHOREPLY is not supported [ 948.563323][T18502] tipc: Started in network mode [ 948.569167][T18502] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 948.580258][T18502] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000 [ 948.599418][T18502] tipc: Enabled bearer , priority 10 [ 949.446374][ T5833] Bluetooth: hci2: unexpected event for opcode 0x200b [ 949.712418][T17662] tipc: Node number set to 1 [ 950.482851][T15793] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 950.672510][T15793] usb 5-1: Using ep0 maxpacket: 8 [ 950.683872][T15793] usb 5-1: unable to get BOS descriptor or descriptor too short [ 950.693645][T15793] usb 5-1: config 164 has an invalid interface number: 192 but max is 0 [ 950.703369][T15793] usb 5-1: config 164 has no interface number 0 [ 950.709697][T15793] usb 5-1: config 164 interface 192 altsetting 6 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 950.721299][T15793] usb 5-1: config 164 interface 192 has no altsetting 0 [ 950.730297][T15793] usb 5-1: New USB device found, idVendor=1385, idProduct=5f01, bcdDevice=93.69 [ 950.739726][T15793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.748093][T15793] usb 5-1: Product: syz [ 950.752354][T15793] usb 5-1: Manufacturer: syz [ 950.752964][T17662] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 950.757083][T15793] usb 5-1: SerialNumber: syz [ 950.922361][T17662] usb 3-1: Using ep0 maxpacket: 8 [ 950.931827][T17662] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 950.943356][T17662] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 950.953864][T17662] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 950.966626][T17662] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 950.976143][T17662] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.984545][T17662] usb 3-1: Product:   [ 950.989082][T17662] usb 3-1: Manufacturer: 倊 [ 950.993829][T17662] usb 3-1: SerialNumber: 㰁 [ 950.999548][T15793] usb 5-1: Could not find all expected endpoints [ 951.042925][T15793] usb 5-1: USB disconnect, device number 15 [ 951.237807][T18533] loop8: detected capacity change from 0 to 8 [ 951.252687][T18533] Dev loop8: unable to read RDB block 8 [ 951.267522][T18533] loop8: unable to read partition table [ 951.282617][T18533] loop8: partition table beyond EOD, truncated [ 951.288898][T18533] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 951.324726][T17662] cdc_ncm 3-1:1.0: bind() failure [ 951.351786][T17662] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 951.371505][T17662] cdc_ncm 3-1:1.1: bind() failure [ 951.386682][T17662] usb 3-1: USB disconnect, device number 17 [ 951.596454][T18543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3699'. [ 951.608363][T18543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3699'. [ 951.618907][T18543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3699'. [ 951.630454][T18543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3699'. [ 951.752381][T17662] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 951.907601][T17662] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 951.917384][T17662] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 951.925840][T17662] usb 4-1: Product: syz [ 951.930712][T17662] usb 4-1: Manufacturer: syz [ 951.937709][T17662] usb 4-1: SerialNumber: syz [ 951.945902][T17662] usb 4-1: config 0 descriptor?? [ 952.158559][T17662] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 952.792045][T18560] ipip0: entered promiscuous mode [ 952.797308][T18560] ipip0: entered allmulticast mode [ 952.857867][T10404] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 952.917399][T18562] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3706'. [ 952.944835][T18562] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3706'. [ 953.014481][T10404] usb 3-1: Using ep0 maxpacket: 8 [ 953.028640][T10404] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 953.052077][T17662] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 953.066890][T10404] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 953.116048][T10404] pvrusb2: Hardware description: Terratec Grabster AV400 [ 953.131267][T10404] pvrusb2: ********** [ 953.148698][T10404] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 953.187434][T10404] pvrusb2: Important functionality might not be entirely working. [ 953.233916][T10404] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 953.256728][T10404] pvrusb2: ********** [ 953.372922][ T2345] pvrusb2: Invalid write control endpoint [ 953.532583][ T5833] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 953.543953][ T5833] Bluetooth: hci2: Injecting HCI hardware error event [ 953.562130][ T5833] Bluetooth: hci2: hardware error 0x00 [ 953.686330][ T2345] pvrusb2: Invalid write control endpoint [ 953.692129][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 953.796804][T15793] usb 4-1: USB disconnect, device number 23 [ 953.804709][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 953.871223][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 953.914510][ T2345] pvrusb2: Device being rendered inoperable [ 953.920582][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 953.931504][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d) [ 953.955571][ T2345] pvrusb2: Attached sub-driver cx25840 [ 953.961121][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 953.975515][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 954.478355][T18596] pvrusb2: Killing an I2C write to 1 that is too large (desired=122 limit=61) [ 954.632630][T15793] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 954.707118][T18600] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3715'. [ 954.875114][T15793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 954.906254][T15793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 954.928317][T15793] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 954.958342][T15793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 954.993084][T15793] usb 4-1: config 0 descriptor?? [ 955.476202][T15793] logitech 0003:046D:C293.0034: unbalanced delimiter at end of report description [ 955.502458][T15793] logitech 0003:046D:C293.0034: parse failed [ 955.522959][T15793] logitech 0003:046D:C293.0034: probe with driver logitech failed with error -22 [ 955.616205][ T5833] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 955.663982][T18593] netlink: 'syz.3.3714': attribute type 3 has an invalid length. [ 955.694888][T18593] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3714'. [ 955.745818][T15793] usb 3-1: USB disconnect, device number 18 [ 955.785542][T18593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3714'. [ 955.864914][T18593] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3714'. [ 955.915078][T10404] usb 4-1: USB disconnect, device number 24 [ 956.293302][T18612] FAULT_INJECTION: forcing a failure. [ 956.293302][T18612] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 956.332735][T18612] CPU: 1 UID: 0 PID: 18612 Comm: syz.0.3718 Tainted: G L syzkaller #0 PREEMPT(full) [ 956.332771][T18612] Tainted: [L]=SOFTLOCKUP [ 956.332780][T18612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 956.332795][T18612] Call Trace: [ 956.332804][T18612] [ 956.332815][T18612] dump_stack_lvl+0xe8/0x150 [ 956.332850][T18612] should_fail_ex+0x414/0x560 [ 956.332890][T18612] _copy_from_user+0x2d/0xb0 [ 956.332918][T18612] get_compat_msghdr+0xad/0x4a0 [ 956.332955][T18612] ? __pfx_get_compat_msghdr+0x10/0x10 [ 956.332986][T18612] ? rcu_is_watching+0x15/0xb0 [ 956.333013][T18612] ? ___sys_recvmsg+0x1c4/0x510 [ 956.333051][T18612] ___sys_recvmsg+0x17f/0x510 [ 956.333076][T18612] ? _parse_integer_limit+0x1ae/0x1f0 [ 956.333112][T18612] ? __pfx____sys_recvmsg+0x10/0x10 [ 956.333137][T18612] ? kstrtoull+0x12f/0x1d0 [ 956.333171][T18612] ? __fget_files+0x2a/0x420 [ 956.333226][T18612] do_recvmmsg+0x36a/0x770 [ 956.333264][T18612] ? __pfx_do_recvmmsg+0x10/0x10 [ 956.333291][T18612] ? ksys_write+0x1cb/0x250 [ 956.333332][T18612] ? __fget_files+0x3a0/0x420 [ 956.333366][T18612] __sys_recvmmsg+0x19d/0x280 [ 956.333395][T18612] ? __pfx___sys_recvmmsg+0x10/0x10 [ 956.333422][T18612] ? __pfx_ksys_write+0x10/0x10 [ 956.333448][T18612] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 956.333483][T18612] __do_fast_syscall_32+0x1dc/0x560 [ 956.333508][T18612] ? lockdep_hardirqs_on+0x7b/0x110 [ 956.333529][T18612] ? do_fast_syscall_32+0x34/0x80 [ 956.333553][T18612] ? irqentry_exit+0x10f/0x660 [ 956.333578][T18612] do_fast_syscall_32+0x34/0x80 [ 956.333603][T18612] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 956.333637][T18612] RIP: 0023:0xf702d539 [ 956.333665][T18612] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 956.333685][T18612] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 956.333709][T18612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 956.333725][T18612] RDX: 000000000000049e RSI: 00000000000000fe RDI: 0000000000000000 [ 956.333739][T18612] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 956.333752][T18612] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 956.333765][T18612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 956.333799][T18612] [ 956.710693][T18614] netlink: 'syz.2.3719': attribute type 6 has an invalid length. [ 956.928591][T18622] __nla_validate_parse: 1 callbacks suppressed [ 956.928613][T18622] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3722'. [ 958.683512][T18650] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3728'. [ 959.107635][T18659] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3731'. [ 959.119244][T18659] netlink: 'syz.1.3731': attribute type 7 has an invalid length. [ 959.131071][T18656] 8021q: adding VLAN 0 to HW filter on device bond2 [ 959.137876][T18659] netlink: 'syz.1.3731': attribute type 8 has an invalid length. [ 959.137914][T18659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3731'. [ 959.268435][T18656] bond2: entered promiscuous mode [ 959.280608][T18656] bond2: entered allmulticast mode [ 959.289132][T18656] bond0: (slave bond2): Enslaving as an active interface with an up link [ 959.316932][T18659] gretap0: entered promiscuous mode [ 959.345145][T18659] gretap0: left promiscuous mode [ 959.685419][T18678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3738'. [ 960.421963][T18688] nvme_fabrics: missing parameter 'transport=%s' [ 960.500317][T18688] nvme_fabrics: missing parameter 'nqn=%s' [ 961.063332][T10404] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 961.222591][T10404] usb 5-1: Using ep0 maxpacket: 32 [ 961.230414][T10404] usb 5-1: config 0 has an invalid interface number: 172 but max is 0 [ 961.245179][T10404] usb 5-1: config 0 has no interface number 0 [ 961.261858][T10404] usb 5-1: config 0 interface 172 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 961.306108][T10404] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 961.329413][T10404] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 961.364780][T10404] usb 5-1: Product: syz [ 961.372379][T10404] usb 5-1: Manufacturer: syz [ 961.408575][T10404] usb 5-1: SerialNumber: syz [ 961.420364][T18700] netlink: 'syz.0.3741': attribute type 2 has an invalid length. [ 961.433848][T10404] usb 5-1: config 0 descriptor?? [ 961.456061][T10404] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 961.471034][T18700] @;: entered promiscuous mode [ 961.486974][T18699] netlink: 'syz.3.3742': attribute type 4 has an invalid length. [ 961.538733][T18701] netlink: 'syz.3.3742': attribute type 4 has an invalid length. [ 961.640254][T18704] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3743'. [ 961.658721][T18695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 961.672742][T18704] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3743'. [ 961.693928][T18695] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 961.724212][T10404] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 961.737157][T10404] gspca_pac7302 5-1:0.172: probe with driver gspca_pac7302 failed with error -71 [ 961.783936][T10404] usb 5-1: USB disconnect, device number 16 [ 961.822788][T15793] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 961.913836][T18711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3747'. [ 961.987420][T15793] usb 4-1: Using ep0 maxpacket: 16 [ 961.994914][T15793] usb 4-1: config 251 has an invalid interface number: 202 but max is 0 [ 962.005491][T15793] usb 4-1: config 251 has no interface number 0 [ 962.012016][T15793] usb 4-1: config 251 interface 202 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 16 [ 962.026289][T15793] usb 4-1: config 251 interface 202 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 962.043893][T15793] usb 4-1: config 251 interface 202 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 962.055971][T15793] usb 4-1: config 251 interface 202 altsetting 1 has an endpoint descriptor with address 0xC1, changing to 0x81 [ 962.070434][T15793] usb 4-1: config 251 interface 202 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 962.081454][T15793] usb 4-1: config 251 interface 202 altsetting 1 bulk endpoint 0x81 has invalid maxpacket 0 [ 962.094220][T15793] usb 4-1: config 251 interface 202 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 962.108043][T15793] usb 4-1: config 251 interface 202 has no altsetting 0 [ 962.121716][T15793] usb 4-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=bb.c9 [ 962.134542][T15793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 962.143376][T15793] usb 4-1: Product: syz [ 962.153710][T15793] usb 4-1: Manufacturer: syz [ 962.158537][T15793] usb 4-1: SerialNumber: syz [ 962.170383][T18699] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 962.935592][T15793] cxacru_cm: 6 callbacks suppressed [ 962.935621][T15793] cxacru 4-1:251.202: submit of read urb for cm 0x90 failed (-90) [ 963.038655][T15793] cxacru 4-1:251.202: usbatm_usb_probe: invalid endpoint 02! [ 963.133184][T15793] cxacru 4-1:251.202: probe with driver cxacru failed with error -22 [ 963.169187][T15793] usb 4-1: USB disconnect, device number 25 [ 963.737013][T18744] syzkaller0: entered promiscuous mode [ 963.742663][T18744] syzkaller0: entered allmulticast mode [ 964.056956][T18755] netlink: 212304 bytes leftover after parsing attributes in process `syz.1.3757'. [ 964.070856][T18755] openvswitch: netlink: Message has 6 unknown bytes. [ 964.314615][T18761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3761'. [ 964.659862][T18768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3764'. [ 964.710785][T18768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3764'. [ 964.741817][T18768] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3764'. [ 964.838362][T18768] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3764'. [ 965.368314][T18777] tipc: Enabled bearer , priority 0 [ 965.377822][T18777] syzkaller0: entered promiscuous mode [ 965.383706][T18777] syzkaller0: entered allmulticast mode [ 965.558106][T18777] tipc: Resetting bearer [ 965.763163][T10404] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 965.941373][T10404] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 965.953333][T18789] xt_hashlimit: max too large, truncated to 1048576 [ 965.962112][T10404] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 966.022969][T10404] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 966.032555][T10404] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 966.044509][T10404] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 966.065958][T10404] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 966.075754][T10404] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 966.083970][T10404] usb 5-1: Product: syz [ 966.090020][T10404] usb 5-1: Manufacturer: syz [ 966.111286][T10404] cdc_wdm 5-1:1.0: skipping garbage [ 966.116954][T10404] cdc_wdm 5-1:1.0: skipping garbage [ 966.124189][T10404] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 966.130699][T10404] cdc_wdm 5-1:1.0: Unknown control protocol [ 966.421351][T18769] tipc: Resetting bearer [ 966.434304][T18794] ptrace attach of "./syz-executor exec"[16256] was attempted by "./syz-executor exec"[18794] [ 966.593978][T18803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 966.656026][T18769] tipc: Disabling bearer [ 966.705169][T18803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 966.881342][T18803] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 967.008969][T18806] loop1: detected capacity change from 0 to 6 [ 967.069557][ C1] blk_print_req_error: 13 callbacks suppressed [ 967.069581][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 967.085526][ C1] buffer_io_error: 13 callbacks suppressed [ 967.085548][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 967.100279][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 967.109913][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 967.118831][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 967.128514][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 967.136823][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 967.146498][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 967.158803][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 967.168565][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 967.176579][T18806] ldm_validate_partition_table(): Disk read failed. [ 967.262667][T18811] [ 967.265077][T18811] ====================================================== [ 967.272127][T18811] WARNING: possible circular locking dependency detected [ 967.279210][T18811] syzkaller #0 Tainted: G L [ 967.285222][T18811] ------------------------------------------------------ [ 967.292274][T18811] syz.2.3774/18811 is trying to acquire lock: [ 967.298369][T18811] ffff88801bef0220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 967.308695][T18811] [ 967.308695][T18811] but task is already holding lock: [ 967.316087][T18811] ffff8880249d2680 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 967.325878][T18811] [ 967.325878][T18811] which lock already depends on the new lock. [ 967.325878][T18811] [ 967.336302][T18811] [ 967.336302][T18811] the existing dependency chain (in reverse order) is: [ 967.345365][T18811] [ 967.345365][T18811] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 967.354062][T18811] blk_alloc_queue+0x52f/0x610 [ 967.359384][T18811] __blk_mq_alloc_disk+0x15c/0x340 [ 967.365056][T18811] loop_add+0x411/0xad0 [ 967.369769][T18811] loop_init+0xd9/0x170 [ 967.374512][T18811] do_one_initcall+0x1f1/0x800 [ 967.379831][T18811] do_initcall_level+0x104/0x190 [ 967.385320][T18811] do_initcalls+0x59/0xa0 [ 967.390207][T18811] kernel_init_freeable+0x2a7/0x3d0 [ 967.395972][T18811] kernel_init+0x1d/0x1d0 [ 967.400867][T18811] ret_from_fork+0x510/0xa50 [ 967.406007][T18811] ret_from_fork_asm+0x1a/0x30 [ 967.411386][T18811] [ 967.411386][T18811] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 967.418640][T18811] fs_reclaim_acquire+0x72/0x100 [ 967.424135][T18811] kmem_cache_alloc_noprof+0x45/0x710 [ 967.430068][T18811] __kernfs_iattrs+0xd9/0x320 [ 967.435296][T18811] kernfs_iop_setattr+0xea/0x3f0 [ 967.440996][T18811] notify_change+0xc1a/0xf40 [ 967.446138][T18811] do_truncate+0x1a4/0x220 [ 967.451109][T18811] path_openat+0x359d/0x3dd0 [ 967.456245][T18811] do_filp_open+0x1fa/0x410 [ 967.461291][T18811] do_sys_openat2+0x121/0x200 [ 967.466521][T18811] __x64_sys_openat+0x138/0x170 [ 967.471924][T18811] do_syscall_64+0xec/0xf80 [ 967.476976][T18811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.483427][T18811] [ 967.483427][T18811] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 967.491981][T18811] __lock_acquire+0x15a6/0x2cf0 [ 967.497383][T18811] lock_acquire+0x107/0x340 [ 967.502437][T18811] down_read+0x47/0x2e0 [ 967.507138][T18811] kernfs_iop_getattr+0x9e/0x450 [ 967.512622][T18811] vfs_getattr_nosec+0x2e1/0x430 [ 967.518109][T18811] loop_assign_backing_file+0x222/0x400 [ 967.524205][T18811] lo_ioctl+0x167f/0x1c50 [ 967.529094][T18811] lo_compat_ioctl+0x298/0x330 [ 967.534413][T18811] compat_blkdev_ioctl+0x5d8/0x770 [ 967.540103][T18811] __ia32_compat_sys_ioctl+0x543/0x840 [ 967.546103][T18811] __do_fast_syscall_32+0x1dc/0x560 [ 967.551842][T18811] do_fast_syscall_32+0x34/0x80 [ 967.557251][T18811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 967.564136][T18811] [ 967.564136][T18811] other info that might help us debug this: [ 967.564136][T18811] [ 967.574387][T18811] Chain exists of: [ 967.574387][T18811] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 967.574387][T18811] [ 967.589288][T18811] Possible unsafe locking scenario: [ 967.589288][T18811] [ 967.596766][T18811] CPU0 CPU1 [ 967.602156][T18811] ---- ---- [ 967.607538][T18811] lock(&q->q_usage_counter(io)#18); [ 967.612942][T18811] lock(fs_reclaim); [ 967.619475][T18811] lock(&q->q_usage_counter(io)#18); [ 967.627398][T18811] rlock(&root->kernfs_iattr_rwsem); [ 967.632796][T18811] [ 967.632796][T18811] *** DEADLOCK *** [ 967.632796][T18811] [ 967.640961][T18811] 3 locks held by syz.2.3774/18811: [ 967.646187][T18811] #0: ffff888142736448 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x11e4/0x1c50 [ 967.655294][T18811] #1: ffff8880249d2680 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 967.665539][T18811] #2: ffff8880249d26b8 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: lo_ioctl+0x1604/0x1c50 [ 967.675968][T18811] [ 967.675968][T18811] stack backtrace: [ 967.682041][T18811] CPU: 0 UID: 0 PID: 18811 Comm: syz.2.3774 Tainted: G L syzkaller #0 PREEMPT(full) [ 967.682071][T18811] Tainted: [L]=SOFTLOCKUP [ 967.682079][T18811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 967.682090][T18811] Call Trace: [ 967.682102][T18811] [ 967.682111][T18811] dump_stack_lvl+0xe8/0x150 [ 967.682142][T18811] print_circular_bug+0x2e2/0x300 [ 967.682171][T18811] check_noncircular+0x12e/0x150 [ 967.682197][T18811] __lock_acquire+0x15a6/0x2cf0 [ 967.682218][T18811] ? tomoyo_path_perm+0x1e3/0x4b0 [ 967.682248][T18811] ? kernfs_iop_getattr+0x9e/0x450 [ 967.682268][T18811] lock_acquire+0x107/0x340 [ 967.682288][T18811] ? kernfs_iop_getattr+0x9e/0x450 [ 967.682315][T18811] down_read+0x47/0x2e0 [ 967.682336][T18811] ? kernfs_iop_getattr+0x9e/0x450 [ 967.682356][T18811] kernfs_iop_getattr+0x9e/0x450 [ 967.682377][T18811] vfs_getattr_nosec+0x2e1/0x430 [ 967.682402][T18811] loop_assign_backing_file+0x222/0x400 [ 967.682428][T18811] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 967.682464][T18811] lo_ioctl+0x167f/0x1c50 [ 967.682489][T18811] ? __pfx_lo_ioctl+0x10/0x10 [ 967.682547][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682567][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682587][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682606][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682626][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682644][T18811] ? __lock_acquire+0x6b6/0x2cf0 [ 967.682666][T18811] ? unwind_next_frame+0xa5/0x23d0 [ 967.682690][T18811] ? unwind_next_frame+0xa5/0x23d0 [ 967.682711][T18811] ? is_bpf_text_address+0x26/0x2b0 [ 967.682743][T18811] ? is_bpf_text_address+0x26/0x2b0 [ 967.682773][T18811] ? is_bpf_text_address+0x292/0x2b0 [ 967.682800][T18811] ? is_bpf_text_address+0x26/0x2b0 [ 967.682828][T18811] ? kernel_text_address+0xa5/0xe0 [ 967.682854][T18811] ? __kernel_text_address+0xd/0x40 [ 967.682879][T18811] ? unwind_get_return_address+0x4d/0x90 [ 967.682900][T18811] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 967.682928][T18811] ? arch_stack_walk+0xfc/0x150 [ 967.682953][T18811] ? stack_trace_save+0x9c/0xe0 [ 967.682979][T18811] ? __pfx_stack_trace_save+0x10/0x10 [ 967.683006][T18811] ? stack_depot_save_flags+0x33/0x810 [ 967.683047][T18811] ? kasan_save_track+0x4f/0x80 [ 967.683065][T18811] ? kasan_save_track+0x3e/0x80 [ 967.683082][T18811] ? kasan_save_free_info+0x46/0x50 [ 967.683107][T18811] ? __kasan_slab_free+0x5c/0x80 [ 967.683125][T18811] ? kfree+0x1c0/0x660 [ 967.683150][T18811] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 967.683169][T18811] ? security_file_ioctl_compat+0xcb/0x2d0 [ 967.683186][T18811] ? __ia32_compat_sys_ioctl+0x128/0x840 [ 967.683203][T18811] ? __do_fast_syscall_32+0x1dc/0x560 [ 967.683223][T18811] ? do_fast_syscall_32+0x34/0x80 [ 967.683260][T18811] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 967.683287][T18811] ? __asan_memset+0x22/0x50 [ 967.683314][T18811] ? blk_get_meta_cap+0x18c/0x750 [ 967.683340][T18811] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 967.683365][T18811] lo_compat_ioctl+0x298/0x330 [ 967.683388][T18811] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 967.683409][T18811] ? blkdev_common_ioctl+0x11d9/0x2c70 [ 967.683436][T18811] ? kasan_quarantine_put+0xbb/0x1f0 [ 967.683454][T18811] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 967.683481][T18811] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 967.683501][T18811] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 967.683521][T18811] ? do_vfs_ioctl+0xbe8/0x1430 [ 967.683537][T18811] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 967.683565][T18811] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 967.683586][T18811] compat_blkdev_ioctl+0x5d8/0x770 [ 967.683612][T18811] ? __fget_files+0x2a/0x420 [ 967.683637][T18811] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 967.683662][T18811] ? __fget_files+0x2a/0x420 [ 967.683685][T18811] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 967.683707][T18811] __ia32_compat_sys_ioctl+0x543/0x840 [ 967.683725][T18811] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 967.683743][T18811] ? _raw_spin_unlock_irq+0x23/0x50 [ 967.683772][T18811] ? lockdep_hardirqs_on+0x7b/0x110 [ 967.683790][T18811] ? _raw_spin_unlock_irq+0x2e/0x50 [ 967.683816][T18811] ? __ia32_compat_sys_rt_sigprocmask+0x25b/0x390 [ 967.683840][T18811] ? __pfx___ia32_compat_sys_rt_sigprocmask+0x10/0x10 [ 967.683860][T18811] ? rcu_is_watching+0x15/0xb0 [ 967.683884][T18811] ? ret_from_fork_asm+0x1a/0x30 [ 967.683913][T18811] __do_fast_syscall_32+0x1dc/0x560 [ 967.683933][T18811] ? do_fast_syscall_32+0x34/0x80 [ 967.683955][T18811] do_fast_syscall_32+0x34/0x80 [ 967.683975][T18811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 967.683997][T18811] RIP: 0023:0xf7f15539 [ 967.684020][T18811] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 967.684038][T18811] RSP: 002b:00000000f53e555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 967.684060][T18811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004c06 [ 967.684073][T18811] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000 [ 967.684085][T18811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 967.684096][T18811] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 967.684107][T18811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 967.684126][T18811] [ 968.202118][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 968.208785][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 968.216861][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 968.221059][T15673] usb 5-1: USB disconnect, device number 17 [ 968.223485][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 968.223506][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 968.278305][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 968.288013][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 968.392287][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 968.401962][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 968.413651][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 968.423339][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 968.442519][T18806] Dev loop1: unable to read RDB block 0 [ 968.451718][ C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 968.461449][ C1] Buffer I/O error on dev loop1, logical block 0, async page read [ 968.469931][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 968.479720][ C0] Buffer I/O error on dev loop1, logical block 0, async page read [ 968.534632][T18806] loop1: unable to read partition table [ 968.546696][T18806] loop1: partition table beyond EOD, truncated [ 968.562638][T18806] loop_reread_partitions: partition scan of loop1 (3 xC) failed (rc=-5) [ 968.605405][T15673] hid-generic 0000:0000:0001.0035: unknown main item tag 0x0 [ 968.613791][T15673] hid-generic 0000:0000:0001.0035: unknown main item tag 0x0 [ 968.623517][T15673] hid-generic 0000:0000:0001.0035: hidraw0: HID v0.02 Device [syz0] on syz1 [ 968.643631][T17255] ldm_validate_partition_table(): Disk read failed. [ 968.653147][T17255] Dev loop1: unable to read RDB block 0 [ 968.659423][T17255] loop1: unable to read partition table [ 968.666238][T17255] loop1: partition table beyond EOD, truncated [ 968.673855][T18811] ldm_validate_partition_table(): Disk read failed. [ 968.681969][T18811] Dev loop1: unable to read RDB block 0 [ 968.693798][T18811] loop1: unable to read partition table [ 968.706711][T18811] loop1: partition table beyond EOD, truncated [ 968.723327][T18811] loop_reread_partitions: partition scan of loop1 (3 xC) failed (rc=-5) [ 968.775283][T18815] fido_id[18815]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 971.964918][ T5201] udevd[5201]: worker [13721] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time [ 972.654220][T15795] usb 2-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 972.672086][T15795] dvb_usb_ec168 2-1:0.1: probe with driver dvb_usb_ec168 failed with error -110 [ 972.687510][T15795] usb 2-1: USB disconnect, device number 71