last executing test programs: 4m33.093331332s ago: executing program 3 (id=1191): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x38, 0x0, 0x0, 0x0, 0xfffffffffffffd5f}, 0x1}], 0x1, 0x40010022, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) write(r1, &(0x7f0000000000), 0x0) 4m32.152097111s ago: executing program 3 (id=1201): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000680)='/sys/power/disk', 0x2, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="fc", 0x7}]) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000100)={'wg0\x00', 0x0}) sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xbc, 0x13, 0x300, 0x70bd26, 0x25dfdbfe, {0x1, 0xa, 0x81, 0x20, {0x4e24, 0x4e20, [0x5, 0xfff, 0xa20, 0x7], [0x9, 0x1, 0x4, 0x9], r3, [0x5, 0x61a000]}, 0x3}, [@INET_DIAG_REQ_BYTECODE={0x6f, 0x1, "e5f29ee6c6344c719af6477e6cb622a1c9c780ae2c5cd128f67aa7160e82b31a943ab37e22f89d941e5d2baea39ec189af945b6e666113eb9c4683b8656361960caa90d0ea14e28eceffdf84ff8e8939c21bc286bb9f738649ebfd79f6758c0cc9b93fede454e7f1604860"}]}, 0xbc}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000108fdfffffffddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000042104020008001b000000000038001a8030002d80"], 0x60}, 0x1, 0x0, 0x0, 0x4040080}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040)) syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0xfe, 0x6, 0x0, @private=0xa010102, @private=0xa010102, {[@timestamp_addr={0x44, 0x14, 0x6, 0x1, 0x0, [{@multicast1, 0xfffffffc}, {@multicast1, 0x2}]}, @generic={0x7, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 4m31.681975172s ago: executing program 3 (id=1204): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001400090527bd7000fddbdf25022000cb", @ANYRES32, @ANYBLOB="08001600ac1e0101080008000001000008"], 0x40}, 0x1, 0x0, 0x0, 0x4040014}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3f0, 0x220, 0x308, 0x220, 0x308, 0x308, 0x308, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0xffffff00, 0x1, 0x0, {@empty, {[0x0, 0x0, 0xff]}}, {@mac=@local}, 0x0, 0x7, 0x2, 0x0, 0x800, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00', {}, {}, 0x0, 0x180}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @loopback, @broadcast, 0x6, 0xfffffffe}}}, {{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, 0x0, 0x0, 0x0, 0xfd, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00', {}, {}, 0x0, 0xc}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}, @broadcast, @dev={0xac, 0x14, 0x14, 0x12}, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x9}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x20058) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902b00003010000000904008000010100000a24010800000201020d2406000003080000000000000c24020601010608000010000c24020800000300000000000924060506010129000924030001030005000c240206"], 0x0) 4m28.519773736s ago: executing program 3 (id=1214): socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000000c0)={0x80, 0x7, 0x1, 0x0, 0x7995}, 0x8, 0x3, 0x0, 0x48000000, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r4, 0x4008550c, &(0x7f0000000380)) ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000440)=0x2000) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8003, 0x0, 0x9, 0x8000, 0x3, 0x4, 0xfffbffff}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$getownex(r0, 0x10, 0x0) ptrace$cont(0x1f, 0x0, 0x100, 0x4) r5 = socket(0x1e, 0x803, 0x0) sendto(r5, &(0x7f0000000340)="7210ec0e65eb18223831eba89a2803de2dcb34275c34ee5fb91b5a3d089fb591400abfb7115a689bcdbfd9d6ca0323d77b384c6c1ed4792543388ada5ef7b168ff79aee65d99acc3a670bda266a634067d0ef22cb36f1a7e25ad567e31a88e4fbdeedba2d3477436a6ecbae8e742ddd805ffc1deca47e4f6878ba808f64b12d149e94997d60a496d1468f1f57d801704ca621097fdd248bed678dfddfacbdfc8bb66e165560580d731b3e40a4ba0405eed96bf6a9788cc54998061f06c6cb2647c33c70168561dfcd3c8ec3bb0db", 0xce, 0x20040000, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18) unshare(0x2a060c00) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 4m24.649799073s ago: executing program 3 (id=1225): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6400000002060108000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574000000140007800800064020000000080013"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000006e00)={&(0x7f0000006c40)={0x14, 0x27, 0x1, 0x70bd27, 0x25dfdbfd, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x2000c810}, 0x8000) 4m24.152186969s ago: executing program 3 (id=1230): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x87}, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040)={0xb}, 0x1) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback={0x300000000000000}, 0xffffffff}, 0x1c) 4m23.507860634s ago: executing program 32 (id=1230): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x87}, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040)={0xb}, 0x1) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback={0x300000000000000}, 0xffffffff}, 0x1c) 10.72668947s ago: executing program 5 (id=2356): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) socket$can_raw(0x1d, 0x3, 0x1) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = gettid() prlimit64(r7, 0xf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) 8.324995157s ago: executing program 5 (id=2362): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000003140)={0x0, 0x0, 0x0}, &(0x7f0000003180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000140)={r4, 0x10, 0x10, 0x1ff, 0x7f}, &(0x7f0000000180)=0x18) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x24000, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r5, 0x84009422, &(0x7f0000002680)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa02, 0x0) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x11) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58) r10 = accept$alg(r9, 0x0, 0x0) sendmmsg$alg(r10, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='v', 0xf4240}], 0x1}], 0x4924924924923d5, 0x8004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r8, 0x7e423000) read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x3d2) 8.151296638s ago: executing program 1 (id=2363): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001040)={0x38, 0x42, 0x1, 0xffffffff, 0x25dfdbfd, {0x2}, [@nested={0x18, 0x38, 0x0, 0x1, [@nested={0x14, 0x3, 0x0, 0x1, [@generic="be27a6c555e04df77b07ed37cb4d963c"]}]}, @nested={0x8, 0x1, 0x0, 0x1, [@typed={0x4, 0xc8}]}, @nested={0x4, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x440d4) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000840000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 8.149820183s ago: executing program 2 (id=2364): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x80) r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_TRY_FMT(r6, 0xc0d05640, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) 7.992588561s ago: executing program 0 (id=2366): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000029000000370000002f5a"], 0xb8}}], 0x20, 0x4800) 7.771186369s ago: executing program 0 (id=2367): syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x40800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000f80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x40080) r3 = socket(0xa, 0x5, 0x0) sendmmsg$inet_sctp(r3, &(0x7f0000000ac0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYRES32=0x0], 0x48, 0x40000}], 0x1, 0x6004c801) r4 = socket$nl_route(0x10, 0x3, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x400102, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet_sctp(0x2, 0x1, 0x84) r7 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000001c0), 0x58000, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000640)={'wlan0\x00', @local}) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000080)={r8, 0x2, 0x1, "fa"}, 0x9) setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000005c0)=@assoc_value={r8, 0x4}, 0x8) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000005500e501000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB], 0x38}}, 0x20044050) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b700000000c300ffc3000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a740000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sysvipc/msg\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000180)) lseek(r9, 0x4000000007, 0x1) 7.511022651s ago: executing program 4 (id=2368): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) write$char_usb(r1, &(0x7f0000000280)='4', 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_cache\x00') read$FUSE(r2, &(0x7f0000001400)={0x2020}, 0x2020) (async) preadv(r2, &(0x7f00000013c0)=[{&(0x7f0000000100)=""/190, 0xbe}], 0x1, 0x7, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) (async) setpgid(0x0, 0x0) (async) syz_usb_disconnect(r0) 6.854062837s ago: executing program 5 (id=2369): fsopen(&(0x7f0000000580)='overlay\x00', 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmsg$qrtr(r5, 0x0, 0x0, 0x40) sendmmsg$alg(r5, &(0x7f0000004e00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30, 0x88010}], 0x1, 0x20000010) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x20000045}, 0x40046) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r5) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) creat(0x0, 0xecf86c37d53049cc) socketpair$unix(0x1, 0x3, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r7, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 6.77593265s ago: executing program 1 (id=2370): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0xfffff000) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) (async) r3 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r3, 0x40045731, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) (async, rerun: 32) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x5, 0x5, {0xffffffffffffffff}, {}, 0x183639ee, 0x10001}) (async, rerun: 32) r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r4, 0xc004562f, &(0x7f0000000000)=0x1) (async) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x195, 0x1, 0x1, 0xdd9f83, 0x1, 0x2f, 0xf3, 0xb70, 0x8, 0x722, 0x74e, 0x7, 0x7f, 0x27, 0x20, {0x0, 0x6fd8e84b}, 0x3, 0xed}}) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x100000001, 0x2401) mmap$usbfs(&(0x7f0000658000/0x2000)=nil, 0x2000, 0x0, 0x11, r5, 0x1000) (async, rerun: 64) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (async, rerun: 64) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) (async, rerun: 32) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4}, 0x50) (rerun: 32) r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000fc4fbe)=""/80, 0x50) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x3ff, '\x00', 0x0, r7, 0x3, 0x2, 0xc}, 0x50) (async) pipe(&(0x7f0000000080)) 6.502931573s ago: executing program 2 (id=2371): syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}}, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"]) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf09000000000000"], 0x0, 0x10007, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}}) 5.609050877s ago: executing program 1 (id=2372): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x80) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = gettid() prlimit64(r7, 0xf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) 5.459425784s ago: executing program 4 (id=2373): r0 = syz_open_procfs(0x0, &(0x7f0000001080)='attr/fscreate\x00') ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000000)={0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000b32000/0x400000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000001000/0x4000)=nil, 0x3) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0xe0f5, 0x2, 0x2, 0xf2}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000400)=[0xe758], 0x2) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) close(0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2}, 0x94) r3 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="8c00000010001fff28bd70000000800000000000", @ANYRES32=0x0, @ANYBLOB="efb00000800000006c0012800b00010062726964676500005c00028008000500010000000c002e"], 0x8c}, 0x1, 0x0, 0x0, 0x4000084}, 0x14) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) recvmmsg(r5, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000001580)=""/179, 0xb3}], 0x1}, 0x7}], 0x1, 0x100, 0x0) io_uring_register$IORING_REGISTER_RING_FDS(r2, 0x14, &(0x7f0000000780)=[{0x0, 0x1, 0x0, 0x0, 0x0}], 0x1) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400200142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xfb}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) lseek(r0, 0x80000004, 0x1) 5.305243174s ago: executing program 2 (id=2374): r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r4, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x30) 4.091719254s ago: executing program 0 (id=2375): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) socket$can_raw(0x1d, 0x3, 0x1) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = gettid() prlimit64(r7, 0xf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) 3.972045258s ago: executing program 5 (id=2376): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) socket$can_raw(0x1d, 0x3, 0x1) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = gettid() prlimit64(r7, 0xf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) 2.626582173s ago: executing program 1 (id=2377): syz_io_uring_setup(0x7d41, &(0x7f0000000300)={0x0, 0xa778, 0x80, 0x0, 0xd2}, &(0x7f0000000240), &(0x7f0000000380)) r0 = io_uring_setup(0x7f25, &(0x7f0000000080)={0x0, 0x752, 0x4000, 0xfffffffd, 0x352}) syz_io_uring_setup(0xd7, 0x0, &(0x7f0000000080), &(0x7f00000000c0)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_CROP(r2, 0xc014563b, &(0x7f0000000040)={0x5, {0x4, 0x2, 0x5, 0x5}}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) close_range(r3, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040), 0x4) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000100)=""/80, 0x50}) syz_io_uring_setup(0x3bd5, &(0x7f0000000180)={0x0, 0x197d, 0x8, 0x2, 0x30e, 0x0, r0}, &(0x7f0000000040), &(0x7f0000000000)) r4 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000280ffffff05000500000000000a"], 0x80}}, 0x0) 2.33887831s ago: executing program 1 (id=2378): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x28ee, 0x4) write(r0, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@ipv4_newaddr={0x34, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x7, 0x51, 0xff, r4}, [@IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0x4, 0xffffff81, 0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c0d0}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}}) recvmmsg(r0, &(0x7f00000055c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)=""/17, 0x11}, 0xffffffff}], 0x1, 0x2000, 0x0) 2.13593605s ago: executing program 4 (id=2379): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r0 = socket$inet_sctp(0x2, 0x5, 0x84) dup(r0) r1 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r1, &(0x7f0000000a80)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0xa}, 0x200, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="120000000000000929000000", @ANYRES64=r1], 0x108}}], 0x1, 0xc040) 2.122012435s ago: executing program 1 (id=2380): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x118d7, 0x0, 0x0, &(0x7f00000002c0)=0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockname$inet(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x22) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x841) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) unshare(0x62040200) syz_usb_connect(0x70b77566eba34c2e, 0x4a, &(0x7f00000007c0)=ANY=[@ANYRES8, @ANYRES16=r4, @ANYRESOCT=r1, @ANYRESHEX=r0, @ANYBLOB="e3f066d7bef3cc6d0ca6394c863eaa65243264d189b532da3a3b8d719008a224c97207f2672735981d28ea0ce1af59835f33881662448510be1b972d48fabc8413f1cc541b99ed1760100c4e3af87d02e3b74e4a9fed96c62a49db3f9fd7ae62f4bf7bfa0d13cf227a1d6eca691d80ae62472ea605f581ac9988208e5a12341bc2af1de7cd1c5994a2d46b53f882d307094f08c9cadee43ae37335b7c224ac05138b31f58f63ebf05e4757e1cabca8931657876775464bfcc69263892b3c7ba053c243d5bd1f279f3ac5e7b09e326bfe764535e859d1e3ea42336572c051b89a5c5444a22e204f486a4e86d2a89aad7738d78f88b881d19de4ba7dd950f1bc6dc800fae819dbba8a6771501c43ec423e1246dd4b32d08f25c9f4116d73c2a9696b52190c2aab0cd3571e94bcb26548beebadd0caa47bbf6d79d6be4f9a5c76c3bb2adf090361f83cf39fe5c5042f5e55913e975f1237ab16b064d7a463056b82839b5f96f624cc7ded6b3c4709aa62a85885efb363af1d773be35211153e59b10e157868b4436bc5eca5c67f4f2cea58f7196c6189a0d0d223baa7028fc61eabe138eeeac64301c365ee050e127b6ffd5113867c8c0a257374d39144415962feba2d6d50fd7ab486f2acadbe3ff160a2d734820d243d7d01af4ff95ac92f26434a947a0450bd07172f345569bc49a2a8afcc15c90178c28f84efc62f544b6327e87499aaf47865cd2e8a9450daaa6ca1567cb05a0adb95ebb112e42d9d968c69ac3f22e44f9ccf766204ab001ea393ae026620cde2628be68cc9c170908f93cd6d68fcc131e29b4407aba172bab6cef99f92316713c9f1f920a96ddc2daa1d4145f7165553dfa5b7bce9b15de30e6b90b4e86ce94b28ff07b97addcd50acce2c1b5f7857da99473ba026ef33c06ec2b9e5962bdaac3a532ae184d30f7a0bb1fd4ac36d87fa76b731e32f09e2fb0cc8026230838ed85c0a2b0d402da5e5c1de64bdcc0d938f5b2c9f90e29dfb61c207c546e8d372457e264d0e123a07d0740c2351f41b502a7ed220d51ba2f1dd9d363092535e45e335f8eb8a64eb178d694fb633e1c2a52ded6920d7dbd191ecfddf7a7e6fdc0ff140742b5f9113c08d554abf6399516e7a317bcfb198c38260099502aee2287cb6338612a9c8776b52d73ef00347084fee31aaf534139b6a0b3d06cca4fdf1b543027f7fff8585f264762496f9997a4a42cd53586a70c6b0c970e92f8723424826e3056fabce5725208c77d6e3cdf4979458fc56254d378f32996bbad9eb2a1cd29a06c0125e758a8f36317de4c5a02e3ca57646c9c749d73ed860423ce12380bfa68c6895bad46ce8668f4c9dc2c679b3a4daf8964988374f486937e9ac807042add36782e3f3b23abb7416dabe5187b6b14413f2d5928934bacc043cbd55a5f0fa50f5db7d1d31b8fb481869813e2488e4f95dd99072fe93fc67a1c9ba5d4eaf5260ddf3681f12ea4efb99a7ecbfd989a5c666d70d4f53b1edf721f3e6a676acf7322a1eaaf38cb1874cdf9729e77939be4ab646fe3133b4f57fedbd18100ac7b0c12ee5fb42efb66e65ee403da8e52da8d0ad0993d55f9cd0187a12aaf38426d8b9056b4e9d634755d9966faa0792e5f559677457cf76c9b43b7a3c039bd6f9203f8820e7bec81ec566d823d6ad5bfe6ede0e6cb3d02f405e30d00f152cb3f82e9e96f036a477815c19a63a5237765f655d49524618b77b53f644340aac12a2b3ac93737416d8e31e75849761045a0a8ae8738d7216b421fc7459ac0699fec209db2697c5e40c95e6b817c8aa45501ca82c3324e460183e81feab48ec101681930f069e063658bf7160246ed64eedaadbf2f1c0916481d5f21342827a5e0558aff2d579121520c7be1049160f36d0f47e180846c19cd12ae8b7df33f66ecaaf31a9d51a3216be9d04abb3ce7fbe3ef730d0980ab68c2eed95e9e45e1d4c9925a1d4303f1c5462b5e78f7b1364196db5a1a76a9e2fd1fe6cdc5887789726bec56c080330ebc2214e07a43fc145528908a316739cbb52c90625910ad5148bf15e7eeddd93f2a635a665f42a698a606e814b870907b6e76de76a8ca1c97d9b5d5964d50918a96b3944f32ada1129a1416a9e09d2e0aa0348714fd94e70c17ed7f5114bfad103fda6ea5279581e4d34d6a33850a5ede09c23e4f629f4f9ec2b04f6a910c1eef851487fcdcd9b6d0e66c3bb5b8ba650263d85a129a94ad1ee47919a7d4375d4b3449e3d4908ee01d30214b69cc3e5aa0b9c4ada94c34c066bb427cb4574f48663f254cd72012060711bf7aea88f83668d31a9ba05a5756d2cce6d90570ec4012ac9767de82f90d01df6d53eec08ac3d8f700650ac098361badac565e8ccc61591bb8385b9bcf0b05f11607c10224f02611f7717cdf56157d24f1a39c9d2fb6fdeab08386b14d2477efab8992e2cf67169514305bedf06d45d0e86463a50f258a51a2fc3c000fb4cd10f8153b3cc4960e82034ed806d67ddadff9b61a9272aba9e72220ed727fc241e1c7d45d320b8aea2323e041b23896e4b012c0442cf41dc91571e80fe9c634730628a6a54f3620806b0cd9c761102a61a21097667eefe1a66fe21a416ad40acd549521b83f1d0e8ea67659ab1a2b4f49bd2c41e92c25aaa8f18313092ab8cf74cbcd1cff77998d9e67c31d6cb1d490d70889c8abeaf2d899ce6f11b1b29144cbb1978488348ce5665ab9e69912bb10b2f234e8531c182bf52af38c460f51f93988bcf437ef11287b263e66c3c98efe61e29c09226e53c81181fbd7bc281c3e11510474b0a61dcb2fb0d989e215072ef9417205a6e5e6b13c5cc062a943af36bedcac428eea5ee212aa3870b1b487993738fd4ed5bb6fc3523096e3c91bf2fac3036083f771dc3e50c687948a0e2fd11b00f7afb32b1b4aa55d7d9a3f9458d13ceb982788c4cd7f7c4fe3f890ca066e0e38dbcef3f5d0b0c743ff4c0c650232b475b8ca88039cfa91eaf70707d651d012bac3e63677ec2d3e59152b8140ac101297275fd6e38af3b47b3fc285987a5782251b27ae0b967912a2ffbfea4668b58733443f81564ff54c722871bc465fa02944db4f68cf81d829b03e8e8717f2c850e44daeb48166b8e5b9d8acc88adfc8b47c05614b77277767a0730586d5cf9610115d86821a94ccab3c1dac22138eff0af83a19f59cf63067b728a81cdb12090e66a550c631b9bfb84cb1cb334189cad45b330adf5b5bb80ddad2840c70bf8d9a4d30ce50faab85e549a203c31f31701fc4b70d111728da29015a1e45c732a7b0b68a9a92829231efc98dc9883001aea225500bdc97ea47c12f3c2008a07ec38ef64e06fbc89bef32ca92d742d2d2ed02be2bc36cfaaf36e1b41bd48987a8a3c1ea8f111841f2d640623966ddc9d780c035676b8cdaf1441936633fbc5bdcfd5daadbb066d42c16e42f7cb7110a60da5797daaabe7147f6653e9c69ec80412d04be66937e75ce008ea019e9a8b2574c857d3626caea3c1fba68dcd1d7814a54847198f4e8d504b5df2abddfb76b6696ae99ea096184f33e8b0a5ddf5ec3584aa0a27cc24e82825c8b21adb1cac7fbc4fb435ef87cde5daeeaabc907da854ab353914f6ae9e073d6ee3c31964d9b7f21703646632ca4c2cd17d1215e3bdf5d42d1244967b33ee2589af29b3c234cf63be932cc31707933de8ea03c371d2766b07b4e77eef63b8a0ce1f99fedd48039b5fc8c4513b26b9bee1fd9be5be345cda5e0734213453939000d795895e2a968c3b4b99a424c338c9823ce0c68fb369b147c685cf0304a4a7d940d2ef409b2b9db262979dfb64784e36ae37b791c134d2540105252be5b7bd9e15c35a4404e6063d7d894ad0b5a930c5993db9b2a44c279e3acdd0d1a55dde09aea3b527a41d8cc79afa937008f5e2768ceeaa8162020fdd9e2d97b5fb17a3fa0a38c0a15be63718f8be1e581c05aac0cc9a024d9bd905ca938e21389d3973368b3588182aa5dff3f59029ae20157eb875131c86c1d218f42ddbcd88dc1617df9358d4371cace583b0b4e3f04a96f5a0fb3aaa817455604928e8382632a38fc1b407b6f78a6f24b0bbe59473a41f397e7c48d9c6e941dd3f33d4a961e6df18137b1ed716b24b5ed6aa780533a7e03620157879e6d1541297a3f442cc4ee656c61a19794a8fcd53d49dc7439982a920b9cc02d27a4787648d1643075a84226c7bdfdbace5bfef05fe37bd3bf4d6d925d9dfd30bf3bf8f2224e56e9bcef0e30e37e930ab95501d592bf5b1869e81ba9f716fe29e7be473f26774550000b2ca63246e575fbb286fa7885a49d87eca7b7df6e4d1d789a66db783ff61f605b5fd0d94c16a358d7310a15c9df6fbcfdb5e3419c35952002dd0ee270c85deb7ff6c727063530f933d2b3d0293cd72e5d70fffc785704ec06ca057efab7cd8cb186f5fa7bbd756570131a5147f1870060b0d91397d45845f4b35a45dc5b193327ae18d1d4295adb27ddc58e0a3990774ae12b196259102950b8678711b40f33922cc69e649c93aaeb63413a5c4660b49608bcf41c9dd8a4bc0fbd508bb1bb6a65122784052cbe01a7de3e72c52687f2e1443036a16c59ae042994e0c3259f28f8866d9fc6e693136894bca6ebe8a935e07b9654b18b0c05eff016420b0c4b48a422893df445f2239a7822555ff125065790100125c26e921effbc4a88e7f75be35871993ba3e15db6facab340c4931acafe5c3a7d17b1cd9da9baedb2a6ec7a02dba68e3bc7981f61eba9788229ff5e7ace1e3ff5e0ed471954c08db2f2a836dfd7b0a09004512a9a7a4b94faec9d5f5d0c3302b42bd24f23006fc38a3a0510d407f431d6f065eaf042b2999edee60b447f99902315f1c6e8596d086bb7121e38bc5f144eefac81e42f1092925fe313dd0176c6520f44aaf03167e3b8efc8d3eecef4d84487fd414bae4ab90ed4f8e5ac68ba1f4892c91c95b5b221a00fcca650d2c567f88eedb4c2ca170f884388d9970be87ee74e74f038b9be36e620056e1455e807f6491fa502b52d601e7f45d363463e25fe216d96ac10b103c98066cd587e67de0ed080ba810f4f9fc66ca744b975b60f966c631d46b92d191a3a818218fbe1dacd77d116df633c6a38cb00c495acc2bd7c55af5656a10210cdd23a0a7b110065156bec9fde03cd5632508a84de87a72efdad7ceb8175f27b8b1a4ce8af2de58f295774b9803d2639a2f9e702c6c75980777c1078b7ff253351ecca55f21ba69fd5540f25a99c29964532e56f9f28b8d77b43cba35be9ae1b5a6fec94aad2fbf283d774b4be0a82bfe54fe03994b7e29cbc9ccde204a5f4271428181093c53a9e48a36de0fa6b43bc6b407717877bec27c108a83e7d2a4128b397772af65daa5d1b8af9605379e40a7d56e4ab76d149f495defdcba4b005a911c9d9aaf59aca4342ac231564da93763a5183580188b5094a588e84e415f012c555859fdb17057ce6298fcbb2035008f1b37071fdbf409355d97db106e5a537668403b4f71edac6f36e7949ce89066201e2e8819a9b222637740dfb9f8a5e564e39bc6ded4020e2c2df0b33e65c3933402e2507d70b5852a6db2512533b2ae8e09f73e9de7d4585581f8b82545167a75d513b3524104b9c80c2ab287a7a29ec98ed79b5374fd948dbcc7e662d978ea8f7e7bf39a0ddd5b01e6626a7c52dce1ce9ea50c44188e9c98d1277be24b73f82f5fa235c902d656da43a6a564a6763af737d6ebfd3d6903b076d9a9c6d8dcce38896bb542c7d240c6c5025e9a1cb6da", @ANYRESHEX=r3, @ANYRESDEC, @ANYBLOB="979ff790"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x4048800) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) unshare(0x2000000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80003, 0x0) r9 = epoll_create1(0x0) r10 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f0000000780)={0x10000008}) write$dsp(r8, 0x0, 0xfffffe59) 1.98909614s ago: executing program 0 (id=2381): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000003140)={0x0, 0x0, 0x0}, &(0x7f0000003180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000140)={r4, 0x10, 0x10, 0x1ff, 0x7f}, &(0x7f0000000180)=0x18) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x24000, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r5, 0x84009422, &(0x7f0000002680)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa02, 0x0) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x11) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58) r10 = accept$alg(r9, 0x0, 0x0) sendmmsg$alg(r10, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='v', 0xf4240}], 0x1}], 0x4924924924923d5, 0x8004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r8, 0x7e423000) read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x3d2) 1.939888197s ago: executing program 4 (id=2382): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, 0x0, &(0x7f0000000000)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000005480)=@delchain={0x118, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @filter_kind_options=@f_basic={{0xa}, {0xd4, 0x2, [@TCA_BASIC_ACT={0xd0, 0x3, [@m_connmark={0xcc, 0x5, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xc0000000, 0xffffffffffffffff, 0x2, 0xe}, 0x7}}]}, {0x7d, 0x6, "6f3e464680b8dcb925d3c8416db18e2e0eecd7ba0f6003aaa71a565f40fa822f6bd63a4ca0ba27c7d18cbbdfbdb568fa69b75a5bdb35bbe794d9fbd87c7c443d003af1f22d796733e174a55728b309ff94c380276aa4c273687acbac759cf82dcb64f9e61b78c605fb9edbb86dd5ae3f174ba8489176ed907a"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x118}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/if_inet6\x00') read$FUSE(r1, &(0x7f0000004fc0)={0x2020}, 0x2020) pread64(r1, &(0x7f0000000940)=""/126, 0x7e, 0xe) read$usbmon(r1, &(0x7f00000000c0)=""/170, 0xaa) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='io\x00') pread64(r2, &(0x7f0000001240)=""/102400, 0x19000, 0x2001000000000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r2) sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000c00)={0x2b0, r3, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6143ccd2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xb7b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK={0x6c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xb}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1e}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3ff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xbf}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK={0x58, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x144d917f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x71a4790f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x617}, @TIPC_NLA_CON_FLAG]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x110, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_ID={0xab, 0x3, "28791c081cafc1806f7703530d408f4a55bdf9f7ebd66fef8cbd40682f8421ce1dd16cc232b3310133042e1ccf883d162c0ddbb0f6eefcd22018d8f58fdac754e5bfe38acf64f4486da2f29ca875319614bcf894a1bfb16c1ea37f30e49c9cd8b5283d79a3bea56da1fc284f176f72ea2a5bf108c8270ddf1b43bc6ae99796e9596f81614cbd0835d9d214b08344a6dd58471ec590e8d3a09db2b926bb4c32d705954c3c08dbfd"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3742}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "27e7eebd6989dd9e1b863d714dc44f4c109b73150480fee2bd8e2f2d5b4e3f2a53e63f88"}}]}]}, 0x294}}, 0x4000000) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x14) connect$pppoe(r1, &(0x7f0000000340)={0x18, 0x0, {0x3, @local, 'sit0\x00'}}, 0x1e) 1.868464371s ago: executing program 5 (id=2383): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x800, 0x0, 0x103, 0x1, 0x3}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000000)={0xa, 0x4e1e, 0x80000, @empty, 0x7fffffff}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}, 0x40) 1.591269841s ago: executing program 4 (id=2384): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000540)=""/1) 1.377178933s ago: executing program 5 (id=2385): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3d03) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x101000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r3, 0xc04c5349, &(0x7f00000002c0)={0x1ff, 0x8, 0x5}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=0x0) fcntl$setownex(r2, 0xf, &(0x7f00000001c0)={0x0, r4}) ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]}) kexec_load(0x0, 0x0, 0x0, 0xa0000) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3800000010000108fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000010001a800c002d80080001"], 0x38}}, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10) modify_ldt$read(0x0, 0x0, 0x0) setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000)=0x94, 0x4) sendto$inet6(r6, 0x0, 0xffffff43, 0x0, &(0x7f0000000080)={0xa, 0x4c20, 0x6, @mcast2, 0xffffffff}, 0x1c) sendto$inet6(r6, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0x22, 0x20004061, 0x0, 0x0) 1.375666787s ago: executing program 4 (id=2386): fsopen(&(0x7f0000000580)='overlay\x00', 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0f, 0xffffffff}, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmsg$qrtr(r5, 0x0, 0x0, 0x40) sendmmsg$alg(r5, &(0x7f0000004e00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30, 0x88010}], 0x1, 0x20000010) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x20000045}, 0x40046) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r5) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) creat(0x0, 0xecf86c37d53049cc) socketpair$unix(0x1, 0x3, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(0xffffffffffffffff, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 885.114278ms ago: executing program 0 (id=2387): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x800) r1 = syz_io_uring_setup(0x66f, &(0x7f0000000040)={0x0, 0x0, 0x10100, 0x0, 0x2e9}, &(0x7f0000000380), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f00000000c0)=[r0], 0x1) 879.451894ms ago: executing program 2 (id=2388): syz_io_uring_setup(0x7d41, &(0x7f0000000300)={0x0, 0xa778, 0x80, 0x0, 0xd2}, &(0x7f0000000240), &(0x7f0000000380)) r0 = io_uring_setup(0x7f25, &(0x7f0000000080)={0x0, 0x752, 0x4000, 0xfffffffd, 0x352}) syz_io_uring_setup(0xd7, &(0x7f0000000280)={0x0, 0x0, 0x40}, 0x0, &(0x7f00000000c0)) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_CROP(r2, 0xc014563b, &(0x7f0000000040)={0x5, {0x4, 0x2, 0x5, 0x5}}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) close_range(r3, 0xffffffffffffffff, 0x0) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040), 0x4) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000100)=""/80, 0x50}) syz_io_uring_setup(0x3bd5, &(0x7f0000000180)={0x0, 0x197d, 0x8, 0x2, 0x30e, 0x0, r0}, &(0x7f0000000040), &(0x7f0000000000)) r4 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000280ffffff05000500000000000a"], 0x80}}, 0x0) 245.960573ms ago: executing program 0 (id=2389): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socketpair(0x21, 0x2, 0x2, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xfffffffc, 0x2, 0x3, 0x34b}, &(0x7f0000000500), &(0x7f0000000600)) rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x4000000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_CQM(r5, 0x0, 0x880) close_range(r4, 0xffffffffffffffff, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = socket(0x9, 0x5, 0x1) syz_io_uring_submit(0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f00000007c0)=ANY=[@ANYBLOB="d4010000130a01080000000000000000030000000c000640000000000000000448000800b031e8ec3c898dc6d1d748934d84d0fdaa3defa8b7be11b47cc776b98850f0a37935ca9676cb0cef3c9c6fc4bfb400000000000000011d3c4adf26f3f6743a88b4c196aa750008000c2255fef046c768eaaa79493326c79955ccd811453922bd33ba0b08d6e15d7af0ccb3ef1708b0976e85d0f6dd1ad98f75e8f5fc5b08f8dd1d1cd7dd382679feb2ea2dda896283ce9410e7d340612afee1f6c4686ca734988b883ec2c6816d23dbfaef8600dff483d78639ad3a8988ace00000000900010073797a3100000000ac000800db7becc5cde02b7e096f14fbbf04698ad5c31f7febfda6ae457a3b069fdf7bdeeaa7e77f0ca546eb5f7183e26085b4e3cc248985a83ede1a49cdf7b6b253a7067200abeb8174fc1493bb0b14807166910c53342eae6f422c38fba125421d5ef5efd6e4121c604c60ee661f4cabc82b54e2cbfa807dc5d02325799966f465dab16d65b36e83004cee70f2dba2f6126d9a66b7b517511c4a2028a11607a3e822b4b698c7020aa8dfc40900010073797a30000000002100080090d132b8b497f98774577aa711b143e1ac9960387c26194b250c220adc0000000900010073797a3100500000"], 0x1d4}, 0x1, 0x0, 0x0, 0x20004801}, 0x40010) r8 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800) 244.973364ms ago: executing program 2 (id=2390): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x70bd2b, 0x25dfdbff, {0x2, 0x18, 0x0, 0x0, r1}, [@IFA_BROADCAST={0x8, 0x4, @broadcast}, @IFA_LOCAL={0x8, 0x2, @private=0xa010500}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40010) 0s ago: executing program 2 (id=2391): socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x7ff, 0x1, 0x2fa11, 0xffdfffff}, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffffffffe4a, 0x0, 0x0, 0x0, 0x1}) unshare(0x2a020600) r5 = timerfd_create(0x0, 0x80800) timerfd_settime(r5, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = gettid() prlimit64(r7, 0xf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x1}, 0x20) kernel console output (not intermixed with test programs): 86][T12469] [ 492.272498][ T29] audit: type=1326 audit(1772775619.666:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.295085][ T29] audit: type=1326 audit(1772775619.666:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.317629][ T29] audit: type=1326 audit(1772775619.696:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.340273][ T29] audit: type=1326 audit(1772775619.696:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.362894][ T29] audit: type=1326 audit(1772775619.696:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.385439][ T29] audit: type=1326 audit(1772775619.706:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.407932][ T29] audit: type=1326 audit(1772775619.706:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.430448][ T29] audit: type=1326 audit(1772775619.706:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12464 comm="syz.4.1919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f73dfb9c799 code=0x7ffc0000 [ 492.481741][ T3094] usb 2-1: USB disconnect, device number 56 [ 492.538785][ T5893] usb 6-1: config 0 has no interfaces? [ 492.548588][ T5893] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 492.559057][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.580362][ T5893] usb 6-1: Product: syz [ 492.590682][ T5893] usb 6-1: Manufacturer: syz [ 492.604821][ T5893] usb 6-1: SerialNumber: syz [ 492.632995][ T5893] usb 6-1: config 0 descriptor?? [ 492.681923][T11426] usb 1-1: Firmware version (0.0) predates our first public release. [ 492.699626][T11426] usb 1-1: Please update to version 0.2 or newer [ 492.823265][T11426] usb 1-1: USB disconnect, device number 63 [ 492.984903][T12462] veth0_vlan: left promiscuous mode [ 492.994527][T12462] veth0_vlan: entered promiscuous mode [ 493.033591][ T3094] usb 6-1: USB disconnect, device number 32 [ 493.311973][T12491] FAULT_INJECTION: forcing a failure. [ 493.311973][T12491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.361911][T12491] CPU: 1 UID: 0 PID: 12491 Comm: syz.4.1926 Tainted: G L syzkaller #0 PREEMPT(full) [ 493.361947][T12491] Tainted: [L]=SOFTLOCKUP [ 493.361955][T12491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 493.361968][T12491] Call Trace: [ 493.361977][T12491] [ 493.361986][T12491] dump_stack_lvl+0xe8/0x150 [ 493.362023][T12491] should_fail_ex+0x412/0x560 [ 493.362057][T12491] _copy_from_user+0x2d/0xb0 [ 493.362092][T12491] do_sys_poll+0x2a9/0x1120 [ 493.362139][T12491] ? __pfx_do_sys_poll+0x10/0x10 [ 493.362168][T12491] ? __lock_acquire+0x6b5/0x2cf0 [ 493.362199][T12491] ? is_bpf_text_address+0x26/0x2b0 [ 493.362321][T12491] ? set_user_sigmask+0xcd/0x1c0 [ 493.362350][T12491] ? __pfx_set_user_sigmask+0x10/0x10 [ 493.362389][T12491] __se_sys_ppoll+0x209/0x2b0 [ 493.362418][T12491] ? fput+0xa0/0xd0 [ 493.362451][T12491] ? __pfx___se_sys_ppoll+0x10/0x10 [ 493.362481][T12491] ? __pfx_ksys_write+0x10/0x10 [ 493.362510][T12491] ? __x64_sys_ppoll+0x20/0xc0 [ 493.362541][T12491] do_syscall_64+0x14d/0xf80 [ 493.362573][T12491] ? trace_irq_disable+0x3b/0x150 [ 493.362604][T12491] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.362627][T12491] ? clear_bhb_loop+0x40/0x90 [ 493.362653][T12491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.362674][T12491] RIP: 0033:0x7f73dfb9c799 [ 493.362694][T12491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 493.362713][T12491] RSP: 002b:00007f73e0b01028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 493.362735][T12491] RAX: ffffffffffffffda RBX: 00007f73dfe15fa0 RCX: 00007f73dfb9c799 [ 493.362752][T12491] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 493.362766][T12491] RBP: 00007f73e0b01090 R08: 0000000000000000 R09: 0000000000000000 [ 493.362780][T12491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.362792][T12491] R13: 00007f73dfe16038 R14: 00007f73dfe15fa0 R15: 00007f73dff3fa48 [ 493.362825][T12491] [ 493.762460][T12499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 493.773747][T12499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 493.877794][T12507] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 512 [ 494.116024][ T3094] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 494.276322][T12242] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 494.297793][ T3094] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 494.311315][ T3094] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 494.356177][ C1] hrtimer: interrupt took 20241 ns [ 494.388032][ T3094] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 494.403068][ T3094] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 494.447617][ T3094] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 494.453624][T12242] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.477914][ T3094] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 494.494005][T12242] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 494.496391][ T3094] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 494.519161][T12242] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 494.528723][T12524] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1938'. [ 494.536134][ T3094] usb 5-1: Product: syz [ 494.547787][T12242] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.556092][ T3094] usb 5-1: Manufacturer: syz [ 494.562698][T12524] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1938'. [ 494.582310][T12242] usb 6-1: Product: syz [ 494.587232][T12242] usb 6-1: Manufacturer: syz [ 494.591882][T12242] usb 6-1: SerialNumber: syz [ 494.612358][ T3094] cdc_wdm 5-1:1.0: skipping garbage [ 494.625693][T12242] usb 6-1: config 0 descriptor?? [ 494.639013][ T3094] cdc_wdm 5-1:1.0: skipping garbage [ 494.682968][ T3094] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 494.708483][ T3094] cdc_wdm 5-1:1.0: Unknown control protocol [ 494.882728][ T5893] usb 5-1: USB disconnect, device number 58 [ 496.534270][T12548] QAT: Device 3 not found [ 497.107843][T12242] usb 6-1: USB disconnect, device number 33 [ 497.409793][ T3094] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 497.516339][T12583] input: syz1 as /devices/virtual/input/input34 [ 497.572251][T12561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1950'. [ 497.588025][ T3094] usb 1-1: unable to get BOS descriptor or descriptor too short [ 497.609302][T12242] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 497.671249][ T3094] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 497.748233][ T3094] usb 1-1: can't read configurations, error -71 [ 497.923230][T12242] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 497.933175][T12242] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 497.944058][T12242] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 497.964265][T12242] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 498.735731][T12242] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 498.756331][T12242] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 498.765563][T12242] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 498.773630][T12242] usb 6-1: Product: syz [ 498.785679][T12242] usb 6-1: Manufacturer: syz [ 498.802363][T12242] cdc_wdm 6-1:1.0: skipping garbage [ 498.811782][T12242] cdc_wdm 6-1:1.0: skipping garbage [ 498.846548][T11426] usb 5-1: new low-speed USB device number 59 using dummy_hcd [ 498.885090][T12242] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 498.914193][T12242] cdc_wdm 6-1:1.0: Unknown control protocol [ 499.014135][ T10] usb 6-1: USB disconnect, device number 34 [ 499.025209][T11426] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 499.035205][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 499.076016][T11426] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 499.106126][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 499.130162][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 499.164028][T11426] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 499.176293][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 499.187338][T11426] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 499.225983][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 499.267399][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 499.293912][T11426] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 499.303787][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 499.326149][T11426] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 499.361689][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 499.392060][T11426] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 499.431123][T11426] usb 5-1: string descriptor 0 read error: -22 [ 499.442533][T11426] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 499.457132][T11426] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.505154][T11426] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 499.554606][T12597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.564412][T12597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 500.073196][T12586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 500.244380][T12586] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 500.308405][ T3094] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 500.320443][T12617] fuse: Bad value for 'user_id' [ 500.325334][T12617] fuse: Bad value for 'user_id' [ 500.564186][ T3094] usb 6-1: Using ep0 maxpacket: 16 [ 500.591706][ T3094] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 500.643643][ T3094] usb 6-1: config 128 has 0 interfaces, different from the descriptor's value: 1 [ 500.677353][ T3094] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 500.702483][ T3094] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.808027][T12628] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1966'. [ 501.532940][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.539466][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.945965][ T5823] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 502.121873][ T5823] usb 1-1: Using ep0 maxpacket: 8 [ 502.141392][ T5823] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 502.159174][ T5823] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 502.184189][ T5823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.204447][ T5823] usb 1-1: Product: syz [ 502.218781][ T5823] usb 1-1: Manufacturer: syz [ 502.226710][ T5823] usb 1-1: SerialNumber: syz [ 502.247176][ T5823] usb 1-1: config 0 descriptor?? [ 502.265458][ T5823] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 502.278798][ T5823] usb 1-1: setting power ON [ 502.287968][ T5823] dvb-usb: bulk message failed: -22 (2/0) [ 502.309896][ T5823] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 502.331794][ T5823] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 502.355022][ T5823] usb 1-1: media controller created [ 502.396412][ T5823] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 502.494594][ T5823] usb 1-1: selecting invalid altsetting 6 [ 502.510557][ T10] usb 5-1: USB disconnect, device number 59 [ 502.536622][ T5823] usb 1-1: digital interface selection failed (-22) [ 502.543804][ T5823] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 502.644098][ T5823] usb 1-1: setting power OFF [ 502.655855][ T5823] dvb-usb: bulk message failed: -22 (2/0) [ 502.673451][ T5823] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 502.701249][ T5823] (NULL device *): no alternate interface [ 502.758389][ T5823] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 502.798869][ T5823] usb 1-1: USB disconnect, device number 66 [ 502.966190][ T10] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 503.032823][ T5823] usb 6-1: USB disconnect, device number 35 [ 503.129605][ T10] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 503.141461][ T10] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 503.152542][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 503.161938][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 503.173796][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 503.188264][ T10] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 503.197843][ T10] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 503.207351][ T10] usb 5-1: Product: syz [ 503.211737][ T10] usb 5-1: Manufacturer: syz [ 503.253446][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 503.302434][T12648] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 503.400107][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 503.424054][ T10] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 503.435016][ T10] cdc_wdm 5-1:1.0: Unknown control protocol [ 503.501925][ T10] usb 5-1: USB disconnect, device number 60 [ 503.926596][ T10] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 504.059739][T12661] netlink: 'syz.2.1977': attribute type 27 has an invalid length. [ 504.180782][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 504.223901][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.265226][ T10] usb 2-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 504.316036][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.354758][ T10] usb 2-1: config 0 descriptor?? [ 504.393089][T12663] program syz.2.1978 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 504.411934][ T10] uvcvideo 2-1:0.0: probe with driver uvcvideo failed with error -22 [ 504.518490][T12667] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1980'. [ 504.608678][ T10] usb 2-1: USB disconnect, device number 57 [ 505.046658][T12242] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 505.167691][ T10] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 505.206812][T12242] usb 6-1: Using ep0 maxpacket: 16 [ 505.218710][T12242] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 505.236815][T12242] usb 6-1: config 128 has 0 interfaces, different from the descriptor's value: 1 [ 505.248649][T12242] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 505.258236][T12242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.358408][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 505.371391][ T10] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 505.382710][ T10] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 505.397271][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.405561][ T10] usb 1-1: Product: syz [ 505.415709][ T10] usb 1-1: Manufacturer: syz [ 505.425968][ T10] usb 1-1: SerialNumber: syz [ 505.436170][ T10] usb 1-1: config 0 descriptor?? [ 505.457880][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 505.486924][ T10] usb 1-1: setting power ON [ 505.499332][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 505.508098][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 505.508605][T12698] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1988'. [ 505.547478][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 505.733845][ T10] usb 1-1: media controller created [ 505.758287][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 505.801751][ T10] usb 1-1: selecting invalid altsetting 6 [ 505.810655][ T10] usb 1-1: digital interface selection failed (-22) [ 505.823966][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 505.861148][ T5823] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 505.875394][ T10] usb 1-1: setting power OFF [ 505.889986][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 505.915028][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 505.932557][ T10] (NULL device *): no alternate interface [ 506.035572][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 506.056306][ T5823] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 506.066091][ T5823] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 506.079749][ T5823] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 506.093726][ T10] usb 1-1: USB disconnect, device number 67 [ 506.101543][ T5823] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 506.158464][ T5823] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 506.176925][T12705] netlink: 'syz.2.1991': attribute type 11 has an invalid length. [ 506.218149][ T5823] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 506.227875][ T5823] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 506.236418][ T5823] usb 5-1: Product: syz [ 506.240788][ T5823] usb 5-1: Manufacturer: syz [ 506.278276][ T5823] cdc_wdm 5-1:1.0: skipping garbage [ 506.319371][ T5823] cdc_wdm 5-1:1.0: skipping garbage [ 506.350980][ T5823] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 506.376136][ T5823] cdc_wdm 5-1:1.0: Unknown control protocol [ 506.492459][ T5823] usb 5-1: USB disconnect, device number 61 [ 506.681211][T12712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.701452][T12712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.624947][T12724] fuse: Unknown parameter 'racerPid: 0 [ 507.624947][T12724] Uid: 0 0 0 0 [ 507.624947][T12724] Gid: 0 0 0 0 [ 507.624947][T12724] FDSize: 256 [ 507.624947][T12724] Groups: 0 65534 [ 507.624947][T12724] NStgid: 878 [ 507.624947][T12724] NSpid: 879 [ 507.624947][T12724] NSpgid: 878 [ 507.624947][T12724] NSsid: 0 [ 507.624947][T12724] Kthread: 0 [ 507.624947][T12724] VmPeak: 102224 kB [ 507.624947][T12724] VmSize: 102224 kB [ 507.624947][T12724] VmLck: 0 kB [ 507.624947][T12724] VmPin: 0 kB [ 507.624947][T12724] VmHWM: 23964 kB [ 507.624947][T12724] VmRSS: 23964 kB [ 507.624947][T12724] RssAnon: 1424 kB [ 507.624947][T12724] RssFile: 22540 kB [ 507.624947][T12724] RssShmem: 0 kB [ 507.624947][T12724] VmData: 36580 kB [ 507.624947][T12724] VmStk: 132 kB [ 507.624947][T12724] VmExe: 1772 kB [ 507.624947][T12724] VmLib: 8 kB [ 507.624947][T12724] VmPTE: 140 kB [ 507.624947][T12724] VmSwap: 0 kB [ 507.624947][T12724] HugetlbPages: 0 kB [ 507.624947][T12724] CoreDumping: 0 [ 507.624947][T12724] THP_enabled: 1 [ 507.624947][T12724] untag_mask: 0xffffffffffffffff [ 507.624947][T12724] Threads: 2 [ 507.624947][T12724] SigQ: 0/12993 [ 507.624947][T12724] SigPnd: 0000000000000000 [ 507.624947][T12724] ShdPnd: 0000000000000000 [ 507.624947][T12724] SigBlk: 0000000000000000 [ 507.624947][T12724] SigIgn: fffffffefffaba35 [ 507.624947][T12724] SigCgt: 0000000100010440 [ 507.624947][T12724] CapInh: 0000000000000000 [ 507.624947][T12724] CapPrm: 000001ffff77ffff [ 507.624947][T12724] CapEff: 000001ffff77ffff [ 507.624947][T12724] CapBnd: 000001ffffffffff [ 507.624947][T12724] CapAmb: 0000000000000000 [ 507.624947][T12724] NoNewPrivs: 0 [ 507.624947][T12724] Seccomp: 0 [ 507.624947][T12724] Seccomp_filters: 0 [ 507.624947][T12724] Speculation_Store_Bypass: thread vulnerable [ 507.624947][T12724] SpeculationIndirectBranch: conditional enabled [ 507.624947][T12724] Cpus_allowed: 3 [ 507.925489][ T10] usb 6-1: USB disconnect, device number 36 [ 508.341720][T12733] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1999'. [ 509.006890][T12242] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 509.073888][T12752] bond1: entered allmulticast mode [ 509.175977][T12242] usb 5-1: Using ep0 maxpacket: 8 [ 509.183032][T12242] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 509.196997][T12242] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 509.209723][T12242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.219257][T12242] usb 5-1: Product: syz [ 509.223562][T12242] usb 5-1: Manufacturer: syz [ 509.229143][T12242] usb 5-1: SerialNumber: syz [ 509.237468][T12242] usb 5-1: config 0 descriptor?? [ 509.248615][T12242] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 509.259417][T12242] usb 5-1: setting power ON [ 509.264138][T12242] dvb-usb: bulk message failed: -22 (2/0) [ 509.291395][T12242] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 509.301177][T11426] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 509.325194][T12242] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 509.337088][T12242] usb 5-1: media controller created [ 509.538842][T11426] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 509.553250][T11426] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 509.651481][T12242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 509.678526][T11426] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 509.721037][T11426] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 509.759719][T11426] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 509.793578][T12242] usb 5-1: selecting invalid altsetting 6 [ 509.803606][T12242] usb 5-1: digital interface selection failed (-22) [ 509.814018][T11426] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 509.841793][T11426] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 509.850700][T12242] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 509.865970][T11426] usb 1-1: Product: syz [ 509.872667][T11426] usb 1-1: Manufacturer: syz [ 509.883955][T12242] usb 5-1: setting power OFF [ 509.888950][T12242] dvb-usb: bulk message failed: -22 (2/0) [ 509.894771][T12242] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 509.908422][T12242] (NULL device *): no alternate interface [ 509.910156][T11426] cdc_wdm 1-1:1.0: skipping garbage [ 509.929395][T11426] cdc_wdm 1-1:1.0: skipping garbage [ 509.945953][ T5915] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 509.964657][T11426] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 509.990956][T11426] cdc_wdm 1-1:1.0: Unknown control protocol [ 510.027205][T12242] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 510.088576][T12242] usb 5-1: USB disconnect, device number 62 [ 510.117667][ T5915] usb 2-1: Using ep0 maxpacket: 16 [ 510.125811][ T5915] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 510.142360][ T5915] usb 2-1: config 128 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 510.162881][ T5915] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 510.192138][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.253718][ T5915] usbhid 2-1:128.0: couldn't find an input interrupt endpoint [ 510.331108][T11426] usb 1-1: USB disconnect, device number 68 [ 510.715703][T12770] loop2: detected capacity change from 0 to 7 [ 510.728014][T12770] Dev loop2: unable to read RDB block 7 [ 510.754026][T12770] loop2: unable to read partition table [ 510.760432][T12770] loop2: partition table beyond EOD, truncated [ 510.770453][T12770] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 511.154554][T12777] fuse: Bad value for 'fd' [ 511.374636][T12766] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 511.392064][T12766] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 511.411357][T12768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 511.450617][T12768] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 511.471046][T12766] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 511.486725][T12766] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 511.513522][T12768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 511.519981][T12766] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 511.526803][T12768] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 511.532870][T12766] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 511.544412][T12768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 511.556040][T12768] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 511.584740][T12766] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 511.593763][T12766] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 511.664778][T12766] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 511.704312][T12766] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 511.909929][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 511.911770][ T29] audit: type=1326 audit(1772775639.836:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 511.986880][ T29] audit: type=1326 audit(1772775639.836:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.146241][ T29] audit: type=1326 audit(1772775639.836:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.234255][ T29] audit: type=1326 audit(1772775639.836:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.291371][ T29] audit: type=1326 audit(1772775639.836:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.329019][ T29] audit: type=1326 audit(1772775639.836:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.352114][ T29] audit: type=1326 audit(1772775639.836:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.374770][ T5823] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 512.385004][ T29] audit: type=1326 audit(1772775639.846:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.413478][ T29] audit: type=1326 audit(1772775639.846:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.436869][ T29] audit: type=1326 audit(1772775639.846:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 512.535970][ T5823] usb 6-1: Using ep0 maxpacket: 32 [ 512.542845][ T5823] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 512.551706][ T5823] usb 6-1: config 0 has no interface number 0 [ 512.565505][ T5823] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 512.585222][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.600595][ T5823] usb 6-1: Product: syz [ 512.636444][ T5823] usb 6-1: Manufacturer: syz [ 512.643126][ T5823] usb 6-1: SerialNumber: syz [ 512.657019][ T5823] usb 6-1: config 0 descriptor?? [ 512.678376][ T10] usb 2-1: USB disconnect, device number 58 [ 513.231510][T12804] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.318025][T12822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.374424][T12822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.540518][T12822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.559411][T12822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.277585][ T5823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 516.292539][ T5823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 516.332737][ T5823] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 516.351430][ T5823] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 516.383716][ T5823] usb 6-1: USB disconnect, device number 37 [ 517.715968][ T5915] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 517.876092][ T5915] usb 6-1: Using ep0 maxpacket: 8 [ 517.902833][ T5915] usb 6-1: unable to get BOS descriptor or descriptor too short [ 517.918710][ T5915] usb 6-1: config 8 has an invalid interface number: 158 but max is 0 [ 517.927745][ T5915] usb 6-1: config 8 has an invalid interface number: 158 but max is 0 [ 517.956091][ T5915] usb 6-1: config 8 has no interface number 0 [ 517.973669][ T5915] usb 6-1: config 8 interface 158 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 518.063084][ T5915] usb 6-1: New USB device found, idVendor=1199, idProduct=685a, bcdDevice=56.af [ 518.072628][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.080733][ T5915] usb 6-1: Product: syz [ 518.085129][ T5915] usb 6-1: Manufacturer: syz [ 518.133417][T12884] tipc: Enabling of bearer rejected, already enabled [ 518.156340][ T5915] usb 6-1: SerialNumber: syz [ 518.477806][T12868] netlink: 'syz.5.2039': attribute type 11 has an invalid length. [ 518.502700][ T5915] sierra 6-1:8.158: Sierra USB modem converter detected [ 518.777552][ T5915] usb 6-1: Sierra USB modem converter now attached to ttyUSB0 [ 518.798704][ T5915] usb 6-1: USB disconnect, device number 38 [ 518.815273][ T5915] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 518.834463][ T5915] sierra 6-1:8.158: device disconnected [ 519.461175][T12904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2048'. [ 519.470384][T12904] openvswitch: netlink: Invalid VLAN frame [ 519.786246][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 519.786265][ T29] audit: type=1326 audit(1772775647.716:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 519.865018][ T29] audit: type=1326 audit(1772775647.716:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 519.922331][ T29] audit: type=1326 audit(1772775647.716:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.225375][T12917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.254597][T12917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.333917][ T29] audit: type=1326 audit(1772775647.716:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.484490][ T29] audit: type=1326 audit(1772775647.716:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.588003][ T29] audit: type=1326 audit(1772775647.716:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.688099][ T29] audit: type=1326 audit(1772775647.716:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.758734][ T29] audit: type=1326 audit(1772775647.716:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.827098][ T29] audit: type=1326 audit(1772775647.726:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 520.996121][ T29] audit: type=1326 audit(1772775647.726:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12909 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f842459c799 code=0x7ffc0000 [ 524.706343][T12975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2064'. [ 524.754263][T12975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2064'. [ 525.016009][T12242] usb 5-1: new full-speed USB device number 63 using dummy_hcd [ 525.188298][T12242] usb 5-1: unable to get BOS descriptor or descriptor too short [ 525.231145][T12242] usb 5-1: not running at top speed; connect to a high speed hub [ 525.281187][T12242] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 4 [ 525.350238][T12980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2065'. [ 525.359384][T12980] openvswitch: netlink: Invalid VLAN frame [ 525.455997][T12242] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 90, changing to 4 [ 525.485461][T12242] usb 5-1: New USB device found, idVendor=041e, idProduct=3042, bcdDevice= 0.40 [ 525.495169][T12242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.503579][T12242] usb 5-1: Product: Ð [ 525.578098][T12242] usb 5-1: Manufacturer: 险淹浽⮈퉛鋇ﻥ궤榩ㄤ [ 525.601410][T12242] usb 5-1: SerialNumber: ÑŠ [ 525.622104][T12985] FAULT_INJECTION: forcing a failure. [ 525.622104][T12985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 525.704862][T12985] CPU: 1 UID: 0 PID: 12985 Comm: syz.5.2068 Tainted: G L syzkaller #0 PREEMPT(full) [ 525.704899][T12985] Tainted: [L]=SOFTLOCKUP [ 525.704909][T12985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 525.704924][T12985] Call Trace: [ 525.704933][T12985] [ 525.704942][T12985] dump_stack_lvl+0xe8/0x150 [ 525.704980][T12985] should_fail_ex+0x412/0x560 [ 525.705015][T12985] _copy_from_user+0x2d/0xb0 [ 525.705051][T12985] snd_seq_write+0x309/0x820 [ 525.705101][T12985] ? __pfx_snd_seq_write+0x10/0x10 [ 525.705132][T12985] ? bpf_lsm_file_permission+0x9/0x20 [ 525.705160][T12985] ? security_file_permission+0x75/0x260 [ 525.705187][T12985] ? rw_verify_area+0x255/0x4d0 [ 525.705210][T12985] ? __pfx_snd_seq_write+0x10/0x10 [ 525.705240][T12985] vfs_write+0x29a/0xb90 [ 525.705273][T12985] ? __pfx_vfs_write+0x10/0x10 [ 525.705299][T12985] ? __fget_files+0x2a/0x420 [ 525.705335][T12985] ? __fget_files+0x2a/0x420 [ 525.705367][T12985] ? __fget_files+0x3a0/0x420 [ 525.705397][T12985] ? __fget_files+0x2a/0x420 [ 525.705439][T12985] ksys_write+0x150/0x270 [ 525.705466][T12985] ? __pfx_ksys_write+0x10/0x10 [ 525.705503][T12985] do_syscall_64+0x14d/0xf80 [ 525.705537][T12985] ? trace_irq_disable+0x3b/0x150 [ 525.705569][T12985] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.705593][T12985] ? clear_bhb_loop+0x40/0x90 [ 525.705620][T12985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.705643][T12985] RIP: 0033:0x7f317039c799 [ 525.705664][T12985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 525.705683][T12985] RSP: 002b:00007f31711ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.705707][T12985] RAX: ffffffffffffffda RBX: 00007f3170615fa0 RCX: 00007f317039c799 [ 525.705724][T12985] RDX: 00000000fffffee4 RSI: 00002000000000c0 RDI: 0000000000000003 [ 525.705739][T12985] RBP: 00007f31711ef090 R08: 0000000000000000 R09: 0000000000000000 [ 525.705753][T12985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.705767][T12985] R13: 00007f3170616038 R14: 00007f3170615fa0 R15: 00007f317073fa48 [ 525.705802][T12985] [ 526.105445][T12242] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 526.114328][T12242] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 526.121872][T12242] usb 5-1: 2:1 : unsupported sample bitwidth 4 in 60 bytes [ 526.278889][T12994] loop2: detected capacity change from 0 to 7 [ 526.287853][T12994] Dev loop2: unable to read RDB block 7 [ 526.293680][T12994] loop2: unable to read partition table [ 526.313717][T12994] loop2: partition table beyond EOD, truncated [ 526.320817][T12991] xt_hashlimit: size too large, truncated to 1048576 [ 526.329308][T12994] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 526.357917][T12242] usb 5-1: USB disconnect, device number 63 [ 526.417706][ T5192] Dev loop2: unable to read RDB block 7 [ 526.423367][ T5192] loop2: unable to read partition table [ 526.435178][ T5192] loop2: partition table beyond EOD, truncated [ 526.467902][T11426] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 526.491374][ T5914] udevd[5914]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 526.626118][T11426] usb 6-1: Using ep0 maxpacket: 8 [ 526.638146][T11426] usb 6-1: config index 0 descriptor too short (expected 30, got 18) [ 526.652996][T11426] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 526.736652][T11426] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.744747][T11426] usb 6-1: Product: syz [ 526.758521][T13002] FAULT_INJECTION: forcing a failure. [ 526.758521][T13002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 526.785440][T11426] usb 6-1: Manufacturer: syz [ 526.790503][T11426] usb 6-1: SerialNumber: syz [ 526.806282][T13002] CPU: 1 UID: 0 PID: 13002 Comm: syz.4.2074 Tainted: G L syzkaller #0 PREEMPT(full) [ 526.806316][T13002] Tainted: [L]=SOFTLOCKUP [ 526.806325][T13002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 526.806339][T13002] Call Trace: [ 526.806348][T13002] [ 526.806358][T13002] dump_stack_lvl+0xe8/0x150 [ 526.806394][T13002] should_fail_ex+0x412/0x560 [ 526.806428][T13002] _copy_from_iter+0x1d3/0x1670 [ 526.806480][T13002] ? __pfx__copy_from_iter+0x10/0x10 [ 526.806514][T13002] ? ip6_dst_lookup_tail+0x2df/0x15a0 [ 526.806660][T13002] ? skb_put+0x11b/0x210 [ 526.806696][T13002] rawv6_send_hdrinc+0x894/0x1950 [ 526.806775][T13002] ? __pfx_rawv6_send_hdrinc+0x10/0x10 [ 526.806796][T13002] ? txopt_get+0x343/0x3f0 [ 526.806817][T13002] ? __lock_acquire+0x6b5/0x2cf0 [ 526.806845][T13002] ? __pfx_txopt_get+0x10/0x10 [ 526.806876][T13002] rawv6_sendmsg+0x1338/0x18e0 [ 526.806911][T13002] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 526.806946][T13002] ? aa_sk_perm+0x6d5/0x900 [ 526.806982][T13002] ? __pfx_aa_sk_perm+0x10/0x10 [ 526.807010][T13002] ? __pfx_aa_file_perm+0x10/0x10 [ 526.807040][T13002] ? sock_rps_record_flow+0x19/0x400 [ 526.807066][T13002] ? inet_sendmsg+0x2f4/0x370 [ 526.807086][T13002] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 526.807113][T13002] ? __pfx_inet_sendmsg+0x10/0x10 [ 526.807134][T13002] sock_write_iter+0x406/0x4f0 [ 526.807162][T13002] ? __pfx_sock_write_iter+0x10/0x10 [ 526.807198][T13002] ? bpf_lsm_file_permission+0x9/0x20 [ 526.807225][T13002] ? security_file_permission+0x75/0x260 [ 526.807258][T13002] vfs_write+0x61d/0xb90 [ 526.807292][T13002] ? __pfx_vfs_write+0x10/0x10 [ 526.807325][T13002] ? __fget_files+0x2a/0x420 [ 526.807367][T13002] ksys_write+0x150/0x270 [ 526.807393][T13002] ? __pfx_ksys_write+0x10/0x10 [ 526.807429][T13002] do_syscall_64+0x14d/0xf80 [ 526.807469][T13002] ? trace_irq_disable+0x3b/0x150 [ 526.807500][T13002] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.807524][T13002] ? clear_bhb_loop+0x40/0x90 [ 526.807551][T13002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.807574][T13002] RIP: 0033:0x7f73dfb9c799 [ 526.807595][T13002] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 526.807615][T13002] RSP: 002b:00007f73e0b01028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 526.807638][T13002] RAX: ffffffffffffffda RBX: 00007f73dfe15fa0 RCX: 00007f73dfb9c799 [ 526.807655][T13002] RDX: 0000000000000046 RSI: 0000000000000000 RDI: 0000000000000003 [ 526.807669][T13002] RBP: 00007f73e0b01090 R08: 0000000000000000 R09: 0000000000000000 [ 526.807683][T13002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 526.807697][T13002] R13: 00007f73dfe16038 R14: 00007f73dfe15fa0 R15: 00007f73dff3fa48 [ 526.807731][T13002] [ 527.140210][T11426] usb 6-1: config 0 descriptor?? [ 527.176581][T13004] loop2: detected capacity change from 0 to 7 [ 527.184194][T13004] Dev loop2: unable to read RDB block 7 [ 527.190058][T13004] loop2: unable to read partition table [ 527.196999][T13004] loop2: partition table beyond EOD, truncated [ 527.203838][T13004] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 527.220577][T11426] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 527.230828][T11426] usb 6-1: setting power ON [ 527.235393][T11426] dvb-usb: bulk message failed: -22 (2/0) [ 527.266237][T11426] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 527.276824][T11426] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 527.285963][T11426] usb 6-1: media controller created [ 527.304409][T11426] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 527.329577][T11426] usb 6-1: selecting invalid altsetting 6 [ 527.335379][T11426] usb 6-1: digital interface selection failed (-22) [ 527.342204][T11426] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 527.351509][T11426] usb 6-1: setting power OFF [ 527.356635][T11426] dvb-usb: bulk message failed: -22 (2/0) [ 527.362423][T11426] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 527.376296][T11426] (NULL device *): no alternate interface [ 527.494432][T11426] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 527.800835][T11426] usb 6-1: USB disconnect, device number 39 [ 527.885979][ T5823] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 528.026887][ T5823] usb 2-1: device descriptor read/64, error -71 [ 528.307971][ T5823] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 528.445974][ T5823] usb 2-1: device descriptor read/64, error -71 [ 528.596619][ T5823] usb usb2-port1: attempt power cycle [ 528.923756][T13031] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2083'. [ 529.013988][ T5823] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 529.056733][ T5823] usb 2-1: device descriptor read/8, error -71 [ 529.306056][ T5823] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 529.400274][ T5823] usb 2-1: device descriptor read/8, error -71 [ 529.583215][T13037] FAULT_INJECTION: forcing a failure. [ 529.583215][T13037] name failslab, interval 1, probability 0, space 0, times 0 [ 529.614221][T13037] CPU: 0 UID: 0 PID: 13037 Comm: syz.4.2084 Tainted: G L syzkaller #0 PREEMPT(full) [ 529.614258][T13037] Tainted: [L]=SOFTLOCKUP [ 529.614268][T13037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 529.614284][T13037] Call Trace: [ 529.614293][T13037] [ 529.614303][T13037] dump_stack_lvl+0xe8/0x150 [ 529.614341][T13037] should_fail_ex+0x412/0x560 [ 529.614375][T13037] should_failslab+0xa8/0x100 [ 529.614403][T13037] ? do_getname+0x2e/0x250 [ 529.614431][T13037] kmem_cache_alloc_noprof+0x87/0x650 [ 529.614463][T13037] do_getname+0x2e/0x250 [ 529.614495][T13037] __se_sys_link+0x3a/0x2c0 [ 529.614528][T13037] do_syscall_64+0x14d/0xf80 [ 529.614562][T13037] ? trace_irq_disable+0x3b/0x150 [ 529.614594][T13037] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.614615][T13037] ? clear_bhb_loop+0x40/0x90 [ 529.614641][T13037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.614662][T13037] RIP: 0033:0x7f73dfb9c799 [ 529.614683][T13037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.614701][T13037] RSP: 002b:00007f73e0ae0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 529.614726][T13037] RAX: ffffffffffffffda RBX: 00007f73dfe16090 RCX: 00007f73dfb9c799 [ 529.614743][T13037] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000200000000280 [ 529.614757][T13037] RBP: 00007f73e0ae0090 R08: 0000000000000000 R09: 0000000000000000 [ 529.614772][T13037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.614785][T13037] R13: 00007f73dfe16128 R14: 00007f73dfe16090 R15: 00007f73dff3fa48 [ 529.614819][T13037] [ 529.968852][ T5823] usb usb2-port1: unable to enumerate USB device [ 530.206063][T11426] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 530.214929][ T5915] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 530.297593][T12242] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 530.346234][T11426] usb 5-1: device descriptor read/64, error -71 [ 530.352634][ T5915] usb 6-1: device descriptor read/64, error -71 [ 530.457779][T12242] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.468413][T12242] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 530.479803][T12242] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.490265][T12242] usb 1-1: config 0 descriptor?? [ 530.505800][T12242] pwc: Askey VC010 type 2 USB webcam detected. [ 530.605976][ T5915] usb 6-1: new full-speed USB device number 41 using dummy_hcd [ 530.613738][T11426] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 530.756205][ T5915] usb 6-1: device descriptor read/64, error -71 [ 530.826785][T11426] usb 5-1: device descriptor read/64, error -71 [ 530.876617][ T5915] usb usb6-port1: attempt power cycle [ 530.946731][T11426] usb usb5-port1: attempt power cycle [ 530.971214][T12242] pwc: recv_control_msg error -32 req 02 val 2b00 [ 530.979119][T12242] pwc: recv_control_msg error -32 req 02 val 2700 [ 530.987019][T12242] pwc: recv_control_msg error -32 req 02 val 2c00 [ 531.051195][T12242] pwc: recv_control_msg error -32 req 04 val 1000 [ 531.105336][T12242] pwc: recv_control_msg error -32 req 04 val 1300 [ 531.116997][T12242] pwc: recv_control_msg error -32 req 04 val 1400 [ 531.128853][T12242] pwc: recv_control_msg error -32 req 02 val 2000 [ 531.140565][T12242] pwc: recv_control_msg error -32 req 02 val 2100 [ 531.151851][T12242] pwc: recv_control_msg error -32 req 04 val 1500 [ 531.162818][T12242] pwc: recv_control_msg error -32 req 02 val 2500 [ 531.215963][ T5915] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 531.228836][T13049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 531.237606][T13049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 531.247442][ T5915] usb 6-1: device descriptor read/8, error -71 [ 531.326060][T11426] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 531.357650][T11426] usb 5-1: device descriptor read/8, error -71 [ 531.496091][ T5915] usb 6-1: new full-speed USB device number 43 using dummy_hcd [ 531.526809][ T5915] usb 6-1: device descriptor read/8, error -71 [ 531.637935][ T5915] usb usb6-port1: unable to enumerate USB device [ 531.644729][T11426] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 531.666748][T11426] usb 5-1: device descriptor read/8, error -71 [ 531.748605][T13052] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3957360648 (3957360648 ns) > initial count (2371189760 ns). Using initial count to start timer. [ 531.779247][T11426] usb usb5-port1: unable to enumerate USB device [ 531.966054][T13054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 531.982224][T13054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 532.995966][T13067] netlink: 220 bytes leftover after parsing attributes in process `syz.5.2093'. [ 533.005496][T13067] netlink: 220 bytes leftover after parsing attributes in process `syz.5.2093'. [ 533.014857][T13067] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2093'. [ 533.195984][T11426] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 533.261080][T12242] pwc: recv_control_msg error -71 req 02 val 2400 [ 533.324686][T12242] pwc: recv_control_msg error -71 req 02 val 2600 [ 533.357923][T11426] usb 5-1: Using ep0 maxpacket: 32 [ 533.380437][T11426] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 533.388952][T11426] usb 5-1: config 0 has no interface number 0 [ 533.395580][T11426] usb 5-1: config 0 interface 184 has no altsetting 0 [ 533.416122][T12242] pwc: recv_control_msg error -71 req 02 val 2900 [ 533.443149][T12242] pwc: recv_control_msg error -71 req 02 val 2800 [ 533.474249][T12242] pwc: recv_control_msg error -71 req 04 val 1100 [ 533.486354][T12242] pwc: recv_control_msg error -71 req 04 val 1200 [ 533.493283][T11426] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 533.516020][T11426] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.529358][T12242] pwc: Registered as video103. [ 533.595941][T11426] usb 5-1: Product: syz [ 533.608120][T12242] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input35 [ 533.622122][T11426] usb 5-1: Manufacturer: syz [ 533.641637][T11426] usb 5-1: SerialNumber: syz [ 533.646996][T13073] netlink: 'syz.2.2096': attribute type 21 has an invalid length. [ 533.666795][T12242] usb 1-1: USB disconnect, device number 69 [ 533.701857][T13076] FAULT_INJECTION: forcing a failure. [ 533.701857][T13076] name failslab, interval 1, probability 0, space 0, times 0 [ 533.750966][T11426] usb 5-1: config 0 descriptor?? [ 533.770305][T13076] CPU: 0 UID: 0 PID: 13076 Comm: syz.0.2097 Tainted: G L syzkaller #0 PREEMPT(full) [ 533.770339][T13076] Tainted: [L]=SOFTLOCKUP [ 533.770348][T13076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 533.770362][T13076] Call Trace: [ 533.770371][T13076] [ 533.770380][T13076] dump_stack_lvl+0xe8/0x150 [ 533.770416][T13076] should_fail_ex+0x412/0x560 [ 533.770461][T13076] should_failslab+0xa8/0x100 [ 533.770483][T13076] __kmalloc_noprof+0xe8/0x760 [ 533.770501][T13076] ? io_cache_alloc_new+0x40/0x100 [ 533.770591][T13076] ? __pfx___io_read+0x10/0x10 [ 533.770616][T13076] io_cache_alloc_new+0x40/0x100 [ 533.770638][T13076] __io_prep_rw+0x2bd/0xed0 [ 533.770667][T13076] ? __pfx___io_prep_rw+0x10/0x10 [ 533.770689][T13076] ? __io_issue_sqe+0x1f7/0x4b0 [ 533.770711][T13076] ? io_file_get_normal+0xe9/0x310 [ 533.770740][T13076] io_prep_read+0x33/0x110 [ 533.770764][T13076] io_submit_sqes+0xb35/0x2370 [ 533.770809][T13076] __se_sys_io_uring_enter+0x2cc/0x18c0 [ 533.770835][T13076] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 533.770855][T13076] ? __fget_files+0x3a0/0x420 [ 533.770880][T13076] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 533.770903][T13076] ? fput+0xa0/0xd0 [ 533.770924][T13076] ? ksys_write+0x242/0x270 [ 533.770946][T13076] ? __pfx_ksys_write+0x10/0x10 [ 533.770966][T13076] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 533.770992][T13076] do_syscall_64+0x14d/0xf80 [ 533.771015][T13076] ? trace_irq_disable+0x3b/0x150 [ 533.771038][T13076] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.771054][T13076] ? clear_bhb_loop+0x40/0x90 [ 533.771073][T13076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.771089][T13076] RIP: 0033:0x7f842459c799 [ 533.771104][T13076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 533.771118][T13076] RSP: 002b:00007f84253e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 533.771135][T13076] RAX: ffffffffffffffda RBX: 00007f8424815fa0 RCX: 00007f842459c799 [ 533.771146][T13076] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000 [ 533.771156][T13076] RBP: 00007f84253e5090 R08: 0000000000000000 R09: 0000000000000000 [ 533.771166][T13076] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 533.771175][T13076] R13: 00007f8424816038 R14: 00007f8424815fa0 R15: 00007f842493fa48 [ 533.771199][T13076] [ 534.788798][T13066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2092'. [ 534.981400][T13086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 534.999696][T13086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 535.807392][T13094] PKCS8: Unsupported PKCS#8 version [ 536.057745][T13102] loop2: detected capacity change from 0 to 7 [ 536.092458][T13102] Dev loop2: unable to read RDB block 7 [ 536.426024][T13102] loop2: unable to read partition table [ 536.436219][T13102] loop2: partition table beyond EOD, truncated [ 536.457309][T13102] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 537.281204][T11426] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 537.335100][T11426] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 537.365637][T11426] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 537.406407][T11426] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71 [ 537.416618][ T5913] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 537.466323][T11426] usb 5-1: USB disconnect, device number 68 [ 537.599443][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 537.636013][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 537.688164][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 537.729676][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 537.755845][ T5913] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 537.768642][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.777137][ T5913] usb 2-1: Product: syz [ 537.781351][ T5913] usb 2-1: Manufacturer: syz [ 537.786399][ T5913] usb 2-1: SerialNumber: syz [ 537.803987][ T5913] usb 2-1: config 0 descriptor?? [ 537.815669][ T5913] iguanair 2-1:0.0: failed to get version [ 537.827663][ T5913] iguanair 2-1:0.0: probe with driver iguanair failed with error -90 [ 538.072216][T13125] netlink: 71 bytes leftover after parsing attributes in process `syz.2.2113'. [ 538.105208][T13125] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2113'. [ 539.356478][T13150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 539.388822][T13150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 539.409518][ T5915] usb 2-1: USB disconnect, device number 63 [ 540.430094][T13170] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2126'. [ 540.694617][T13177] FAULT_INJECTION: forcing a failure. [ 540.694617][T13177] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 540.711842][T13177] CPU: 1 UID: 0 PID: 13177 Comm: syz.2.2128 Tainted: G L syzkaller #0 PREEMPT(full) [ 540.711879][T13177] Tainted: [L]=SOFTLOCKUP [ 540.711888][T13177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 540.711902][T13177] Call Trace: [ 540.711912][T13177] [ 540.711922][T13177] dump_stack_lvl+0xe8/0x150 [ 540.711962][T13177] should_fail_ex+0x412/0x560 [ 540.711996][T13177] _copy_to_user+0x31/0xb0 [ 540.712034][T13177] simple_read_from_buffer+0xe1/0x170 [ 540.712073][T13177] proc_fail_nth_read+0x1bb/0x230 [ 540.712109][T13177] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 540.712145][T13177] ? rw_verify_area+0x2a6/0x4d0 [ 540.712169][T13177] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 540.712203][T13177] vfs_read+0x20c/0xa70 [ 540.712225][T13177] ? fdget_pos+0x246/0x320 [ 540.712264][T13177] ? __pfx___mutex_lock+0x10/0x10 [ 540.712289][T13177] ? __pfx_vfs_read+0x10/0x10 [ 540.712315][T13177] ? __fget_files+0x2a/0x420 [ 540.712353][T13177] ? __fget_files+0x3a0/0x420 [ 540.712384][T13177] ? __fget_files+0x2a/0x420 [ 540.712427][T13177] ksys_read+0x150/0x270 [ 540.712454][T13177] ? __pfx_ksys_read+0x10/0x10 [ 540.712489][T13177] do_syscall_64+0x14d/0xf80 [ 540.712523][T13177] ? trace_irq_disable+0x3b/0x150 [ 540.712556][T13177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.712579][T13177] ? clear_bhb_loop+0x40/0x90 [ 540.712607][T13177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.712630][T13177] RIP: 0033:0x7f03f655cfce [ 540.712651][T13177] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 540.712672][T13177] RSP: 002b:00007f03f74aafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 540.712696][T13177] RAX: ffffffffffffffda RBX: 00007f03f74ab6c0 RCX: 00007f03f655cfce [ 540.712713][T13177] RDX: 000000000000000f RSI: 00007f03f74ab0a0 RDI: 0000000000000011 [ 540.712728][T13177] RBP: 00007f03f74ab090 R08: 0000000000000000 R09: 0000000000000000 [ 540.712743][T13177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 540.712756][T13177] R13: 00007f03f6816038 R14: 00007f03f6815fa0 R15: 00007f03f693fa48 [ 540.712791][T13177] [ 542.059795][T13197] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 542.226950][ T5823] usb 5-1: new full-speed USB device number 69 using dummy_hcd [ 542.289516][T13198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2135'. [ 542.298521][T13198] netlink: 'syz.2.2135': attribute type 30 has an invalid length. [ 542.394568][T13198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2135'. [ 542.414426][T13198] netlink: 'syz.2.2135': attribute type 30 has an invalid length. [ 542.426750][ T5823] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 542.454618][ T5823] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 542.662753][ T5823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 542.685299][ T5823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 542.699775][ T5823] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 542.717301][ T5823] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 542.726807][ T5823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 542.800626][ T5823] usb 5-1: Product: syz [ 542.836038][ T5823] usb 5-1: Manufacturer: syz [ 542.840720][ T5823] usb 5-1: SerialNumber: syz [ 542.858699][ T5823] usb 5-1: config 0 descriptor?? [ 543.093399][ T5823] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 543.100320][ T5823] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 543.173431][T13216] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2142'. [ 543.198535][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 543.198555][ T29] audit: type=1326 audit(1772775671.126:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.293624][ T5823] radio-si470x 5-1:0.0: software version 0, hardware version 0 [ 543.327419][ T5823] radio-si470x 5-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 543.352660][ T29] audit: type=1326 audit(1772775671.136:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.441337][ T29] audit: type=1326 audit(1772775671.136:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.473881][ T5823] radio-si470x 5-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 543.487920][ T29] audit: type=1326 audit(1772775671.136:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.513355][ T29] audit: type=1326 audit(1772775671.136:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.513457][ T5823] radio-si470x 5-1:0.0: submitting int urb failed (-90) [ 543.557145][ T29] audit: type=1326 audit(1772775671.186:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.604790][ T29] audit: type=1326 audit(1772775671.296:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.714627][ T29] audit: type=1326 audit(1772775671.296:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13210 comm="syz.2.2141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f659c799 code=0x7ffc0000 [ 543.922460][T13193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 543.937875][T13193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 543.979116][ T5823] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 543.987815][ T5823] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22 [ 544.091740][ T5823] usb 5-1: USB disconnect, device number 69 [ 544.173781][T13228] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 544.475974][T13234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 544.565793][T13238] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2148'. [ 544.625583][T13238] ip6gretap0: entered promiscuous mode [ 544.657182][T13238] macvtap1: entered promiscuous mode [ 544.662744][T13238] macvtap1: entered allmulticast mode [ 544.706349][T13238] ip6gretap0: entered allmulticast mode [ 544.895144][T13251] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 545.040172][T13255] IPVS: Error connecting to the multicast addr [ 545.187204][T13256] openvswitch: netlink: VXLAN extension 1 has unexpected len 16 expected 4 [ 546.622838][T13276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 547.485935][ T29] audit: type=1326 audit(1772775675.326:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13284 comm="syz.5.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 547.532523][ T29] audit: type=1326 audit(1772775675.336:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13284 comm="syz.5.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 548.366632][T13303] openvswitch: netlink: ct_state flags 2c1414ac unsupported [ 548.776030][ T5915] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 548.937049][ T5915] usb 1-1: Using ep0 maxpacket: 32 [ 548.968063][ T5915] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 549.000135][ T5915] usb 1-1: config 0 has no interface number 0 [ 549.023074][ T5915] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 549.063613][ T5915] usb 1-1: config 0 interface 89 has no altsetting 0 [ 549.086308][ T5915] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 549.096204][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.104837][ T5915] usb 1-1: Product: syz [ 549.109617][ T5915] usb 1-1: Manufacturer: syz [ 549.114253][ T5915] usb 1-1: SerialNumber: syz [ 549.137105][ T3094] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 549.141888][ T5915] usb 1-1: config 0 descriptor?? [ 549.157624][ T5915] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 549.167372][ T5915] em28xx 1-1:0.89: Video interface 89 found: [ 549.386725][ T3094] usb 5-1: config 0 has no interfaces? [ 549.397997][ T3094] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 549.416048][ T3094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.424115][ T3094] usb 5-1: Product: syz [ 549.431750][T13315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 549.455981][ T3094] usb 5-1: Manufacturer: syz [ 549.460656][ T3094] usb 5-1: SerialNumber: syz [ 549.466776][T13315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 549.498415][ T3094] usb 5-1: config 0 descriptor?? [ 549.645362][T13320] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2171'. [ 549.654996][T13320] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2171'. [ 549.756925][ T5915] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 549.782022][T12242] usb 5-1: USB disconnect, device number 70 [ 550.139726][T13328] 0: reclassify loop, rule prio 0, protocol 700 [ 550.636042][T12242] usb 5-1: new low-speed USB device number 71 using dummy_hcd [ 550.697317][T11426] hid_parser_main: 28 callbacks suppressed [ 550.697437][T11426] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 550.740942][T11426] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz1] on syz0 [ 550.786595][ T5893] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 550.799339][ T5915] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 550.815995][T12242] usb 5-1: Invalid ep0 maxpacket: 64 [ 550.824568][ T5915] em28xx 1-1:0.89: board has no eeprom [ 550.913222][T13339] fido_id[13339]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 550.927022][ T5915] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 550.934382][ T5915] em28xx 1-1:0.89: analog set to bulk mode. [ 550.946146][T12242] usb 5-1: new low-speed USB device number 72 using dummy_hcd [ 550.954483][ T42] em28xx 1-1:0.89: Registering V4L2 extension [ 550.962750][ T5893] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 550.987068][ T5915] usb 1-1: USB disconnect, device number 70 [ 551.017591][ T5893] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 551.047154][ T5915] em28xx 1-1:0.89: Disconnecting em28xx [ 551.073207][ T5893] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 551.100899][ T5893] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 551.119238][ T5893] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 551.130643][ T42] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 551.138020][ T42] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 551.145172][ T42] em28xx 1-1:0.89: No AC97 audio processor [ 551.159372][ T5893] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 551.168635][T12242] usb 5-1: Invalid ep0 maxpacket: 64 [ 551.179157][T12242] usb usb5-port1: attempt power cycle [ 551.188818][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 551.197906][ T42] usb 1-1: Decoder not found [ 551.210378][ T42] em28xx 1-1:0.89: failed to create media graph [ 551.217628][ T5893] usb 6-1: Product: syz [ 551.221963][ T5893] usb 6-1: Manufacturer: syz [ 551.227153][ T42] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 551.240840][ T5893] cdc_wdm 6-1:1.0: skipping garbage [ 551.254101][ T5893] cdc_wdm 6-1:1.0: skipping garbage [ 551.262057][ T42] em28xx 1-1:0.89: Registering snapshot button... [ 551.272484][ T5893] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 551.284895][ T42] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input38 [ 551.295604][ T5893] cdc_wdm 6-1:1.0: Unknown control protocol [ 551.315159][ T42] em28xx 1-1:0.89: Remote control support is not available for this card. [ 551.328175][ T5915] em28xx 1-1:0.89: Closing input extension [ 551.343066][ T5915] em28xx 1-1:0.89: Deregistering snapshot button [ 551.425730][ T5915] em28xx 1-1:0.89: Freeing device [ 551.475838][ T3094] usb 6-1: USB disconnect, device number 44 [ 551.548843][T12242] usb 5-1: new low-speed USB device number 73 using dummy_hcd [ 551.580603][T12242] usb 5-1: Invalid ep0 maxpacket: 64 [ 551.725974][T12242] usb 5-1: new low-speed USB device number 74 using dummy_hcd [ 551.798095][T12242] usb 5-1: Invalid ep0 maxpacket: 64 [ 552.419182][T12242] usb usb5-port1: unable to enumerate USB device [ 552.681268][T13369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2184'. [ 552.690333][T13369] openvswitch: netlink: Invalid VLAN frame [ 553.253059][T13374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.279341][T13374] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.058925][T12242] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 554.244360][T12242] usb 5-1: config 0 has an invalid interface number: 175 but max is 0 [ 554.252856][T12242] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 554.289400][T12242] usb 5-1: config 0 has no interface number 0 [ 554.344963][T12242] usb 5-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 554.378365][T12242] usb 5-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 554.411428][T12242] usb 5-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 554.471898][T12242] usb 5-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16 [ 554.484445][T13393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 554.548154][T12242] usb 5-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b [ 554.568341][T12242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.590148][T12242] usb 5-1: Product: syz [ 554.605129][T13393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.609626][T12242] usb 5-1: Manufacturer: syz [ 554.648635][T12242] usb 5-1: SerialNumber: syz [ 554.679971][T12242] usb 5-1: config 0 descriptor?? [ 554.706173][T13393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 554.730550][T12242] symbolserial 5-1:0.175: symbol converter detected [ 554.762681][T12242] usb 5-1: symbol converter now attached to ttyUSB0 [ 554.787336][T13393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.911453][T12242] usb 5-1: USB disconnect, device number 75 [ 554.922989][T12242] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0 [ 554.958500][T12242] symbolserial 5-1:0.175: device disconnected [ 555.105983][ T10] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 555.427821][ T10] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 555.437871][ T10] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 555.476861][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 555.516074][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 555.533362][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 555.555613][ T10] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 555.587636][ T10] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 555.600642][ T10] usb 2-1: Product: syz [ 555.605004][ T10] usb 2-1: Manufacturer: syz [ 555.628565][ T10] cdc_wdm 2-1:1.0: skipping garbage [ 555.639551][ T10] cdc_wdm 2-1:1.0: skipping garbage [ 555.647628][ T10] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 555.653581][ T10] cdc_wdm 2-1:1.0: Unknown control protocol [ 555.844974][T12242] usb 2-1: USB disconnect, device number 64 [ 556.030377][T13407] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2198'. [ 558.713186][T12242] usb 5-1: new full-speed USB device number 76 using dummy_hcd [ 558.836081][ T5915] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 558.875973][T12242] usb 5-1: device descriptor read/64, error -71 [ 559.025099][ T5915] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 559.034760][ T5915] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 559.061902][ T5915] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 559.232447][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 559.246556][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 559.262571][ T5915] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 559.273973][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 559.297139][T12242] usb 5-1: new full-speed USB device number 77 using dummy_hcd [ 559.309975][T13459] FAULT_INJECTION: forcing a failure. [ 559.309975][T13459] name failslab, interval 1, probability 0, space 0, times 0 [ 559.376004][ T5915] usb 1-1: Product: syz [ 559.380358][ T5915] usb 1-1: Manufacturer: syz [ 559.386865][T13459] CPU: 1 UID: 0 PID: 13459 Comm: syz.5.2213 Tainted: G L syzkaller #0 PREEMPT(full) [ 559.386897][T13459] Tainted: [L]=SOFTLOCKUP [ 559.386905][T13459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 559.386918][T13459] Call Trace: [ 559.386927][T13459] [ 559.386938][T13459] dump_stack_lvl+0xe8/0x150 [ 559.386976][T13459] should_fail_ex+0x412/0x560 [ 559.387020][T13459] should_failslab+0xa8/0x100 [ 559.387055][T13459] __kmalloc_noprof+0xe8/0x760 [ 559.387081][T13459] ? kernfs_fop_write_iter+0x158/0x540 [ 559.387115][T13459] kernfs_fop_write_iter+0x158/0x540 [ 559.387148][T13459] vfs_write+0x61d/0xb90 [ 559.387183][T13459] ? __pfx_vfs_write+0x10/0x10 [ 559.387219][T13459] ? __fget_files+0x2a/0x420 [ 559.387261][T13459] ksys_write+0x150/0x270 [ 559.387288][T13459] ? __pfx_ksys_write+0x10/0x10 [ 559.387325][T13459] do_syscall_64+0x14d/0xf80 [ 559.387360][T13459] ? trace_irq_disable+0x3b/0x150 [ 559.387394][T13459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.387418][T13459] ? clear_bhb_loop+0x40/0x90 [ 559.387446][T13459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.387469][T13459] RIP: 0033:0x7f317039c799 [ 559.387490][T13459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.387511][T13459] RSP: 002b:00007f31711ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 559.387535][T13459] RAX: ffffffffffffffda RBX: 00007f3170615fa0 RCX: 00007f317039c799 [ 559.387552][T13459] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000006 [ 559.387566][T13459] RBP: 00007f31711ef090 R08: 0000000000000000 R09: 0000000000000000 [ 559.387581][T13459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 559.387595][T13459] R13: 00007f3170616038 R14: 00007f3170615fa0 R15: 00007f317073fa48 [ 559.387630][T13459] [ 559.650775][T12242] usb 5-1: device descriptor read/64, error -71 [ 559.786660][T12242] usb usb5-port1: attempt power cycle [ 559.932193][ T5915] cdc_wdm 1-1:1.0: skipping garbage [ 559.946004][ T5915] cdc_wdm 1-1:1.0: skipping garbage [ 560.045131][ T5915] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 560.051400][ T5915] cdc_wdm 1-1:1.0: Unknown control protocol [ 560.062552][T13462] binder: 13460:13462 unknown command 0 [ 560.086427][T13462] binder: 13460:13462 ioctl c0306201 200000000080 returned -22 [ 560.139387][ T5915] usb 1-1: USB disconnect, device number 71 [ 560.146343][T12242] usb 5-1: new full-speed USB device number 78 using dummy_hcd [ 560.167330][T12242] usb 5-1: device descriptor read/8, error -71 [ 560.407990][T12242] usb 5-1: new full-speed USB device number 79 using dummy_hcd [ 560.446798][T12242] usb 5-1: device descriptor read/8, error -71 [ 560.556651][T12242] usb usb5-port1: unable to enumerate USB device [ 561.275348][T13484] fuse: Bad value for 'rootmode' [ 561.816025][ T3094] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 562.135979][ T10] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 562.147944][ T3094] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 562.335065][ T3094] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 562.410179][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 562.945957][ T3094] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 562.986044][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 562.988165][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.016176][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.076044][ T3094] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.147842][ T10] usb 6-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=c2.d1 [ 563.184629][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.205444][ T3094] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 563.240559][ T10] usb 6-1: Product: syz [ 563.246092][ T3094] usb 1-1: invalid MIDI out EP 0 [ 563.252502][ T10] usb 6-1: Manufacturer: syz [ 563.276045][ T10] usb 6-1: SerialNumber: syz [ 563.306727][ T10] usb 6-1: config 0 descriptor?? [ 563.453635][ T10] imon_raw 6-1:0.0: IR endpoint missing [ 564.205107][ T3094] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 564.239848][ T3094] usb 1-1: USB disconnect, device number 72 [ 564.257346][T13511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 564.298398][T13511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 564.609332][ T5915] usb 6-1: USB disconnect, device number 45 [ 565.130117][T13523] xt_cgroup: invalid path, errno=-2 [ 565.681546][T13539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 565.697537][T13539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.089728][T13545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.100852][T13545] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.234622][T13545] xt_TCPMSS: Only works on TCP SYN packets [ 567.415957][ T10] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 567.913258][ T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 567.953056][ T10] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 567.964711][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 567.974448][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 568.010322][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 568.033731][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 568.046177][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 568.064811][ T10] usb 1-1: Product: syz [ 568.069472][ T10] usb 1-1: Manufacturer: syz [ 568.085401][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 568.097418][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 568.120007][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 568.132117][ T10] cdc_wdm 1-1:1.0: Unknown control protocol [ 568.302192][T12242] usb 1-1: USB disconnect, device number 73 [ 569.565249][T13607] FAULT_INJECTION: forcing a failure. [ 569.565249][T13607] name failslab, interval 1, probability 0, space 0, times 0 [ 569.614898][T13607] CPU: 0 UID: 0 PID: 13607 Comm: syz.0.2255 Tainted: G L syzkaller #0 PREEMPT(full) [ 569.614933][T13607] Tainted: [L]=SOFTLOCKUP [ 569.614942][T13607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 569.614957][T13607] Call Trace: [ 569.614966][T13607] [ 569.614977][T13607] dump_stack_lvl+0xe8/0x150 [ 569.615016][T13607] should_fail_ex+0x412/0x560 [ 569.615051][T13607] should_failslab+0xa8/0x100 [ 569.615081][T13607] __kmalloc_noprof+0xe8/0x760 [ 569.615103][T13607] ? percpu_ref_get_many+0x18c/0x1e0 [ 569.615133][T13607] ? io_cache_alloc_new+0x40/0x100 [ 569.615158][T13607] io_cache_alloc_new+0x40/0x100 [ 569.615180][T13607] io_msg_alloc_async+0x212/0x380 [ 569.615202][T13607] io_sendmsg_prep+0x344/0x5f0 [ 569.615226][T13607] io_submit_sqes+0xb35/0x2370 [ 569.615272][T13607] __se_sys_io_uring_enter+0x2cc/0x18c0 [ 569.615298][T13607] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 569.615318][T13607] ? __fget_files+0x3a0/0x420 [ 569.615345][T13607] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 569.615368][T13607] ? fput+0xa0/0xd0 [ 569.615391][T13607] ? ksys_write+0x242/0x270 [ 569.615409][T13607] ? __pfx_ksys_write+0x10/0x10 [ 569.615429][T13607] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 569.615455][T13607] do_syscall_64+0x14d/0xf80 [ 569.615478][T13607] ? trace_irq_disable+0x3b/0x150 [ 569.615502][T13607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.615518][T13607] ? clear_bhb_loop+0x40/0x90 [ 569.615537][T13607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.615553][T13607] RIP: 0033:0x7f842459c799 [ 569.615568][T13607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.615587][T13607] RSP: 002b:00007f84253e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 569.615605][T13607] RAX: ffffffffffffffda RBX: 00007f8424815fa0 RCX: 00007f842459c799 [ 569.615616][T13607] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000005 [ 569.615626][T13607] RBP: 00007f84253e5090 R08: 0000000000000000 R09: 0000000000000000 [ 569.615636][T13607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.615649][T13607] R13: 00007f8424816038 R14: 00007f8424815fa0 R15: 00007f842493fa48 [ 569.615673][T13607] [ 570.716807][ T10] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 570.726057][T13620] loop2: detected capacity change from 0 to 7 [ 570.767928][T13620] Dev loop2: unable to read RDB block 7 [ 570.809780][T13620] loop2: AHDI p1 p2 p3 [ 570.827889][T13620] loop2: partition table partially beyond EOD, truncated [ 570.886028][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 570.893681][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 570.915005][T13620] loop2: p1 start 1818582900 is beyond EOD, truncated [ 570.923934][ T10] usb 1-1: config 102 has an invalid interface number: 21 but max is 0 [ 570.942901][T13620] loop2: p3 start 335544320 is beyond EOD, truncated [ 570.951428][ T10] usb 1-1: config 102 has an invalid descriptor of length 0, skipping remainder of the config [ 571.008149][ T10] usb 1-1: config 102 has no interface number 0 [ 571.035088][ T10] usb 1-1: config 102 interface 21 has no altsetting 0 [ 571.089891][ T10] usb 1-1: New USB device found, idVendor=0421, idProduct=02e3, bcdDevice=e8.e7 [ 571.118948][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.162597][ T10] usb 1-1: Product: syz [ 571.170381][ T10] usb 1-1: Manufacturer: syz [ 571.209467][ T10] usb 1-1: SerialNumber: syz [ 571.936464][ T5823] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 571.990428][ T10] usb 1-1: bad CDC descriptors [ 572.011937][ T10] usb 1-1: USB disconnect, device number 74 [ 572.109409][ T5823] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 572.119656][ T5823] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 572.134240][ T5823] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 572.144091][ T5823] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 572.181993][ T5823] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 572.195300][ T5823] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 572.205161][ T5823] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 572.222009][ T5823] usb 2-1: Product: syz [ 572.230156][ T5823] usb 2-1: Manufacturer: syz [ 572.261032][ T5823] cdc_wdm 2-1:1.0: skipping garbage [ 572.270193][ T5823] cdc_wdm 2-1:1.0: skipping garbage [ 572.282030][ T5823] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 572.289017][ T5823] cdc_wdm 2-1:1.0: Unknown control protocol [ 572.477239][ T5823] usb 2-1: USB disconnect, device number 65 [ 573.453084][T13633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2262'. [ 573.643601][ T5915] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 573.908473][ T5915] usb 2-1: Using ep0 maxpacket: 32 [ 573.934502][ T5915] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 573.976119][ T5915] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 573.991366][ T5915] usb 2-1: config 0 interface 0 has no altsetting 0 [ 574.011894][ T5915] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 574.031191][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.103107][ T5915] usb 2-1: Product: syz [ 574.142879][ T5915] usb 2-1: Manufacturer: syz [ 574.191922][ T5915] usb 2-1: SerialNumber: syz [ 574.233560][ T5915] usb 2-1: config 0 descriptor?? [ 574.668869][T13663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.718434][T13665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.734868][T13663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.765168][T13665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.834844][T13670] ±ÿ: renamed from bond_slave_0 (while UP) [ 574.848696][ T5915] gs_usb 2-1:0.0: Couldn't get device config: (err=-71) [ 574.859413][ T5915] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 574.894545][ T5915] usb 2-1: USB disconnect, device number 66 [ 575.317879][T13677] netlink: 'syz.4.2271': attribute type 1 has an invalid length. [ 575.455996][ T10] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 575.798819][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 575.839823][ T10] usb 6-1: config 0 has no interfaces? [ 575.864183][ T10] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 575.883484][ T10] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 575.891951][ T5823] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 575.913304][ T10] usb 6-1: Manufacturer: syz [ 575.937285][ T10] usb 6-1: config 0 descriptor?? [ 576.048408][ T5823] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 576.057334][ T5823] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 576.068647][ T5823] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 576.083455][ T5823] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.116388][ T5823] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 576.125695][ T5823] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 576.134128][ T5823] usb 1-1: Product: syz [ 576.139761][ T5823] usb 1-1: Manufacturer: syz [ 576.160890][ T5823] cdc_wdm 1-1:1.0: skipping garbage [ 576.174150][ T5823] cdc_wdm 1-1:1.0: skipping garbage [ 576.300757][ T5823] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 576.350725][ T5823] cdc_wdm 1-1:1.0: Unknown control protocol [ 576.378868][ T5823] usb 1-1: USB disconnect, device number 75 [ 576.886367][ T5823] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 577.051021][ T5823] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 577.060509][ T5823] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 577.073457][ T5823] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 577.084092][ T5823] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.147652][ T5823] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 577.159008][ T5823] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 577.170308][ T5823] usb 1-1: Product: syz [ 577.174825][ T5823] usb 1-1: Manufacturer: syz [ 577.195560][ T5823] cdc_wdm 1-1:1.0: skipping garbage [ 577.205678][ T5823] cdc_wdm 1-1:1.0: skipping garbage [ 577.231086][ T5823] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 577.255486][ T5823] cdc_wdm 1-1:1.0: Unknown control protocol [ 577.691783][T13697] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2277'. [ 577.914318][T13701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.925528][T13701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 578.214477][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 578.221160][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 578.227630][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 578.233895][ T5823] usb 1-1: USB disconnect, device number 76 [ 578.234273][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 578.246258][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 578.345779][ T5893] usb 6-1: USB disconnect, device number 46 [ 578.823427][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 578.823450][ T29] audit: type=1326 audit(1772775706.726:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 578.857994][T13716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 579.041842][T13716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 579.144262][ T29] audit: type=1326 audit(1772775706.736:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.230556][ T29] audit: type=1326 audit(1772775706.736:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.266099][ T5913] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 579.305163][ T29] audit: type=1326 audit(1772775706.736:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.503278][ T29] audit: type=1326 audit(1772775706.736:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.526068][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 579.561551][ T5913] usb 2-1: config 0 has an invalid descriptor of length 79, skipping remainder of the config [ 579.576043][ T5913] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 579.616278][ T29] audit: type=1326 audit(1772775706.736:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.666096][ T5913] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 579.675227][ T5913] usb 2-1: New USB device strings: Mfr=255, Product=1, SerialNumber=3 [ 579.735972][ T5913] usb 2-1: Product: syz [ 579.740197][ T5913] usb 2-1: Manufacturer: syz [ 579.744789][ T5913] usb 2-1: SerialNumber: syz [ 579.775969][ T29] audit: type=1326 audit(1772775706.736:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.816913][ T5913] usb 2-1: config 0 descriptor?? [ 579.855984][ T29] audit: type=1326 audit(1772775706.736:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 579.936346][ T29] audit: type=1326 audit(1772775706.736:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 580.026024][ T29] audit: type=1326 audit(1772775706.736:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13710 comm="syz.5.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 580.135734][T13727] netlink: 'syz.1.2282': attribute type 10 has an invalid length. [ 580.144928][T13718] netlink: 'syz.1.2282': attribute type 10 has an invalid length. [ 580.261331][T13727] .`: (slave dummy0): Enslaving as an active interface with an up link [ 580.377219][ T5913] usb 2-1: USB disconnect, device number 67 [ 581.756645][T13740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2284'. [ 581.765597][T13740] openvswitch: netlink: Invalid VLAN frame [ 582.367327][ T5913] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 582.506087][ T5823] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 582.545761][ T5913] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 582.625096][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.662320][ T5913] usb 6-1: Product: syz [ 582.733385][ T5823] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.750507][ T5913] usb 6-1: Manufacturer: syz [ 582.812622][ T5913] usb 6-1: SerialNumber: syz [ 582.832882][ T5823] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 582.894283][ T5913] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 582.912331][ T5823] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 582.936185][ T5823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.936219][ T5823] usb 5-1: Product: syz [ 582.967397][ T3094] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 583.031124][ T5823] usb 5-1: Manufacturer: syz [ 583.052747][ T5823] usb 5-1: SerialNumber: syz [ 583.081180][ T5823] cdc_ncm 5-1:1.0: skipping garbage [ 583.096050][ T5823] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 583.112281][ T5823] cdc_ncm 5-1:1.0: bind() failure [ 583.172259][ T5823] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 583.259562][ T5823] cdc_ncm 5-1:1.1: bind() failure [ 583.396700][ T5823] usb 6-1: USB disconnect, device number 47 [ 584.085997][ T3094] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 584.095149][ T3094] ath9k_htc: Failed to initialize the device [ 584.105350][ T5823] usb 6-1: ath9k_htc: USB layer deinitialized [ 584.455965][ T5823] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 584.626080][ T5913] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 584.642187][ T5823] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 584.661336][ T5823] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.840473][ T5823] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 584.849721][ T5823] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 584.871938][T13771] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2293'. [ 584.880980][T13771] openvswitch: netlink: Invalid VLAN frame [ 584.940388][ T5823] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 584.952029][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 584.963370][ T5913] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 584.971709][ T5913] usb 2-1: config 0 has no interface number 0 [ 585.177377][ T5913] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 585.186757][ T5823] usb 6-1: Product: syz [ 585.191080][ T5823] usb 6-1: Manufacturer: syz [ 585.195821][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.211868][ T5823] cdc_wdm 6-1:1.0: skipping garbage [ 585.223717][ T5823] cdc_wdm 6-1:1.0: skipping garbage [ 585.231719][ T5913] usb 2-1: config 0 descriptor?? [ 585.247647][ T5913] usb 2-1: selecting invalid altsetting 1 [ 585.253922][ T5823] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 585.268430][ T5823] cdc_wdm 6-1:1.0: Unknown control protocol [ 585.277417][ T5913] dvb_ttusb_budget: ttusb_init_controller: error [ 585.291330][ T5913] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 585.417127][ T5823] usb 6-1: USB disconnect, device number 48 [ 585.481961][ T5913] DVB: Unable to find symbol cx22700_attach() [ 585.502506][T13774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 585.516885][T13774] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 585.587271][ T5913] DVB: Unable to find symbol tda10046_attach() [ 585.685300][ T5893] usb 5-1: USB disconnect, device number 80 [ 585.701833][ T5913] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 585.768359][ T5913] usb 2-1: USB disconnect, device number 68 [ 585.839027][T13776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2297'. [ 585.856628][T13776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2297'. [ 585.885232][T13776] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2297'. [ 585.926352][ T5823] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 585.971493][T13781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2298'. [ 586.023901][T13782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.033201][T13782] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.090179][ T5823] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 586.099159][ T5823] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 586.109755][ T5823] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 586.118915][ T5823] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.131337][ T5823] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 586.140817][ T5823] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 586.148864][ T5823] usb 6-1: Product: syz [ 586.153121][ T5823] usb 6-1: Manufacturer: syz [ 586.163884][ T5823] cdc_wdm 6-1:1.0: skipping garbage [ 586.169914][ T5823] cdc_wdm 6-1:1.0: skipping garbage [ 586.177272][ T5823] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 586.183252][ T5823] cdc_wdm 6-1:1.0: Unknown control protocol [ 586.883328][T13794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.895810][T13794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 587.175114][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 587.181790][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 587.190581][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 587.197204][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 587.203539][ T5823] usb 6-1: USB disconnect, device number 49 [ 587.209563][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 587.209581][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 587.209593][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 587.890059][T13808] netlink: 'syz.2.2305': attribute type 1 has an invalid length. [ 587.933255][T13808] bond2: entered promiscuous mode [ 587.991001][T13808] bond2: entered allmulticast mode [ 588.032543][T13808] 8021q: adding VLAN 0 to HW filter on device bond2 [ 588.944515][T13841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.954057][T13841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.313998][T13850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2317'. [ 589.971936][T13860] FAULT_INJECTION: forcing a failure. [ 589.971936][T13860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 590.005988][T13860] CPU: 0 UID: 0 PID: 13860 Comm: syz.4.2319 Tainted: G L syzkaller #0 PREEMPT(full) [ 590.006024][T13860] Tainted: [L]=SOFTLOCKUP [ 590.006032][T13860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 590.006045][T13860] Call Trace: [ 590.006053][T13860] [ 590.006063][T13860] dump_stack_lvl+0xe8/0x150 [ 590.006100][T13860] should_fail_ex+0x412/0x560 [ 590.006134][T13860] _copy_from_user+0x2d/0xb0 [ 590.006168][T13860] ___sys_sendmsg+0x1c6/0x360 [ 590.006196][T13860] ? __pfx____sys_sendmsg+0x10/0x10 [ 590.006252][T13860] ? __fget_files+0x2a/0x420 [ 590.006283][T13860] ? __fget_files+0x3a0/0x420 [ 590.006333][T13860] __x64_sys_sendmsg+0x1bd/0x2a0 [ 590.006359][T13860] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 590.006388][T13860] ? __pfx_ksys_write+0x10/0x10 [ 590.006426][T13860] do_syscall_64+0x14d/0xf80 [ 590.006449][T13860] ? trace_irq_disable+0x3b/0x150 [ 590.006472][T13860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.006488][T13860] ? clear_bhb_loop+0x40/0x90 [ 590.006506][T13860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.006521][T13860] RIP: 0033:0x7f73dfb9c799 [ 590.006537][T13860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 590.006550][T13860] RSP: 002b:00007f73e0b01028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.006567][T13860] RAX: ffffffffffffffda RBX: 00007f73dfe15fa0 RCX: 00007f73dfb9c799 [ 590.006581][T13860] RDX: 0000000020000000 RSI: 00002000000035c0 RDI: 0000000000000003 [ 590.006591][T13860] RBP: 00007f73e0b01090 R08: 0000000000000000 R09: 0000000000000000 [ 590.006601][T13860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.006611][T13860] R13: 00007f73dfe16038 R14: 00007f73dfe15fa0 R15: 00007f73dff3fa48 [ 590.006634][T13860] [ 591.066126][ T5913] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 591.227677][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.241928][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.281164][ T5913] usb 5-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.ba [ 591.296744][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.440704][ T5913] usb 5-1: config 0 descriptor?? [ 591.649888][T13865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.666229][T13865] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 591.717884][T13865] atomic_op ffff8880799ad198 conn xmit_atomic 0000000000000000 [ 591.940633][ T5913] stadia 0003:18D1:9400.0011: unknown main item tag 0x7 [ 592.045013][ T5913] stadia 0003:18D1:9400.0011: item fetching failed at offset 1/5 [ 592.073410][ T5913] stadia 0003:18D1:9400.0011: parse failed [ 592.084158][ T5913] stadia 0003:18D1:9400.0011: probe with driver stadia failed with error -22 [ 592.380453][ T5913] usb 5-1: USB disconnect, device number 81 [ 592.574222][T13883] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2327'. [ 592.626376][T12242] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 592.836975][T12242] usb 2-1: Using ep0 maxpacket: 32 [ 592.971154][T12242] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 592.999461][T12242] usb 2-1: config 0 has no interface number 0 [ 593.016373][T12242] usb 2-1: config 0 interface 184 has no altsetting 0 [ 593.157132][T12242] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 593.172050][T12242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.199494][T12242] usb 2-1: Product: syz [ 593.257050][T12242] usb 2-1: Manufacturer: syz [ 593.275520][T12242] usb 2-1: SerialNumber: syz [ 593.353032][T12242] usb 2-1: config 0 descriptor?? [ 593.821199][T13881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2326'. [ 595.075089][T13913] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 595.377523][T12242] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 595.411221][T13918] .30ªX¹¦D: left allmulticast mode [ 595.420027][T12242] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 595.439610][T12242] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 595.496043][T13918] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 595.505349][T13918] syzkaller0: left allmulticast mode [ 595.516673][T13918] ip6tnl1: left allmulticast mode [ 595.523753][T13918] bond1: left allmulticast mode [ 595.528969][T13918] bond2: left allmulticast mode [ 595.548094][T12242] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 595.598946][T12242] usb 2-1: USB disconnect, device number 69 [ 596.595548][T13931] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2339'. [ 596.666008][T13931] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2339'. [ 596.675502][T13931] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2339'. [ 596.887027][ T10] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 597.175968][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 597.182882][ T10] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 597.202709][ T10] usb 6-1: config 0 has no interface number 0 [ 597.279567][ T10] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 597.320624][ T10] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 597.339695][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.397700][ T10] usb 6-1: Product: syz [ 597.591397][ T10] usb 6-1: Manufacturer: syz [ 597.608686][ T10] usb 6-1: SerialNumber: syz [ 597.629504][ T10] usb 6-1: config 0 descriptor?? [ 597.651943][ T10] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 597.703236][ T10] em28xx 6-1:0.132: Video interface 132 found: [ 597.906796][ T10] em28xx 6-1:0.132: unknown em28xx chip ID (0) [ 597.970443][ T10] em28xx 6-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 598.017442][ T10] em28xx 6-1:0.132: board has no eeprom [ 598.076042][ T10] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 598.084249][ T10] em28xx 6-1:0.132: analog set to bulk mode. [ 598.184642][ T9] em28xx 6-1:0.132: Registering V4L2 extension [ 598.217400][ T10] usb 6-1: USB disconnect, device number 50 [ 598.287900][ T10] em28xx 6-1:0.132: Disconnecting em28xx [ 598.766214][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 598.766235][ T29] audit: type=1326 audit(1772775726.686:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 598.937920][T13956] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2344'. [ 599.087168][ T29] audit: type=1326 audit(1772775726.686:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 599.198589][ T9] em28xx 6-1:0.132: Config register raw data: 0xffffffed [ 599.252643][ T9] em28xx 6-1:0.132: AC97 chip type couldn't be determined [ 599.308443][ T29] audit: type=1326 audit(1772775726.686:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 599.331090][ T9] em28xx 6-1:0.132: No AC97 audio processor [ 599.350437][ T9] usb 6-1: Decoder not found [ 599.365632][ T9] em28xx 6-1:0.132: failed to create media graph [ 599.403119][ T9] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 599.442776][ T29] audit: type=1326 audit(1772775726.686:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 599.508621][ T9] em28xx 6-1:0.132: Remote control support is not available for this card. [ 599.546111][ T10] em28xx 6-1:0.132: Closing input extension [ 599.552217][ T29] audit: type=1326 audit(1772775726.686:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 599.688176][ T10] em28xx 6-1:0.132: Freeing device [ 599.751287][ T29] audit: type=1326 audit(1772775726.686:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 600.007605][T13968] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 600.149259][ T29] audit: type=1326 audit(1772775726.686:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 600.405795][ T29] audit: type=1326 audit(1772775726.686:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 600.479387][ T29] audit: type=1326 audit(1772775726.686:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 600.545633][ T29] audit: type=1326 audit(1772775726.686:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.5.2344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f317035cfce code=0x7ffc0000 [ 600.868383][T13981] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 601.697794][T13987] FAULT_INJECTION: forcing a failure. [ 601.697794][T13987] name failslab, interval 1, probability 0, space 0, times 0 [ 601.749365][T13987] CPU: 1 UID: 0 PID: 13987 Comm: syz.0.2353 Tainted: G L syzkaller #0 PREEMPT(full) [ 601.749399][T13987] Tainted: [L]=SOFTLOCKUP [ 601.749408][T13987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 601.749422][T13987] Call Trace: [ 601.749431][T13987] [ 601.749441][T13987] dump_stack_lvl+0xe8/0x150 [ 601.749478][T13987] should_fail_ex+0x412/0x560 [ 601.749512][T13987] should_failslab+0xa8/0x100 [ 601.749543][T13987] __kmalloc_noprof+0xe8/0x760 [ 601.749568][T13987] ? io_cache_alloc_new+0x40/0x100 [ 601.749599][T13987] ? __pfx___io_read+0x10/0x10 [ 601.749634][T13987] io_cache_alloc_new+0x40/0x100 [ 601.749664][T13987] __io_prep_rw+0x2bd/0xed0 [ 601.749704][T13987] ? __pfx___io_prep_rw+0x10/0x10 [ 601.749734][T13987] ? __io_issue_sqe+0x1f7/0x4b0 [ 601.749766][T13987] ? io_file_get_normal+0xe9/0x310 [ 601.749807][T13987] io_prep_read+0x33/0x110 [ 601.749842][T13987] io_submit_sqes+0xb35/0x2370 [ 601.749909][T13987] __se_sys_io_uring_enter+0x2cc/0x18c0 [ 601.749947][T13987] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 601.749975][T13987] ? __fget_files+0x3a0/0x420 [ 601.750018][T13987] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 601.750052][T13987] ? fput+0xa0/0xd0 [ 601.750084][T13987] ? ksys_write+0x242/0x270 [ 601.750110][T13987] ? __pfx_ksys_write+0x10/0x10 [ 601.750142][T13987] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 601.750183][T13987] do_syscall_64+0x14d/0xf80 [ 601.750221][T13987] ? trace_irq_disable+0x3b/0x150 [ 601.750253][T13987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.750281][T13987] ? clear_bhb_loop+0x40/0x90 [ 601.750308][T13987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.750330][T13987] RIP: 0033:0x7f842459c799 [ 601.750350][T13987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.750370][T13987] RSP: 002b:00007f84253e5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 601.750393][T13987] RAX: ffffffffffffffda RBX: 00007f8424815fa0 RCX: 00007f842459c799 [ 601.750410][T13987] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000 [ 601.750423][T13987] RBP: 00007f84253e5090 R08: 0000000000000000 R09: 0000000000000000 [ 601.750436][T13987] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 601.750449][T13987] R13: 00007f8424816038 R14: 00007f8424815fa0 R15: 00007f842493fa48 [ 601.750481][T13987] [ 603.599958][T14005] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.607820][T14005] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.109176][T14005] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 604.135519][T14005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 604.633905][ T1148] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.696072][ T1148] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.715271][ T1148] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.750202][ T1148] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.909005][ T1148] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 604.934724][ T1148] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.017674][ T1148] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 605.062470][ T1148] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 605.157599][T14038] syz.4.2365 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 605.957944][T14052] netlink: 'syz.0.2367': attribute type 7 has an invalid length. [ 606.296083][T14020] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 606.529407][T14020] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 606.547035][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.559617][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.624414][T14061] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 606.645930][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.660816][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.671801][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.693074][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.707567][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.717833][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.751083][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.771908][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.784499][T14064] loop2: detected capacity change from 0 to 7 [ 606.790979][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.808478][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.811414][T14064] Dev loop2: unable to read RDB block 7 [ 606.828594][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.844148][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.873209][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.890477][T14064] loop2: AHDI p1 p2 p3 [ 606.894508][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 606.918236][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 606.977758][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 606.998029][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 607.045213][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 607.062242][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 607.069074][T14064] loop2: partition table partially beyond EOD, truncated [ 607.090514][T14064] loop2: p1 start 1818582900 is beyond EOD, truncated [ 607.097445][T14020] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 607.108682][T14020] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 607.146422][T14064] loop2: p3 start 335544320 is beyond EOD, truncated [ 607.188357][T14020] usb 5-1: config 0 interface 0 has no altsetting 0 [ 607.201112][T14020] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 607.210375][T14020] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 607.218800][T14020] usb 5-1: Product: syz [ 607.223097][T14020] usb 5-1: Manufacturer: syz [ 607.228074][T14020] usb 5-1: SerialNumber: syz [ 607.242166][T14020] usb 5-1: config 0 descriptor?? [ 607.275768][T14020] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 607.533036][ C1] usb 5-1: yurex_control_callback - control failed: -2 [ 607.555975][T14020] usb 5-1: USB disconnect, device number 82 [ 607.564419][T14020] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 609.212369][T14073] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2373'. [ 609.357420][T14080] netlink: 'syz.4.2373': attribute type 21 has an invalid length. [ 609.365322][T14080] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2373'. [ 610.175968][T14080] netlink: 'syz.4.2373': attribute type 4 has an invalid length. [ 610.196148][T14080] netlink: 'syz.4.2373': attribute type 3 has an invalid length. [ 610.203929][T14080] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2373'. [ 611.905233][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 611.905252][ T29] audit: type=1326 audit(1772775739.796:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.005668][T14119] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 612.231871][ T29] audit: type=1326 audit(1772775739.796:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.307418][ T29] audit: type=1326 audit(1772775739.806:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.393474][ T29] audit: type=1326 audit(1772775739.806:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.435480][ T29] audit: type=1326 audit(1772775739.806:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.472055][ T29] audit: type=1326 audit(1772775739.806:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.535069][ T29] audit: type=1326 audit(1772775739.806:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.743965][ T29] audit: type=1326 audit(1772775739.806:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.874753][ T29] audit: type=1326 audit(1772775739.806:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 612.985944][ T29] audit: type=1326 audit(1772775739.806:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14112 comm="syz.5.2385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f317039c799 code=0x7ffc0000 [ 613.532825][ T30] INFO: task kworker/1:3:5886 blocked for more than 143 seconds. [ 613.557083][ T30] Tainted: G L syzkaller #0 [ 613.610544][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 613.707924][ T30] task:kworker/1:3 state:D stack:19496 pid:5886 tgid:5886 ppid:2 task_flags:0x4288160 flags:0x00080000 [ 614.015426][ T30] Workqueue: usb_hub_wq hub_event [ 614.034558][ T30] Call Trace: [ 614.038054][ T30] [ 614.045056][ T30] __schedule+0x15dd/0x52d0 [ 614.060974][ T30] ? __pfx___schedule+0x10/0x10 [ 614.070076][ T30] ? __pfx___schedule+0x10/0x10 [ 614.097766][ T30] ? schedule+0x90/0x360 [ 614.116208][ T30] schedule+0x164/0x360 [ 614.120472][ T30] schedule_timeout+0xc3/0x2c0 [ 614.125287][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 614.179354][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 614.207370][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 614.269545][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 614.301147][ T30] ? wait_for_completion+0x274/0x5e0 [ 614.332644][ T30] wait_for_completion+0x2cc/0x5e0 [ 614.350528][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 614.367819][ T30] i2c_del_adapter+0x5c0/0x790 [ 614.391970][ T30] ? __pfx_i2c_del_adapter+0x10/0x10 [ 614.413746][ T30] ? rcu_is_watching+0x15/0xb0 [ 614.433154][ T30] ? devres_log+0x10e/0x360 [ 614.450289][ T30] ? devres_release_group+0x305/0x350 [ 614.475252][ T30] devres_release_group+0x2fd/0x350 [ 614.495005][ T30] ? __pfx_devres_release_group+0x10/0x10 [ 614.517817][ T30] ? enable_work+0x1fd/0x230 [ 614.536135][ T30] ? __pfx_mcp2221_remove+0x10/0x10 [ 614.558741][ T30] hid_device_remove+0x250/0x370 [ 614.573950][ T30] ? __pfx_hid_device_remove+0x10/0x10 [ 614.589922][ T30] device_release_driver_internal+0x46f/0x860 [ 614.601693][ T30] bus_remove_device+0x34d/0x440 [ 614.616209][ T30] device_del+0x527/0x8f0 [ 614.626320][ T30] ? __pfx_device_del+0x10/0x10 [ 614.639062][ T30] hid_destroy_device+0x6b/0x1b0 [ 614.651854][ T30] usbhid_disconnect+0x9f/0xc0 [ 614.662534][ T30] usb_unbind_interface+0x26e/0x910 [ 614.684020][ T30] ? __pfx_usb_unbind_interface+0x10/0x10 [ 614.696739][ T30] device_release_driver_internal+0x4d9/0x860 [ 614.718497][ T30] bus_remove_device+0x34d/0x440 [ 614.733715][ T30] device_del+0x527/0x8f0 [ 614.744479][ T30] ? __pfx_device_del+0x10/0x10 [ 614.755888][ T30] ? kobject_put+0x51d/0x560 [ 614.766131][ T30] usb_disable_device+0x3d4/0x8d0 [ 614.780206][ T30] usb_disconnect+0x32f/0x990 [ 614.793539][ T30] hub_event+0x1cc9/0x4f30 [ 614.807103][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 614.824629][ T30] ? __pfx_hub_event+0x10/0x10 [ 614.845929][ T30] ? process_scheduled_works+0xa25/0x1830 [ 614.898025][ T30] ? process_scheduled_works+0xa25/0x1830 [ 614.924504][ T30] process_scheduled_works+0xb02/0x1830 [ 614.932702][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 614.944980][ T30] ? assign_work+0x3d5/0x5e0 [ 614.955345][ T30] worker_thread+0xa50/0xfc0 [ 614.965291][ T30] kthread+0x388/0x470 [ 614.976790][ T30] ? __pfx_worker_thread+0x10/0x10 [ 614.988431][ T30] ? __pfx_kthread+0x10/0x10 [ 614.997763][ T30] ret_from_fork+0x51e/0xb90 [ 615.015977][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 615.021295][ T30] ? __switch_to+0xc7d/0x1450 [ 615.028358][ T30] ? __pfx_kthread+0x10/0x10 [ 615.041258][ T30] ret_from_fork_asm+0x1a/0x30 [ 615.050495][ T30] [ 615.061910][ T30] [ 615.061910][ T30] Showing all locks held in the system: [ 615.096483][ T30] 1 lock held by ksoftirqd/0/15: [ 615.101493][ T30] 1 lock held by khungtaskd/30: [ 615.112999][ T30] #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 615.135513][ T30] 4 locks held by kworker/u8:4/59: [ 615.145809][ T30] #0: ffff88801b6d6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 615.176042][ T30] #1: ffffc9000210fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 615.189673][ T30] #2: ffffffff8fbbeef0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 615.209672][ T30] #3: ffffffff8fbcd688 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x940 [ 615.229209][ T30] 3 locks held by kworker/u8:9/1148: [ 615.244624][ T30] #0: ffff888031f00948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 615.277091][ T30] #1: ffffc90004c5fc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 615.292708][ T30] #2: ffffffff8fbcd688 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 615.311272][ T30] 2 locks held by getty/5583: [ 615.318714][ T30] #0: ffff888032b8e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 615.332739][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 615.345718][ T30] 6 locks held by kworker/1:3/5886: [ 615.351321][ T30] #0: ffff88801faba148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 615.364352][ T30] #1: ffffc90004087c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 615.393002][ T30] #2: ffff888029cb5198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 [ 615.415078][ T30] #3: ffff88805a423198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990 [ 615.460187][ T30] #4: ffff88804090e160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860 [ 615.483361][ T30] #5: ffff888068235a20 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860 [ 615.505953][ T30] 1 lock held by syz.2.2391/14129: [ 615.521301][ T30] 1 lock held by syz.2.2391/14131: [ 615.538351][ T30] #0: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 615.561892][ T30] 3 locks held by syz.0.2389/14130: [ 615.593154][ T30] [ 615.595566][ T30] ============================================= [ 615.595566][ T30] [ 615.629622][ T30] NMI backtrace for cpu 1 [ 615.629649][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 615.629678][ T30] Tainted: [L]=SOFTLOCKUP [ 615.629686][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 615.629705][ T30] Call Trace: [ 615.629712][ T30] [ 615.629720][ T30] dump_stack_lvl+0xe8/0x150 [ 615.629747][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 615.629824][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 615.629847][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 615.629868][ T30] sys_info+0x135/0x170 [ 615.629884][ T30] watchdog+0xfd9/0x1030 [ 615.629912][ T30] ? watchdog+0x21a/0x1030 [ 615.629940][ T30] kthread+0x388/0x470 [ 615.629956][ T30] ? __pfx_watchdog+0x10/0x10 [ 615.629977][ T30] ? __pfx_kthread+0x10/0x10 [ 615.629993][ T30] ret_from_fork+0x51e/0xb90 [ 615.630015][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 615.630035][ T30] ? __switch_to+0xc7d/0x1450 [ 615.630054][ T30] ? __pfx_kthread+0x10/0x10 [ 615.630070][ T30] ret_from_fork_asm+0x1a/0x30 [ 615.630104][ T30] [ 615.630110][ T30] Sending NMI from CPU 1 to CPUs 0: [ 615.748628][ C0] NMI backtrace for cpu 0 [ 615.748648][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 615.748672][ C0] Tainted: [L]=SOFTLOCKUP [ 615.748686][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 615.748698][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 615.748731][ C0] Code: 0e 6d 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 a0 1b 00 fb f4 fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 615.748748][ C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000242 [ 615.748766][ C0] RAX: 000000000086d2d9 RBX: ffffffff819a88ed RCX: 0000000080000001 [ 615.748779][ C0] RDX: 0000000000000001 RSI: ffffffff8def348f RDI: ffffffff8c27b280 [ 615.748792][ C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b [ 615.748806][ C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: ffffffff901194b0 [ 615.748819][ C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 0000000000000000 [ 615.748832][ C0] FS: 0000000000000000(0000) GS:ffff888125463000(0000) knlGS:0000000000000000 [ 615.748850][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 615.748863][ C0] CR2: 000020000033f030 CR3: 000000007514a000 CR4: 00000000003526f0 [ 615.748880][ C0] Call Trace: [ 615.748887][ C0] [ 615.748894][ C0] default_idle+0x9/0x20 [ 615.748913][ C0] default_idle_call+0x72/0xb0 [ 615.748934][ C0] do_idle+0x1bd/0x500 [ 615.748988][ C0] ? __pfx_do_idle+0x10/0x10 [ 615.749014][ C0] ? do_idle+0xc/0x500 [ 615.749039][ C0] cpu_startup_entry+0x43/0x60 [ 615.749064][ C0] rest_init+0x2de/0x300 [ 615.749085][ C0] start_kernel+0x385/0x3d0 [ 615.749157][ C0] x86_64_start_reservations+0x24/0x30 [ 615.749203][ C0] x86_64_start_kernel+0x143/0x1c0 [ 615.749228][ C0] common_startup_64+0x13e/0x147 [ 615.749256][ C0] [ 616.071035][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 616.077953][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 616.088640][ T30] Tainted: [L]=SOFTLOCKUP [ 616.092971][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 616.103032][ T30] Call Trace: [ 616.106326][ T30] [ 616.109269][ T30] vpanic+0x56c/0xa60 [ 616.113277][ T30] ? __pfx___schedule+0x10/0x10 [ 616.118168][ T30] ? __pfx_vpanic+0x10/0x10 [ 616.122803][ T30] ? __pfx_console_unlock+0x10/0x10 [ 616.128057][ T30] panic+0xc5/0xd0 [ 616.131820][ T30] ? __pfx_panic+0x10/0x10 [ 616.136274][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 616.141703][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 616.147872][ T30] watchdog+0x1023/0x1030 [ 616.152223][ T30] ? watchdog+0x21a/0x1030 [ 616.156676][ T30] kthread+0x388/0x470 [ 616.160765][ T30] ? __pfx_watchdog+0x10/0x10 [ 616.165457][ T30] ? __pfx_kthread+0x10/0x10 [ 616.170059][ T30] ret_from_fork+0x51e/0xb90 [ 616.174679][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 616.179860][ T30] ? __switch_to+0xc7d/0x1450 [ 616.184564][ T30] ? __pfx_kthread+0x10/0x10 [ 616.189178][ T30] ret_from_fork_asm+0x1a/0x30 [ 616.193984][ T30] [ 616.197636][ T30] Kernel Offset: disabled [ 616.201971][ T30] Rebooting in 86400 seconds..