last executing test programs: 2m22.983091338s ago: executing program 4 (id=4215): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x401) epoll_create1(0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010027bd7000000000001400000018000180140002006e657464657673696d3000000000000005000c000300000008001600ffffffff080003000d00000008000f00050000000800040019dc0000050019"], 0x5c}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) (fail_nth: 10) 2m22.571311592s ago: executing program 4 (id=4216): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000080)=@l2tp6={0xa, 0xf5, 0x12, @dev={0xfe, 0x80, '\x00', 0xfd}, 0x12, 0x10000}, 0x80, 0x0, 0x36}, 0x24000059) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'macvlan0\x00', 0x1}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x40142, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1}) (async) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]}) (async) r3 = socket(0x10, 0x3, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) (async) r4 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCCBRK(r4, 0x5428) sendto$inet6(r3, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c00100000000d0085a168d0bf46d32345653600648d0a00160002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) 2m21.593781992s ago: executing program 4 (id=4218): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) unshare(0x2040400) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000002240), 0x2) r0 = syz_open_dev$sndmidi(&(0x7f0000001040), 0xfffdfffd, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a63cdec590806000108000604"], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) 2m20.889305318s ago: executing program 4 (id=4222): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) open_tree(r1, &(0x7f0000000080)='.\x00', 0x9001) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r2) close(r2) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r3, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fanotify_mark(0xffffffffffffffff, 0x490, 0x12, r4, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) sendfile(r5, r5, &(0x7f0000000000)=0x2eb4, 0x2000007ff) 2m20.7040581s ago: executing program 4 (id=4223): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0xe5) 2m20.549929204s ago: executing program 4 (id=4226): ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x4, 0x1, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x40}}) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000140)=@ethtool_sset_info={0x37, 0x9, 0x10000}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f0000000000)={0x2, 0x5, 0x2}) r3 = fcntl$getown(r2, 0x9) syz_clone3(&(0x7f0000000380)={0x208400, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=0x0, {0xc}, &(0x7f0000000140)=""/254, 0xfe, &(0x7f00000002c0)=""/176, &(0x7f0000000240)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, r3], 0x9}, 0x58) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) sched_setattr(r4, &(0x7f0000000400)={0x38, 0x6, 0x9, 0x2, 0x2, 0x6, 0x8, 0x6, 0x5, 0xd}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "7f"}]}], {0x14}}, 0x88}}, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128008000100677265001800028005000a0000000000050013000100080004001200"], 0x44}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000540)={0x18, 0x0, &(0x7f0000000440)=[@request_death, @increfs], 0x0, 0x0, 0x0}) r12 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_CAP_X2APIC_API(r8, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@private=0xa010101, @in=@loopback, 0x0, 0x20, 0x2001, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x3fffffffd, 0x7fffffff, 0x0, 0xffffffffffffffff, 0x1000003fffc, 0x1a5}, {0x0, 0xfffffffffffffffc}, 0x0, 0x4, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x6c}, 0x2, @in=@broadcast, 0x3506, 0x0, 0x0, 0x0, 0xe, 0x4000000, 0x200003}}, 0xe8) r13 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d}) ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 2m20.178124134s ago: executing program 32 (id=4226): ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x4, 0x1, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x40}}) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000140)=@ethtool_sset_info={0x37, 0x9, 0x10000}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f0000000000)={0x2, 0x5, 0x2}) r3 = fcntl$getown(r2, 0x9) syz_clone3(&(0x7f0000000380)={0x208400, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=0x0, {0xc}, &(0x7f0000000140)=""/254, 0xfe, &(0x7f00000002c0)=""/176, &(0x7f0000000240)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, r3], 0x9}, 0x58) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) sched_setattr(r4, &(0x7f0000000400)={0x38, 0x6, 0x9, 0x2, 0x2, 0x6, 0x8, 0x6, 0x5, 0xd}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz1\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "7f"}]}], {0x14}}, 0x88}}, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128008000100677265001800028005000a0000000000050013000100080004001200"], 0x44}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000540)={0x18, 0x0, &(0x7f0000000440)=[@request_death, @increfs], 0x0, 0x0, 0x0}) r12 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_CAP_X2APIC_API(r8, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@private=0xa010101, @in=@loopback, 0x0, 0x20, 0x2001, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x3fffffffd, 0x7fffffff, 0x0, 0xffffffffffffffff, 0x1000003fffc, 0x1a5}, {0x0, 0xfffffffffffffffc}, 0x0, 0x4, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x6c}, 0x2, @in=@broadcast, 0x3506, 0x0, 0x0, 0x0, 0xe, 0x4000000, 0x200003}}, 0xe8) r13 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d}) ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 13.653453476s ago: executing program 0 (id=4915): r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000105804125000000000000109022400010000c04009040000010300000009210900000122a00009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0xa0000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xf88e470f}]}) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r4 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x20000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x800000000, 0x606, 0xfffffffffffffffd, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x7, 0x80000004000000, 0x8d], 0xeeee8000, 0x2150d3}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f00000036c0)=0xd, 0x4) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000100)=""/101) 9.363085785s ago: executing program 0 (id=4934): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000000000007112180000000000bc201000210000009500000000000000159bb11d55cd54f795ebc6c48b7ee57df364594defe47aa18c81fbb86c6042dbf743a90b61bae3a57ba478e003fe723b194058bc41fc8c6082cee0dce6c4e98c8804a03eb15abe991b86e1c207e4b9c2e545253ec3e0a8800fd697685e0d14ef22ee60615176aa2972a57268ec0127b3869d981e769df4fd0f63d8bde942339d7e8fa10c87b5562d7cd8a361f5801b6e29c575dac7f00846c103fa144116db9a8a8850b0715c590a250c52c2b47c"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) write$binfmt_register(r3, 0x0, 0x0) socket(0x2, 0x3, 0x2) sendmsg$IPSET_CMD_FLUSH(r2, 0x0, 0x480c4) dup(0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$binfmt_register(0xffffff9c, &(0x7f0000000240), 0x1, 0x0) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) 8.119441895s ago: executing program 5 (id=4941): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x8c, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, [@TCA_MQPRIO_MAX_RATE64={0x34, 0x4, 0x0, 0x1, [{0xc}, {0xc, 0x4, 0xfffffffffffffffb}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x99ec}]}]}}}]}, 0xbc}}, 0x0) shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffc000/0x1000)=nil) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x448000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r7, &(0x7f0000000640)={'syz1\x00', {0x40, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x80, 0x5, 0x5, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x9, 0x9, 0x2, 0x4, 0x3, 0x4, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x6, 0x77, 0x8000, 0x7, 0xd, 0x401, 0x7, 0x8, 0x3, 0x200, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x40399, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x7, 0xf, 0x2, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x3, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x9, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x27, 0x2, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x0, 0x10000, 0x3, 0x9f3, 0x800, 0x40, 0xe842, 0xff6, 0x400000ca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x80000001, 0x0, 0x4000003a, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d8, 0x783, 0x5, 0xffffffff, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x102, 0x1], [0x62e2adfb, 0x809f57, 0x4, 0x3, 0x4, 0x400, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800001, 0x0, 0x2e, 0x7, 0x2, 0x5, 0x7, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x9, 0x8, 0x5, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0xa, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x1d7, 0x5, 0xfe, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0x9d, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x4, 0x400002, 0xf, 0x5, 0xfffffffc, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x9, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x8, 0x1, 0x5, 0x8, 0x7, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0x40, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x7, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0xffffffff, 0x4, 0x4, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$UI_SET_PROPBIT(r7, 0x4004556e, 0x8) restart_syscall() r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r9 = dup3(r8, r6, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 7.664375507s ago: executing program 0 (id=4942): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_PMK(r1, 0x0, 0x20000004) 7.218694582s ago: executing program 0 (id=4946): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) r1 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x3a09, 0x800, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x21, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000040)={0x0, r1, 0x38, {0x1, 0x7f}, 0x8}, 0x1) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e2b, 0x0, @loopback}, 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r6 = socket(0x1, 0x803, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r8 = socket(0x10, 0x3, 0x0) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r9, 0x84, 0x25, 0x0, &(0x7f0000000100)=0x90) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r7], 0x50}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500"], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r12}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 6.22103694s ago: executing program 5 (id=4951): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='net/nfsfs\x00') capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) fchdir(r1) syz_usb_connect$cdc_ecm(0x0, 0xc4, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb2, 0x1, 0x1, 0x0, 0x20, 0xc5, [{{0x9, 0x4, 0x0, 0x7, 0x3, 0x2, 0x6, 0x0, 0x86, {{0xb, 0x24, 0x6, 0x0, 0x0, "c832e9b37a60"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x2, 0xfff, 0x1}, [@mbim={0xc, 0x24, 0x1b, 0x9, 0x2, 0x10, 0x9, 0x57, 0xe6}, @network_terminal={0x7, 0x24, 0xa, 0x2, 0x0, 0x24, 0x7}, @mdlm_detail={0x4d, 0x24, 0x13, 0x0, "88cf5e7a01b4b57527c3c897d9b93e706ef984a69ca0d691653987c020ac24766b01cf9555168bea9b17edd45a55e62d558ac9ccf34221acecfc5b9008d5ee0872af016d4e4b1fb08f"}, @mbim_extended={0x8, 0x24, 0x1c, 0xf, 0x6, 0xd}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x7f, 0x5, 0x1e}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x9, 0x9, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x4, 0x5, 0xf8}}}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x81, 0xed, 0x5, 0x10, 0x2}, 0xe3, &(0x7f0000000280)={0x5, 0xf, 0xe3, 0x2, [@ssp_cap={0x10, 0x10, 0xa, 0x9, 0x1, 0x6, 0xff00, 0x8, [0x0]}, @generic={0xce, 0x10, 0xb, "bb26d919955ed685f1410b48c2c5bf5b70ae775492f0276b4c7402519b88f9824b965e3492c1ccb9945232f51b65ecbb0a11ddf35415e442a84491dc37e86db9daaf938bdc3ccd3420a199a56e1f8445acbf84ae3115c3148564c60b4544305a3ed60ec3b12e8e83b336f630c0af5846776d5983d0c5ca86c6841df13df30baa8394c8d3834adada8b23319c32b9742a0592177cf6dfc9c0ae002fccd27597559c2fc181d393c012d7fecc7035e358c8632d522f3f31310cdaeae09f627d95a8440a75cd4e1599429b25be"}]}, 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x41a}}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0) read$char_usb(r0, 0x0, 0xa1) 5.19056063s ago: executing program 1 (id=4957): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x5, 0x4, 0xf06, 0x0, 0x84, 0x81, 0x5}, 0x9c) r2 = dup(r0) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000080)={0x7, 0x8}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000740)='team_slave_1\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x5, @empty, 0xb055}}, 0xff80, 0x1, 0xf06, 0x1f4, 0xac, 0x7d, 0x5}, 0x9c) 4.568923549s ago: executing program 1 (id=4959): open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$inet_tcp(0x2, 0x1, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) listen(0xffffffffffffffff, 0x802) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='cubic', 0x4) sendmmsg$inet(r2, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da924212382163c6638e798d66660c356195a56523456052c42aca7c8404e259561dfea5cbdc21a31b7e7eb73a710b68ba2ae2eff86d3d4fbda8b72014f5de839d48acbc9d217f7ac0b3362a66f3a7d04277cc4b918687ed082170f98dc54bd56f28ea3fecc4e86e1820ed811919dac4d09c18e27c4d839c7ac015d34522c7d87ae968dc872d97db81da9a4b6f631535348d9d44ca3fe846f6706fd3d3bd2f62f2d046a2973c9e8c6ccbf96fd0060d532433732627bf213a35870cea250f79ac773b8adba386e0ae960801b073646dcfe7c89f0cb410d22146cb3109bb9a12649e943104875c0272dfdfac5998854c0f62438909522fba45a4ac83b917a6d9a45704fefe035986b7ae676dd6b8094d2ce7ed64f0aaf138cc827553d74b2c04488d849df41fb98a6c966c07cbb1a9fe3ee5e41c3082c51b37f9df811461cf123830ee606c7b5816b6b86b21860177bfc3fd9aeb689dbb39963a55cee2afe7352200f719a3c0fe44e059446bd7226d9e814d2358c2524c0103c48f7516cc69eb04815bbef84a5bd840a5131f45c335ef8939d6100cf89160f5f1c5aec60e479d18f4680a5a525964fbf2371c1493df2c3e67f98645f329d984250dc98a48a5ab14624438ad259145794a22055ace7d33b5218ed2bda0a528bee49e4e4ae3068477da429945eef0e06128a3202f62634d8faba02e7a951fd2ceba99d2a1488872c66ceef1c5ba5a3e4a523be", 0x2ce}], 0x1}}], 0x1, 0x40000d0) sendto$inet(r2, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0) 4.347638815s ago: executing program 5 (id=4961): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x8c, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, [@TCA_MQPRIO_MAX_RATE64={0x34, 0x4, 0x0, 0x1, [{0xc}, {0xc, 0x4, 0xfffffffffffffffb}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x99ec}]}]}}}]}, 0xbc}}, 0x0) shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffc000/0x1000)=nil) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r7, &(0x7f0000000640)={'syz1\x00', {0x40, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x80, 0x5, 0x5, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x9, 0x9, 0x2, 0x4, 0x3, 0x4, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x6, 0x77, 0x8000, 0x7, 0xd, 0x401, 0x7, 0x8, 0x3, 0x200, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x40399, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x7, 0xf, 0x2, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x3, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x9, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x27, 0x2, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x0, 0x10000, 0x3, 0x9f3, 0x800, 0x40, 0xe842, 0xff6, 0x400000ca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x80000001, 0x0, 0x4000003a, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d8, 0x783, 0x5, 0xffffffff, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x102, 0x1], [0x62e2adfb, 0x809f57, 0x4, 0x3, 0x4, 0x400, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800001, 0x0, 0x2e, 0x7, 0x2, 0x5, 0x7, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x9, 0x8, 0x5, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0xa, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x1d7, 0x5, 0xfe, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0x9d, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x4, 0x400002, 0xf, 0x5, 0xfffffffc, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x9, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x8, 0x1, 0x5, 0x8, 0x7, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0x40, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x7, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0xffffffff, 0x4, 0x4, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$UI_SET_PROPBIT(r7, 0x4004556e, 0x8) restart_syscall() r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r9 = dup3(r8, r6, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 4.346226841s ago: executing program 0 (id=4962): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r6}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x7, 0x2}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) (fail_nth: 4) 4.272312524s ago: executing program 2 (id=4963): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f00000001c0)=r1) sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x4c001, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000140)='.', 0x1, 0x17, 0x0, 0x0) (fail_nth: 4) 3.059415189s ago: executing program 5 (id=4964): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0xf, 0x1, 0x3}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x13a}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x64}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c) openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0) r4 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x8c63, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newtaction={0x48, 0x76, 0x1, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x300}, [{0x34, 0x1, [@m_csum={0x30, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x48}}, 0x4000010) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x21, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x23456}) write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) r9 = fcntl$dupfd(r3, 0x0, r3) sendmsg$TIPC_NL_NAME_TABLE_GET(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040011) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x34) setsockopt$IPT_SO_SET_ADD_COUNTERS(r9, 0x0, 0x41, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000004000000002000000000000000000000000000000000000008000"/68], 0x44) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r9, 0x84, 0x1a, &(0x7f00000000c0)={0x0, 0x11, "f2fa5b9c04153a318682abb61ede867cd5"}, &(0x7f0000000100)=0x19) 3.035949482s ago: executing program 2 (id=4965): r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0xf2ff, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r6}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x7, 0x2}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 2.470039074s ago: executing program 2 (id=4966): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000040)='\x00\x00\x00\x00', 0x4}, {0x0}], 0x2, 0xc, 0x20000000) fsmount(0xffffffffffffffff, 0x0, 0x0) unshare(0x22020600) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0xa, 0x3, 0x87) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) fsopen(&(0x7f0000000040)='debugfs\x00', 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0x2000, 0xb, 0xfefffffb, 0xfffffffc, 0x0, [{0xc, 0xfc, 0x8, '\x00', 0xf4}, {0x83, 0x0, 0x7, '\x00', 0x4b}, {0xf9, 0x2e, 0x7, '\x00', 0xda}, {0x0, 0x5, 0x1, '\x00', 0x8}, {0x54, 0xd, 0x8}, {0x2, 0x5, 0x46, '\x00', 0xff}, {0x6, 0xe, 0x47, '\x00', 0x6}, {0x5, 0x90, 0x4, '\x00', 0x8}, {0xe, 0x0, 0xa7, '\x00', 0x1}, {0x9, 0xcc, 0x16, '\x00', 0x5}, {0x1, 0x9, 0x15, '\x00', 0x8}, {0x0, 0x3, 0x9d, '\x00', 0x7}, {0x1, 0xca, 0x80, '\x00', 0x3}, {0x3, 0xf1, 0x6, '\x00', 0xb2}, {0xff, 0x8, 0x0, '\x00', 0xfd}, {0x6, 0x0, 0x6, '\x00', 0x9}, {0x7, 0x2, 0x7, '\x00', 0x7}, {0xee, 0x9, 0x4, '\x00', 0xff}, {0xe4, 0x41, 0x6, '\x00', 0x1}, {0x9, 0x5, 0x54, '\x00', 0x4}, {0x1, 0x1, 0x7, '\x00', 0xe0}, {0x8, 0x40, 0x7, '\x00', 0x4}, {0x5, 0xfd, 0x7, '\x00', 0x2}, {0x5, 0x6, 0xfa, '\x00', 0x40}]}}) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000140)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r7], 0x44}}, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f0000000000), 0x4000000000001f2, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCINQ(r9, 0x541b, &(0x7f00000000c0)) 2.342611464s ago: executing program 1 (id=4967): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_PMK(r1, 0x0, 0x20000004) 2.22015963s ago: executing program 1 (id=4968): r0 = socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) pipe2$watch_queue(0x0, 0x80) accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0xf, 0x1a000, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0xd, 0x1, 0xe, 0x7fffffff, 0x2}, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011) 2.138750374s ago: executing program 1 (id=4969): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xe3c}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x4, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x0, 0xeeef6000, 0x1000, &(0x7f0000fd3000/0x1000)=nil}) syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r2, &(0x7f0000000340)={&(0x7f0000000040)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000080)="cb", 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="100000008400000007000000e0000001140000008459d5bf880000000000003b1df93c000000189d00000000"], 0x24}, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) syz_io_uring_setup(0x10e, &(0x7f0000000300)={0x0, 0x119, 0x40, 0x0, 0x1bc}, &(0x7f00000003c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x3, 0x10100, 0xeffffffe}, &(0x7f00000002c0)=0x0, &(0x7f0000000140)=0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r10}}) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x81, &(0x7f0000000100)=[r4, r3], 0x2, 0x0, 0x1, {0x0, r11}}) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r12 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000001c0)=r12) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000400)=0x1) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)='.', 0x1, 0x17, 0x0, 0x0) set_mempolicy(0x4000, &(0x7f00000000c0)=0x5b94, 0x2) 2.102456079s ago: executing program 5 (id=4970): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_elf32(r1, &(0x7f0000000700)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x5, 0x2, 0x0, 0x0, 0x3, 0x3, 0x3adb, 0xbe, 0x34, 0x41, 0xda, 0x0, 0x20, 0x1, 0xdae3, 0x53, 0x3ff}, [{0x6, 0xd564, 0xd, 0x7fffffff, 0x5, 0x10, 0x8, 0xfff}], "9d42dbc0251e388bc397929be7e8f2d331006eebcd165508d39f72bc927482ba0c", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa75) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@ipv4_getrule={0x1c, 0x22, 0x2, 0x70bd26, 0x25dfdbfd, {0x2, 0x20, 0x14, 0x9, 0xfb, 0x0, 0x0, 0x0, 0x1000a}, ["", "", "", "", "", "", "", ""]}, 0x1c}}, 0x20090) 2.102066986s ago: executing program 0 (id=4971): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) r4 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 2.101604067s ago: executing program 2 (id=4972): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x6) ftruncate(r1, 0x2000000) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x1000000}) (fail_nth: 5) 1.952514667s ago: executing program 2 (id=4973): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) r1 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x3a09, 0x800, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x21, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000040)={0x0, r1, 0x38, {0x1, 0x7f}, 0x8}, 0x1) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e2b, 0x0, @loopback}, 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r6 = socket(0x1, 0x803, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r8 = socket(0x10, 0x3, 0x0) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r9, 0x84, 0x25, 0x0, &(0x7f0000000100)=0x90) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r7], 0x50}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500"], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r12}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.942160578s ago: executing program 5 (id=4974): shmget$private(0x0, 0x800000, 0x54003f00, &(0x7f0000800000/0x800000)=nil) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000040)={0x200000, 0x26000, 0x3, 0x7, 0x5}) r4 = signalfd4(r0, &(0x7f0000000000)={[0xc]}, 0x8, 0x0) r5 = syz_io_uring_setup(0x72cd, &(0x7f0000000080)={0x0, 0x23412, 0x8000, 0x1, 0x1ee, 0x0, r2}, &(0x7f0000000140), &(0x7f0000000380)) io_uring_enter(r5, 0x2def, 0x9566, 0x0, 0x0, 0x0) r6 = signalfd4(r4, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) r9 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vbi(0x0, 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19f2, 0x3, 0x5, 0x2800, 0x9, 0xffff, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x25) connect$inet(r10, &(0x7f00000001c0)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r10, &(0x7f0000001b00), 0x80001fc, 0x40008d0) recvmmsg(r9, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000003c0)=""/76, 0x4c}], 0x1}, 0x4e3}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000000440)=""/228, 0xe4}, {&(0x7f00000002c0)=""/19, 0x13}], 0x3, &(0x7f0000000580)=""/62, 0x3e}, 0x1}], 0x1b, 0x10122, 0x0) 1.891930013s ago: executing program 1 (id=4975): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x8c, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, [@TCA_MQPRIO_MAX_RATE64={0x34, 0x4, 0x0, 0x1, [{0xc}, {0xc, 0x4, 0xfffffffffffffffb}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x99ec}]}]}}}]}, 0xbc}}, 0x0) shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffc000/0x1000)=nil) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r7, &(0x7f0000000640)={'syz1\x00', {0x40, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x80, 0x5, 0x5, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x9, 0x9, 0x2, 0x4, 0x3, 0x4, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x6, 0x77, 0x8000, 0x7, 0xd, 0x401, 0x7, 0x8, 0x3, 0x200, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x40399, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x7, 0xf, 0x2, 0x1, 0xffffffff, 0x800, 0x7f, 0x9, 0x3, 0x23c2, 0x0, 0xc10d, 0x7, 0x8, 0x9, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x27, 0x2, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x0, 0x10000, 0x3, 0x9f3, 0x800, 0x40, 0xe842, 0xff6, 0x400000ca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x80000001, 0x0, 0x4000003a, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d8, 0x783, 0x5, 0xffffffff, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x102, 0x1], [0x62e2adfb, 0x809f57, 0x4, 0x3, 0x4, 0x400, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800001, 0x0, 0x2e, 0x7, 0x2, 0x5, 0x7, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x9, 0x8, 0x5, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0xa, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x1d7, 0x5, 0xfe, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0x9d, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x4, 0x400002, 0xf, 0x5, 0xfffffffc, 0x10001, 0x2, 0x2, 0x2, 0x2, 0x9, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x8, 0x1, 0x5, 0x8, 0x7, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0x40, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x7, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0xffffffff, 0x4, 0x4, 0x3, 0x2, 0x8001, 0x0, 0x5, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$UI_SET_PROPBIT(r7, 0x4004556e, 0x8) restart_syscall() r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r9 = dup3(r8, r6, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1.240152959s ago: executing program 3 (id=4976): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) listen(r0, 0x5) accept4(r0, &(0x7f0000000240)=@x25, 0x0, 0x80800) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4400c800) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @loopback, 0x23}, 0x1c) r2 = dup(r1) r3 = socket(0xa, 0x3, 0xff) sendmsg$NL80211_CMD_DEL_MPATH(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x28, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x4008084) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c) syz_emit_ethernet(0xbb, &(0x7f00000001c0)={@random="cfb14e407d33", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0x1, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @loopback, @loopback, [@fragment={0x3b, 0x0, 0xe, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0xffffffffffffffa0, 0xfa00, {0xffffffffffffffff, 0x10c}}, 0xfffffd88) 1.063405226s ago: executing program 2 (id=4977): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301010009210000000122010009058103"], 0x0) timer_create(0x5, &(0x7f00000002c0)={0x0, 0x2b, 0x0, @thr={&(0x7f00000000c0)="583a3b3826567554f251c15f1c98a0c3dec02ec4d4caed007036bf6d03f7f08e3d1d288dd793b723666cec75d97716c528e7ee4367f840175f12338f9d611b94dbe1f5c156d93d777a55826e8772dafee804e2e08fc50bbb12efc22704bd91b857aa3814b44536ac0e88f6a9c3368f4b62c43779f1dd43368d989ab9a3c05b73dd63bebc54108e3e3806de783417a1efbad2a1fd4f5dd01450487ac48607af3f4dbd5f521a9b2d26cf8b9ab8109b6a3349e7443b2ca74506ffa3b800f478719fb1334f4ff6570839881f48", &(0x7f00000001c0)="161a5aa75b76cc889cf0b647ade14862e6e0d5e552732bc033f4044a5d08f8c564f8c61961c05c2a282d2f3b237f8b37bb08309c479427c6f5cd7ba5e026a54f245a136c3d0e96a43e01efc6be44698d96baee5cfc1ef2f110f6655259598cf23bcc1dc14eb7c7aca0d80c3a9c46654e74805a9d06e6e4f0a29d7c87cdb28b025c3556a5c4f7d24b35610b83cae44d74d3ecad857b4ccb0de81c21249dfa1509e8d8a8cf920e70cc8b6aa5ec50841cb15ecb0f5e0ee64b42c749f78374f8741ee786269650cb55d9b64bb5100c591ff8"}}, &(0x7f0000000300)=0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{}, {0x77359400}}, &(0x7f0000000380)) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000000)=0x4) socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_control_io(r0, &(0x7f0000000080)={0x18, &(0x7f0000000040)={0x40, 0x22, 0x2, {0x2, 0x23}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 996.246706ms ago: executing program 3 (id=4978): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_PMK(r1, &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x20000004) 696.444016ms ago: executing program 3 (id=4979): r0 = socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) pipe2$watch_queue(0x0, 0x80) accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0xf, 0x1a000, 0x4, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x7ff, 0x2}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0xd, 0x1, 0xe, 0x7fffffff, 0x2}, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011) 508.237092ms ago: executing program 3 (id=4980): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000003"], 0x48) r1 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r1}) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0x12) keyctl$get_persistent(0x16, 0x0, r2) write$cgroup_subtree(r3, &(0x7f00000000c0)={[{0x2b, 'net'}, {0x2b, 'cpuacct'}, {0x2d, 'io'}]}, 0x12) close(0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x90) 285.924557ms ago: executing program 3 (id=4981): r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) r4 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 0s ago: executing program 3 (id=4982): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) syz_emit_ethernet(0x3e, &(0x7f0000000240)={@random="a5050f0000b5", @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x20, 0x30, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0xf, 0xe000, {0x5, 0x4, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x89, 0x4, @local, @dev={0xac, 0x14, 0x14, 0x23}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000200002000000000fcffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000009008500000086000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r3, &(0x7f0000000200)="18b310b03726986f73964d796987b8344f271648c83cefa8a83bcb06546922afc44a84", 0x23) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd, 0xfa, 0x9, 0x40, 0x4d8, 0xf58b, 0xfaa9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x90, 0x9, 0x0, 0xa, 0xe3, 0x2f, 0x1}}]}}]}}, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000140)) r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0684113, &(0x7f0000000380)={0x1, 0x5, 0x0, 0x1003, 0x8000, 0x0, 0xff, 0x80000005, 0x0, 0x1, 0x800001}) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r6) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r8, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000600)={r9, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r6, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r10, 0x0, 0x0, r11], [0x2b8]}) close_range(r7, r6, 0x0) ioctl$TIOCSIG(r6, 0x40045436, 0x13) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r5, 0xc06c4124, &(0x7f00000002c0)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c) readv(r2, &(0x7f0000000500)=[{&(0x7f0000000640)=""/4096, 0x19fb8}], 0x1) dup(r1) kernel console output (not intermixed with test programs): as an invalid interface number: 50 but max is 0 [ 1528.497841][ T5907] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 1528.508659][ T5907] usb 2-1: config 13 has no interface number 0 [ 1528.517538][ T5907] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 1528.531284][ T5907] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1528.546266][ T5907] usb 2-1: config 13 interface 50 has no altsetting 0 [ 1528.571079][ T5907] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 1528.598891][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.607045][ T5907] usb 2-1: Product: syz [ 1528.622425][ T5907] usb 2-1: Manufacturer: syz [ 1528.627125][ T5907] usb 2-1: SerialNumber: syz [ 1528.652833][T23443] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1528.861768][T22251] usb 4-1: USB disconnect, device number 5 [ 1528.890470][ T5907] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1528.913411][ T5907] usb 2-1: MIDIStreaming interface descriptor not found [ 1528.986172][ T5907] usb 2-1: USB disconnect, device number 125 [ 1529.053382][T18128] udevd[18128]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1529.457205][T23482] netlink: 'syz.2.4573': attribute type 3 has an invalid length. [ 1529.800021][ T6270] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 1529.972360][ T6270] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1530.003162][ T6270] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1530.033680][ T6270] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1530.085584][ T6270] usb 2-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 1530.108800][ T6270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1530.128222][ T6270] usb 2-1: Product: syz [ 1530.132855][ T6270] usb 2-1: Manufacturer: syz [ 1530.137480][ T6270] usb 2-1: SerialNumber: syz [ 1530.161840][ T6270] usb 2-1: config 0 descriptor?? [ 1530.181750][ T6270] uvcvideo 2-1:0.0: probe with driver uvcvideo failed with error -22 [ 1530.399737][ T6270] usb 2-1: USB disconnect, device number 126 [ 1531.034131][T23497] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4580'. [ 1532.218871][T22250] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 1532.241787][T23517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4592'. [ 1532.276117][T23521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4591'. [ 1532.381075][T22250] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1532.396729][T22250] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1532.427619][T22250] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1532.468916][T22250] usb 3-1: Product: syz [ 1532.473157][T22250] usb 3-1: Manufacturer: syz [ 1532.477783][T22250] usb 3-1: SerialNumber: syz [ 1532.988876][ T5907] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1533.163281][ T5907] usb 1-1: config 0 has an invalid interface number: 130 but max is 0 [ 1533.176063][ T5907] usb 1-1: config 0 has no interface number 0 [ 1533.183480][ T5907] usb 1-1: config 0 interface 130 has no altsetting 0 [ 1533.194301][ T5907] usb 1-1: New USB device found, idVendor=0ed1, idProduct=6660, bcdDevice= 1.5e [ 1533.203912][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1533.213463][ T5907] usb 1-1: Product: syz [ 1533.217831][ T5907] usb 1-1: Manufacturer: syz [ 1533.222983][ T5907] usb 1-1: SerialNumber: syz [ 1533.233563][ T5907] usb 1-1: config 0 descriptor?? [ 1533.247174][ T5907] usb-storage 1-1:0.130: USB Mass Storage device detected [ 1533.263994][ T5907] usb-storage 1-1:0.130: Quirks match for vid 0ed1 pid 6660: 8 [ 1533.269357][T22251] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1533.441135][T22251] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1533.455766][T22251] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1533.465224][T22251] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1533.473470][T22251] usb 4-1: Product: syz [ 1533.478660][T22251] usb 4-1: Manufacturer: syz [ 1533.483534][T22251] usb 4-1: SerialNumber: syz [ 1533.520371][ T6270] usb 1-1: USB disconnect, device number 8 [ 1533.526530][T22250] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1533.539326][T22250] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 1533.546923][T22250] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 1533.727230][T22250] cdc_ncm 3-1:1.0: setting tx_max = 88 [ 1533.762313][T22250] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1533.939763][T18877] usb 3-1: USB disconnect, device number 5 [ 1533.952584][T18877] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 1533.986467][ T5907] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 1534.149266][ T5907] usb 2-1: Using ep0 maxpacket: 16 [ 1534.161130][ T5907] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1534.189915][ T5907] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1534.210250][ T5907] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1534.225240][ T5907] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1534.252262][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.266475][ T5907] usb 2-1: Product: syz [ 1534.273930][ T5907] usb 2-1: Manufacturer: syz [ 1534.279561][ T5907] usb 2-1: SerialNumber: syz [ 1534.508313][T22251] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1534.526672][T22251] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 1534.547341][T22251] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 1534.619102][T18877] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1534.688982][T22250] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 1534.708675][ T5907] usb 2-1: 0:2 : does not exist [ 1534.716735][T22251] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 1534.746400][T22251] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1534.789244][T18877] usb 6-1: Using ep0 maxpacket: 16 [ 1534.789285][T22251] usb 4-1: USB disconnect, device number 6 [ 1534.790902][T22251] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 1534.797921][T18877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1534.830718][T18877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1534.841584][T18877] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1534.855926][T18877] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1534.871056][T18877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1534.877717][T22250] usb 1-1: config 0 has an invalid interface number: 176 but max is 2 [ 1534.884468][T18877] usb 6-1: config 0 descriptor?? [ 1534.893832][T22250] usb 1-1: config 0 has no interface number 1 [ 1534.907716][T22250] usb 1-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30 [ 1534.938987][T22250] usb 1-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1534.982282][T22250] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1534.995871][T22250] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1535.014321][T22250] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1535.028940][T22250] usb 1-1: config 0 descriptor?? [ 1535.123905][ T5907] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 1535.171244][ T5907] usb 2-1: USB disconnect, device number 127 [ 1535.229288][T18538] udevd[18538]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1535.318595][T22250] usb 1-1: Could not set interface, error -71 [ 1535.355071][T22250] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22 [ 1535.395257][T22250] usb 1-1: USB disconnect, device number 9 [ 1535.468458][T18877] microsoft 0003:045E:07DA.003A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 1535.483886][T18877] microsoft 0003:045E:07DA.003A: no inputs found [ 1535.492209][T18877] microsoft 0003:045E:07DA.003A: could not initialize ff, continuing anyway [ 1535.528603][T18877] usb 6-1: USB disconnect, device number 8 [ 1535.578039][T23595] fido_id[23595]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 1536.111283][T22251] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1536.298956][T22251] usb 4-1: Using ep0 maxpacket: 16 [ 1536.314534][T22251] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1536.335768][T22251] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1536.356179][T22251] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1536.388929][T22251] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1536.408325][T22251] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1536.430185][T22251] usb 4-1: config 0 descriptor?? [ 1536.765625][T19647] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1536.854815][T22251] HID 045e:07da: Invalid code 65791 type 1 [ 1536.866906][T22251] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.003B/input/input349 [ 1536.907303][T22251] microsoft 0003:045E:07DA.003B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1536.942339][T19647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1536.965632][T19647] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1536.977943][T19647] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1536.993361][T19647] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1537.006800][T19647] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1537.020172][T19647] usb 6-1: config 0 descriptor?? [ 1537.082367][T18877] usb 4-1: USB disconnect, device number 7 [ 1537.458242][T19647] plantronics 0003:047F:FFFF.003C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1537.609249][T22251] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1537.758904][T19647] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1537.770485][T22251] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1537.799123][T22251] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1537.809263][T22251] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1537.822350][T22251] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1537.831699][T22251] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1537.850056][T22251] usb 3-1: config 0 descriptor?? [ 1537.918831][T19647] usb 1-1: Using ep0 maxpacket: 16 [ 1537.927329][T19647] usb 1-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 1537.937075][T19647] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1537.950383][T19647] usb 1-1: config 0 descriptor?? [ 1538.284058][T22251] plantronics 0003:047F:FFFF.003D: unbalanced collection at end of report description [ 1538.321457][T22251] plantronics 0003:047F:FFFF.003D: parse failed [ 1538.350967][T22251] plantronics 0003:047F:FFFF.003D: probe with driver plantronics failed with error -22 [ 1538.493839][T22251] usb 3-1: USB disconnect, device number 6 [ 1538.504969][ T5907] usb 6-1: USB disconnect, device number 9 [ 1538.860266][T23665] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4638'. [ 1538.889188][T23665] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1539.940885][ T5948] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1539.997809][T19647] pegasus 1-1:0.0: can't reset MAC [ 1540.008329][T19647] pegasus 1-1:0.0: probe with driver pegasus failed with error -5 [ 1540.077601][T19647] usb 1-1: USB disconnect, device number 10 [ 1540.110858][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1540.127305][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1540.139612][ T5948] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1540.149356][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1540.163677][ T5948] usb 4-1: config 0 descriptor?? [ 1540.586904][ T5948] keytouch 0003:0926:3333.003E: fixing up Keytouch IEC report descriptor [ 1540.615894][ T5948] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.003E/input/input350 [ 1540.811361][ T5948] keytouch 0003:0926:3333.003E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 1540.892268][ T5948] usb 4-1: USB disconnect, device number 8 [ 1541.104251][T23722] fido_id[23722]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 1541.499559][T23728] "syz.5.4664" (23728) uses obsolete ecb(arc4) skcipher [ 1541.584931][T23743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4669'. [ 1541.705547][T23746] bridge: RTM_NEWNEIGH with invalid ether address [ 1542.150355][T23765] input: syz0 as /devices/virtual/input/input351 [ 1542.349664][T23776] netlink: 'syz.5.4671': attribute type 3 has an invalid length. [ 1543.286227][T23794] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4691'. [ 1545.420646][T23842] gretap1: entered promiscuous mode [ 1545.442061][T23842] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8) [ 1545.448648][T23842] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1545.459007][T23842] vhci_hcd vhci_hcd.0: Device attached [ 1545.588855][T22250] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1545.630128][T23836] netlink: 'syz.3.4703': attribute type 10 has an invalid length. [ 1545.699245][T22251] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 1545.708840][T22254] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 1545.741540][T22250] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1545.752137][T22250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1545.763584][T22250] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1545.777503][T22250] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1545.793784][T22250] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1545.803388][T22250] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1545.812125][T22250] usb 2-1: Manufacturer: syz [ 1545.827672][T22250] usb 2-1: config 0 descriptor?? [ 1545.854880][T22250] smsusb:smsusb_probe: board id=9, interface number 0 [ 1545.871079][T22254] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1545.889079][T22254] usb 6-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1545.889300][T22250] smsusb:smsusb_probe: Device initialized with return code -19 [ 1545.906956][T22254] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1545.928114][T22254] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1546.068127][T23840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1546.078416][T23840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1546.161493][T22254] usb 6-1: string descriptor 0 read error: -71 [ 1546.174874][T23845] vhci_hcd: connection closed [ 1546.175152][T20493] vhci_hcd vhci_hcd.5: stop threads [ 1546.188871][T20493] vhci_hcd vhci_hcd.5: release socket [ 1546.195431][T20493] vhci_hcd vhci_hcd.5: disconnect device [ 1546.211156][T22254] usb 6-1: USB disconnect, device number 10 [ 1546.229094][T22251] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 1546.322692][T23852] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4707'. [ 1546.470273][T23854] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4707'. [ 1546.575411][ T6270] usb 2-1: USB disconnect, device number 2 [ 1546.788549][T23859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4709'. [ 1546.979363][T23864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4709'. [ 1547.347398][T23866] input: syz1 as /devices/virtual/input/input352 [ 1547.838960][T22250] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1547.882076][T19647] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1548.000599][T22250] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1548.011546][T22250] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1548.031832][T22250] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1548.044752][T22250] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1548.062384][T22250] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.072232][T19647] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1548.072281][T22250] usb 4-1: Product: syz [ 1548.072301][T22250] usb 4-1: Manufacturer: syz [ 1548.093823][T22250] usb 4-1: SerialNumber: syz [ 1548.113685][T22250] usb 4-1: config 0 descriptor?? [ 1548.123342][T19647] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1548.124369][T23874] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1548.142834][T23874] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1548.154104][T22250] usb 4-1: ucan: probing device on interface #0 [ 1548.170107][T19647] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1548.188803][T19647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1548.208139][T19647] usb 3-1: SerialNumber: syz [ 1548.376242][T22250] usb 4-1: ucan: device protocol version 1701523203 is not supported [ 1548.395960][T22250] usb 4-1: ucan: probe failed; try to update the device firmware [ 1548.573806][T23880] input: syz1 as /devices/virtual/input/input353 [ 1548.979874][T19647] usb 3-1: 0:2 : does not exist [ 1549.042844][T19647] usb 3-1: USB disconnect, device number 7 [ 1549.101635][T18538] udevd[18538]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1549.528868][T19647] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1549.708864][T19647] usb 3-1: Using ep0 maxpacket: 32 [ 1549.718304][T19647] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1549.765362][T19647] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1549.791564][T19647] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1549.811351][T19647] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1549.828898][T19647] usb 3-1: Product: syz [ 1549.838854][T19647] usb 3-1: Manufacturer: syz [ 1549.855907][T19647] usb 3-1: SerialNumber: syz [ 1549.881563][T19647] usb 3-1: config 0 descriptor?? [ 1550.336705][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 1550.344253][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 1550.355399][T19647] usb 3-1: USB disconnect, device number 8 [ 1550.390725][T23894] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1550.499048][T22251] usb 4-1: USB disconnect, device number 9 [ 1550.669942][T22250] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1550.858849][T22250] usb 2-1: Using ep0 maxpacket: 32 [ 1550.890468][T22250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1550.976566][T22250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1551.075059][T22250] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1551.140201][T22250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1551.187480][T22250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1551.242758][T23912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4725'. [ 1551.262297][T22250] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1551.290058][T22250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1551.312473][T22250] usb 2-1: Product: syz [ 1551.340357][T22250] usb 2-1: Manufacturer: syz [ 1551.370818][T22250] usb 2-1: SerialNumber: syz [ 1551.385265][T22250] usb 2-1: config 0 descriptor?? [ 1551.404433][T23894] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1551.451693][T22250] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input354 [ 1551.477862][ T5184] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1551.495460][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.505401][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1551.787176][T22250] usb 2-1: USB disconnect, device number 3 [ 1552.425360][T23938] FAULT_INJECTION: forcing a failure. [ 1552.425360][T23938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1552.439712][T23938] CPU: 1 UID: 0 PID: 23938 Comm: syz.1.4730 Tainted: G L syzkaller #0 PREEMPT(full) [ 1552.439746][T23938] Tainted: [L]=SOFTLOCKUP [ 1552.439755][T23938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1552.439769][T23938] Call Trace: [ 1552.439778][T23938] [ 1552.439788][T23938] dump_stack_lvl+0x189/0x250 [ 1552.439819][T23938] ? __pfx____ratelimit+0x10/0x10 [ 1552.439850][T23938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1552.439876][T23938] ? __pfx__printk+0x10/0x10 [ 1552.439909][T23938] ? __might_fault+0xb0/0x130 [ 1552.439952][T23938] should_fail_ex+0x414/0x560 [ 1552.439986][T23938] _copy_from_iter+0x1cd/0x1630 [ 1552.440033][T23938] ? __build_skb_around+0x22d/0x3c0 [ 1552.440074][T23938] ? __pfx__copy_from_iter+0x10/0x10 [ 1552.440104][T23938] ? __alloc_skb+0x2f1/0x430 [ 1552.440140][T23938] ? __pfx___alloc_skb+0x10/0x10 [ 1552.440175][T23938] ? netlink_sendmsg+0x642/0xb30 [ 1552.440198][T23938] ? skb_put+0x11b/0x210 [ 1552.440223][T23938] netlink_sendmsg+0x6b2/0xb30 [ 1552.440258][T23938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1552.440286][T23938] ? __import_iovec+0x5d4/0x7f0 [ 1552.440307][T23938] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1552.440334][T23938] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1552.440355][T23938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1552.440382][T23938] __sock_sendmsg+0x21c/0x270 [ 1552.440414][T23938] ____sys_sendmsg+0x505/0x820 [ 1552.440442][T23938] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1552.440470][T23938] ? kstrtouint+0x6e/0xe0 [ 1552.440507][T23938] ___sys_sendmsg+0x21f/0x2a0 [ 1552.440534][T23938] ? __pfx____sys_sendmsg+0x10/0x10 [ 1552.440564][T23938] ? rcu_read_lock_any_held+0xb3/0x120 [ 1552.440621][T23938] ? __fget_files+0x2a/0x420 [ 1552.440649][T23938] ? __fget_files+0x3a0/0x420 [ 1552.440687][T23938] __sys_sendmsg+0x164/0x220 [ 1552.440713][T23938] ? __pfx___sys_sendmsg+0x10/0x10 [ 1552.440745][T23938] ? __pfx_ksys_write+0x10/0x10 [ 1552.440771][T23938] ? __do_fast_syscall_32+0xbe/0x570 [ 1552.440798][T23938] __do_fast_syscall_32+0x1f7/0x570 [ 1552.440820][T23938] ? rcu_is_watching+0x15/0xb0 [ 1552.440845][T23938] ? do_fast_syscall_32+0x34/0x80 [ 1552.440872][T23938] do_fast_syscall_32+0x34/0x80 [ 1552.440893][T23938] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1552.440919][T23938] RIP: 0023:0xf7f06539 [ 1552.440939][T23938] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1552.440958][T23938] RSP: 002b:00000000f53f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1552.440982][T23938] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1552.440998][T23938] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 1552.441011][T23938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1552.441032][T23938] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1552.441045][T23938] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1552.441077][T23938] [ 1553.229966][T23952] ip6t_REJECT: ECHOREPLY is not supported [ 1553.309206][T23956] input: syz1 as /devices/virtual/input/input355 [ 1553.725385][ T30] audit: type=1326 audit(1765463227.925:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1553.779690][ T30] audit: type=1326 audit(1765463227.925:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1553.871713][ T30] audit: type=1326 audit(1765463227.925:1746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1553.983061][ T30] audit: type=1326 audit(1765463227.925:1747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=265 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.086008][ T30] audit: type=1326 audit(1765463227.925:1748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.178279][ T30] audit: type=1326 audit(1765463227.925:1749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=325 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.230073][ T30] audit: type=1326 audit(1765463227.925:1750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.325211][ T30] audit: type=1326 audit(1765463227.925:1751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=76 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.389196][ T30] audit: type=1326 audit(1765463227.925:1752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1554.442207][ T30] audit: type=1326 audit(1765463227.925:1753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23948 comm="syz.0.4735" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f66539 code=0x7ffc0000 [ 1555.330646][T23980] vlan2: entered promiscuous mode [ 1555.340914][T23980] vlan2: entered allmulticast mode [ 1555.357003][T23993] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1555.379965][T23980] hsr_slave_1: entered allmulticast mode [ 1555.411196][T23980] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4743'. [ 1555.811026][ T5973] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1555.888131][T24002] netlink: 'syz.3.4748': attribute type 2 has an invalid length. [ 1555.982430][ T5973] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1556.000737][ T5973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1556.031277][ T5973] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1556.052541][ T5973] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1556.086943][ T5973] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1556.100027][ T5973] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1556.126155][ T5973] usb 2-1: Manufacturer: syz [ 1556.150412][ T5973] usb 2-1: config 0 descriptor?? [ 1556.164265][ T5973] smsusb:smsusb_probe: board id=9, interface number 0 [ 1556.179136][ T5973] smsusb:smsusb_probe: Device initialized with return code -19 [ 1556.280189][T19647] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1556.384015][T24000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1556.418666][T24000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1556.450092][T19647] usb 4-1: Using ep0 maxpacket: 8 [ 1556.475077][T19647] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1556.510685][T19647] usb 4-1: config 0 has no interface number 0 [ 1556.532578][T19647] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1556.576087][T19647] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1556.681627][T19647] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1556.708920][T19647] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1556.764323][T19647] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1556.794564][T19647] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1556.828586][T19647] usb 4-1: config 0 descriptor?? [ 1556.896831][T19647] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1557.038042][T22251] usb 2-1: USB disconnect, device number 4 [ 1557.169054][ T6270] usb 4-1: USB disconnect, device number 10 [ 1557.169179][ C0] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 1557.182585][T24005] FAULT_INJECTION: forcing a failure. [ 1557.182585][T24005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1557.195930][T24005] CPU: 0 UID: 0 PID: 24005 Comm: syz.3.4749 Tainted: G L syzkaller #0 PREEMPT(full) [ 1557.195966][T24005] Tainted: [L]=SOFTLOCKUP [ 1557.195974][T24005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1557.195989][T24005] Call Trace: [ 1557.195998][T24005] [ 1557.196007][T24005] dump_stack_lvl+0x189/0x250 [ 1557.196040][T24005] ? __pfx____ratelimit+0x10/0x10 [ 1557.196070][T24005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1557.196096][T24005] ? __pfx__printk+0x10/0x10 [ 1557.196128][T24005] ? __might_fault+0xb0/0x130 [ 1557.196171][T24005] should_fail_ex+0x414/0x560 [ 1557.196206][T24005] fpu__restore_sig+0x1bb/0x10d0 [ 1557.196246][T24005] ? __pfx_fpu__restore_sig+0x10/0x10 [ 1557.196332][T24005] ia32_restore_sigcontext+0x449/0x5b0 [ 1557.196358][T24005] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1557.196391][T24005] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 1557.196441][T24005] ? _raw_spin_unlock_irq+0x23/0x50 [ 1557.196471][T24005] ? lockdep_hardirqs_on+0x98/0x140 [ 1557.196505][T24005] __ia32_compat_sys_rt_sigreturn+0x1a9/0x260 [ 1557.196529][T24005] ? __task_pid_nr_ns+0x28/0x490 [ 1557.196560][T24005] ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10 [ 1557.196591][T24005] ? do_int80_emulation+0xec/0x410 [ 1557.196613][T24005] ? asm_int80_emulation+0x1a/0x20 [ 1557.196635][T24005] do_int80_emulation+0x126/0x410 [ 1557.196654][T24005] ? clear_bhb_loop+0x60/0xb0 [ 1557.196674][T24005] ? clear_bhb_loop+0x60/0xb0 [ 1557.196698][T24005] asm_int80_emulation+0x1a/0x20 [ 1557.196717][T24005] RIP: 0023:0xf702d537 [ 1557.196734][T24005] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1557.196751][T24005] RSP: 002b:00000000f541d55c EFLAGS: 00000206 [ 1557.196768][T24005] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 00000000800002c0 [ 1557.196780][T24005] RDX: 0000000000000097 RSI: 0000000000000000 RDI: 0000000000000000 [ 1557.196792][T24005] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1557.196803][T24005] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1557.196814][T24005] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1557.196843][T24005] [ 1557.460947][ T6270] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 1557.820614][T24016] input: syz1 as /devices/virtual/input/input356 [ 1558.028929][ T6270] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1558.199315][ T6270] usb 2-1: Using ep0 maxpacket: 16 [ 1558.217403][ T6270] usb 2-1: config 0 has an invalid interface number: 213 but max is 0 [ 1558.289266][ T6270] usb 2-1: config 0 has no interface number 0 [ 1558.311390][ T6270] usb 2-1: config 0 interface 213 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024 [ 1558.350701][ T6270] usb 2-1: config 0 interface 213 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1558.387414][ T6270] usb 2-1: New USB device found, idVendor=0499, idProduct=105c, bcdDevice=c5.ad [ 1558.399739][ T6270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.416425][ T6270] usb 2-1: Product: syz [ 1558.425437][ T6270] usb 2-1: Manufacturer: syz [ 1558.435549][ T6270] usb 2-1: SerialNumber: syz [ 1558.455543][ T6270] usb 2-1: config 0 descriptor?? [ 1558.490369][T24019] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1558.735698][T24019] QAT: Device 8 not found [ 1558.753009][ T6270] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1558.770535][T24030] FAULT_INJECTION: forcing a failure. [ 1558.770535][T24030] name fail_futex, interval 1, probability 0, space 0, times 1 [ 1558.794087][T24030] CPU: 0 UID: 0 PID: 24030 Comm: syz.3.4758 Tainted: G L syzkaller #0 PREEMPT(full) [ 1558.794122][T24030] Tainted: [L]=SOFTLOCKUP [ 1558.794131][T24030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1558.794144][T24030] Call Trace: [ 1558.794154][T24030] [ 1558.794164][T24030] dump_stack_lvl+0x189/0x250 [ 1558.794196][T24030] ? __pfx____ratelimit+0x10/0x10 [ 1558.794230][T24030] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1558.794256][T24030] ? __pfx__printk+0x10/0x10 [ 1558.794301][T24030] should_fail_ex+0x414/0x560 [ 1558.794336][T24030] get_futex_key+0x8ff/0x1660 [ 1558.794356][T24030] ? _parse_integer_limit+0x1ae/0x1f0 [ 1558.794392][T24030] ? kstrtoull+0x12f/0x1d0 [ 1558.794420][T24030] ? __pfx_get_futex_key+0x10/0x10 [ 1558.794441][T24030] ? kstrtouint+0x6e/0xe0 [ 1558.794487][T24030] futex_wake_op+0x1e1/0xd70 [ 1558.794517][T24030] ? __pfx_futex_wake_op+0x10/0x10 [ 1558.794538][T24030] ? vfs_write+0x956/0xb30 [ 1558.794561][T24030] ? ksys_write+0x1cb/0x250 [ 1558.794578][T24030] do_futex+0x3bd/0x420 [ 1558.794595][T24030] ? __pfx_vfs_write+0x10/0x10 [ 1558.794611][T24030] ? __pfx_do_futex+0x10/0x10 [ 1558.794634][T24030] __se_sys_futex_time32+0x360/0x3e0 [ 1558.794654][T24030] ? fput+0xa0/0xd0 [ 1558.794676][T24030] ? __pfx___se_sys_futex_time32+0x10/0x10 [ 1558.794695][T24030] ? __pfx_ksys_write+0x10/0x10 [ 1558.794712][T24030] ? __ia32_sys_futex_time32+0x21/0xf0 [ 1558.794734][T24030] __do_fast_syscall_32+0x1f7/0x570 [ 1558.794749][T24030] ? rcu_is_watching+0x15/0xb0 [ 1558.794767][T24030] ? do_fast_syscall_32+0x34/0x80 [ 1558.794785][T24030] do_fast_syscall_32+0x34/0x80 [ 1558.794800][T24030] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1558.794819][T24030] RIP: 0023:0xf702d539 [ 1558.794833][T24030] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1558.794846][T24030] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 00000000000000f0 [ 1558.794863][T24030] RAX: ffffffffffffffda RBX: 000000008000cffc RCX: 0000000000000005 [ 1558.794874][T24030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080000000 [ 1558.794884][T24030] RBP: 0000000034fffffd R08: 0000000000000000 R09: 0000000000000000 [ 1558.794893][T24030] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1558.794903][T24030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1558.794925][T24030] [ 1559.210014][ T6270] usb 2-1: USB disconnect, device number 5 [ 1559.330628][T18128] udevd[18128]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.213/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1559.496794][T24047] syz.2.4764 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1559.733723][T24045] input: syz1 as /devices/virtual/input/input357 [ 1560.396481][T24066] FAULT_INJECTION: forcing a failure. [ 1560.396481][T24066] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.444618][T24066] CPU: 0 UID: 0 PID: 24066 Comm: syz.5.4771 Tainted: G L syzkaller #0 PREEMPT(full) [ 1560.444656][T24066] Tainted: [L]=SOFTLOCKUP [ 1560.444666][T24066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1560.444681][T24066] Call Trace: [ 1560.444691][T24066] [ 1560.444702][T24066] dump_stack_lvl+0x189/0x250 [ 1560.444741][T24066] ? __pfx____ratelimit+0x10/0x10 [ 1560.444773][T24066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1560.444801][T24066] ? __pfx__printk+0x10/0x10 [ 1560.444839][T24066] ? __pfx___might_resched+0x10/0x10 [ 1560.444870][T24066] should_fail_ex+0x414/0x560 [ 1560.444906][T24066] should_failslab+0xa8/0x100 [ 1560.444936][T24066] __kmalloc_cache_noprof+0x84/0x700 [ 1560.444961][T24066] ? alloc_pipe_info+0xe9/0x4d0 [ 1560.444990][T24066] alloc_pipe_info+0xe9/0x4d0 [ 1560.445017][T24066] splice_direct_to_actor+0xa5d/0xcc0 [ 1560.445061][T24066] ? rcu_read_lock_any_held+0xb3/0x120 [ 1560.445090][T24066] ? __pfx_aa_file_perm+0x10/0x10 [ 1560.445119][T24066] ? __pfx_direct_splice_actor+0x10/0x10 [ 1560.445148][T24066] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1560.445189][T24066] do_splice_direct+0x181/0x270 [ 1560.445221][T24066] ? __pfx_do_splice_direct+0x10/0x10 [ 1560.445251][T24066] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1560.445290][T24066] ? rw_verify_area+0x255/0x4d0 [ 1560.445316][T24066] do_sendfile+0x4da/0x7e0 [ 1560.445361][T24066] ? __pfx_do_sendfile+0x10/0x10 [ 1560.445390][T24066] ? __pfx_ksys_write+0x10/0x10 [ 1560.445415][T24066] ? __ia32_compat_sys_sendfile+0x180/0x1d0 [ 1560.445442][T24066] ? __do_fast_syscall_32+0xbe/0x570 [ 1560.445468][T24066] __do_fast_syscall_32+0x1f7/0x570 [ 1560.445490][T24066] ? rcu_is_watching+0x15/0xb0 [ 1560.445516][T24066] ? do_fast_syscall_32+0x34/0x80 [ 1560.445543][T24066] do_fast_syscall_32+0x34/0x80 [ 1560.445565][T24066] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1560.445591][T24066] RIP: 0023:0xf70fd539 [ 1560.445611][T24066] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1560.445631][T24066] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 00000000000000bb [ 1560.445654][T24066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000004 [ 1560.445670][T24066] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000000 [ 1560.445683][T24066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1560.445695][T24066] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1560.445707][T24066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1560.445737][T24066] [ 1561.299661][ T5833] Bluetooth: hci0: adv larger than maximum supported [ 1561.376552][T24079] FAULT_INJECTION: forcing a failure. [ 1561.376552][T24079] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.404278][T24079] CPU: 1 UID: 0 PID: 24079 Comm: syz.1.4778 Tainted: G L syzkaller #0 PREEMPT(full) [ 1561.404315][T24079] Tainted: [L]=SOFTLOCKUP [ 1561.404325][T24079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1561.404339][T24079] Call Trace: [ 1561.404348][T24079] [ 1561.404357][T24079] dump_stack_lvl+0x189/0x250 [ 1561.404385][T24079] ? __pfx____ratelimit+0x10/0x10 [ 1561.404411][T24079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1561.404433][T24079] ? __pfx__printk+0x10/0x10 [ 1561.404465][T24079] ? __pfx___might_resched+0x10/0x10 [ 1561.404483][T24079] ? fs_reclaim_acquire+0x7d/0x100 [ 1561.404511][T24079] should_fail_ex+0x414/0x560 [ 1561.404541][T24079] should_failslab+0xa8/0x100 [ 1561.404565][T24079] kmem_cache_alloc_noprof+0x88/0x710 [ 1561.404594][T24079] ? security_file_alloc+0x34/0x330 [ 1561.404624][T24079] security_file_alloc+0x34/0x330 [ 1561.404651][T24079] init_file+0x93/0x2f0 [ 1561.404677][T24079] alloc_empty_file+0x6e/0x1d0 [ 1561.404702][T24079] path_openat+0x108/0x3dd0 [ 1561.404727][T24079] ? stack_trace_save+0x9c/0xe0 [ 1561.404755][T24079] ? __pfx_stack_trace_save+0x10/0x10 [ 1561.404784][T24079] ? stack_depot_save_flags+0x40/0x850 [ 1561.404815][T24079] ? kasan_save_track+0x4f/0x80 [ 1561.404832][T24079] ? kasan_save_track+0x3e/0x80 [ 1561.404848][T24079] ? __kasan_slab_alloc+0x6c/0x80 [ 1561.404866][T24079] ? kmem_cache_alloc_noprof+0x37d/0x710 [ 1561.404892][T24079] ? getname_flags+0xb8/0x540 [ 1561.404912][T24079] ? do_sys_openat2+0xbc/0x200 [ 1561.404938][T24079] ? __pfx_path_openat+0x10/0x10 [ 1561.404957][T24079] ? __lock_acquire+0x6b6/0x2cf0 [ 1561.404987][T24079] do_filp_open+0x1fa/0x410 [ 1561.405006][T24079] ? __pfx_do_filp_open+0x10/0x10 [ 1561.405040][T24079] ? _raw_spin_unlock+0x28/0x50 [ 1561.405063][T24079] ? alloc_fd+0x64c/0x6c0 [ 1561.405094][T24079] do_sys_openat2+0x121/0x200 [ 1561.405121][T24079] ? __pfx_do_sys_openat2+0x10/0x10 [ 1561.405156][T24079] __se_sys_openat2+0x226/0x2c0 [ 1561.405189][T24079] ? __pfx___se_sys_openat2+0x10/0x10 [ 1561.405221][T24079] ? __do_fast_syscall_32+0xbe/0x570 [ 1561.405243][T24079] __do_fast_syscall_32+0x1f7/0x570 [ 1561.405264][T24079] ? rcu_is_watching+0x15/0xb0 [ 1561.405287][T24079] ? do_fast_syscall_32+0x34/0x80 [ 1561.405308][T24079] do_fast_syscall_32+0x34/0x80 [ 1561.405326][T24079] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1561.405347][T24079] RIP: 0023:0xf7f06539 [ 1561.405364][T24079] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1561.405380][T24079] RSP: 002b:00000000f53f655c EFLAGS: 00000206 ORIG_RAX: 00000000000001b5 [ 1561.405400][T24079] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 1561.405413][T24079] RDX: 0000000080000380 RSI: 0000000000000018 RDI: 0000000000000000 [ 1561.405435][T24079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1561.405446][T24079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1561.405457][T24079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1561.405482][T24079] [ 1562.013717][T24099] random: crng reseeded on system resumption [ 1562.129466][ T5973] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1562.274752][ T5973] usb 6-1: device descriptor read/64, error -71 [ 1562.519976][ T5973] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1562.564071][T24109] netlink: 'syz.3.4788': attribute type 10 has an invalid length. [ 1562.579999][T24109] netlink: 55 bytes leftover after parsing attributes in process `syz.3.4788'. [ 1562.667426][T24113] FAULT_INJECTION: forcing a failure. [ 1562.667426][T24113] name failslab, interval 1, probability 0, space 0, times 0 [ 1562.685274][T24113] CPU: 0 UID: 0 PID: 24113 Comm: syz.0.4790 Tainted: G L syzkaller #0 PREEMPT(full) [ 1562.685300][T24113] Tainted: [L]=SOFTLOCKUP [ 1562.685306][T24113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1562.685316][T24113] Call Trace: [ 1562.685323][T24113] [ 1562.685331][T24113] dump_stack_lvl+0x189/0x250 [ 1562.685355][T24113] ? __pfx____ratelimit+0x10/0x10 [ 1562.685378][T24113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1562.685398][T24113] ? __pfx__printk+0x10/0x10 [ 1562.685421][T24113] ? queue_work_on+0x1ed/0x270 [ 1562.685442][T24113] ? rht_lock+0x114/0x220 [ 1562.685458][T24113] ? rht_lock+0xff/0x220 [ 1562.685476][T24113] should_fail_ex+0x414/0x560 [ 1562.685502][T24113] should_failslab+0xa8/0x100 [ 1562.685524][T24113] kmem_cache_alloc_noprof+0x88/0x710 [ 1562.685548][T24113] ? inet_frag_kill+0xf09/0x1160 [ 1562.685564][T24113] ? skb_clone+0x212/0x3a0 [ 1562.685585][T24113] skb_clone+0x212/0x3a0 [ 1562.685601][T24113] ? inet_frag_reasm_prepare+0x116/0xe60 [ 1562.685622][T24113] inet_frag_reasm_prepare+0x174/0xe60 [ 1562.685646][T24113] ? do_raw_spin_lock+0x121/0x290 [ 1562.685671][T24113] ip_frag_reasm+0xf9/0x7e0 [ 1562.685700][T24113] ip_defrag+0x1713/0x1f50 [ 1562.685720][T24113] ? ip_route_input_noref+0x98/0x250 [ 1562.685733][T24113] ? ip_route_input_noref+0x98/0x250 [ 1562.685760][T24113] ? ip_defrag+0xe4/0x1f50 [ 1562.685780][T24113] ? __pfx_ip_defrag+0x10/0x10 [ 1562.685804][T24113] ? ip_rcv_finish_core+0xce0/0x1c00 [ 1562.685832][T24113] ip_local_deliver+0xfb/0x1b0 [ 1562.685854][T24113] NF_HOOK+0x30c/0x3a0 [ 1562.685875][T24113] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1562.685894][T24113] ? NF_HOOK+0x9a/0x3a0 [ 1562.685913][T24113] ? __pfx_NF_HOOK+0x10/0x10 [ 1562.685930][T24113] ? ip_rcv_core+0x7f7/0xd00 [ 1562.685951][T24113] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1562.685977][T24113] ? __pfx_ip_rcv+0x10/0x10 [ 1562.685995][T24113] __netif_receive_skb+0x143/0x380 [ 1562.686024][T24113] ? netif_receive_skb+0x105/0x750 [ 1562.686044][T24113] netif_receive_skb+0x1bb/0x750 [ 1562.686078][T24113] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 1562.686096][T24113] ? __pfx_netif_receive_skb+0x10/0x10 [ 1562.686121][T24113] ? tun_rx_batched+0x160/0x730 [ 1562.686141][T24113] tun_rx_batched+0x1b9/0x730 [ 1562.686164][T24113] ? __pfx_tun_rx_batched+0x10/0x10 [ 1562.686183][T24113] ? tun_get_user+0x266d/0x3dc0 [ 1562.686206][T24113] ? tun_get_user+0x266d/0x3dc0 [ 1562.686222][T24113] tun_get_user+0x2aa3/0x3dc0 [ 1562.686241][T24113] ? tun_get_user+0x6fc/0x3dc0 [ 1562.686266][T24113] ? aa_file_perm+0x44c/0x1530 [ 1562.686285][T24113] ? __pfx_tun_get_user+0x10/0x10 [ 1562.686302][T24113] ? __lock_acquire+0x6b6/0x2cf0 [ 1562.686320][T24113] ? kstrtoull+0x12f/0x1d0 [ 1562.686346][T24113] ? ref_tracker_alloc+0x318/0x460 [ 1562.686371][T24113] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1562.686397][T24113] ? tun_get+0x1c/0x2f0 [ 1562.686416][T24113] ? tun_get+0x1c/0x2f0 [ 1562.686431][T24113] ? tun_get+0x1c/0x2f0 [ 1562.686450][T24113] tun_chr_write_iter+0x113/0x200 [ 1562.686468][T24113] vfs_write+0x5c9/0xb30 [ 1562.686487][T24113] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1562.686503][T24113] ? __pfx_vfs_write+0x10/0x10 [ 1562.686526][T24113] ? __fget_files+0x2a/0x420 [ 1562.686552][T24113] ksys_write+0x145/0x250 [ 1562.686566][T24113] ? exc_page_fault+0x82/0x100 [ 1562.686589][T24113] ? __pfx_ksys_write+0x10/0x10 [ 1562.686607][T24113] ? __do_fast_syscall_32+0xbe/0x570 [ 1562.686625][T24113] __do_fast_syscall_32+0x1f7/0x570 [ 1562.686640][T24113] ? rcu_is_watching+0x15/0xb0 [ 1562.686657][T24113] ? do_fast_syscall_32+0x34/0x80 [ 1562.686676][T24113] do_fast_syscall_32+0x34/0x80 [ 1562.686690][T24113] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1562.686710][T24113] RIP: 0023:0xf7f66539 [ 1562.686724][T24113] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1562.686738][T24113] RSP: 002b:00000000f5456520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1562.686755][T24113] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000540 [ 1562.686766][T24113] RDX: 000000000000002a RSI: 00000000f73f6ff4 RDI: 0000000000000000 [ 1562.686775][T24113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1562.686784][T24113] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1562.686794][T24113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1562.686817][T24113] [ 1562.687268][ T5973] usb 6-1: device descriptor read/64, error -71 [ 1562.831794][T22250] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 1562.949530][ T5973] usb usb6-port1: attempt power cycle [ 1563.160092][T22250] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1563.182041][T22250] usb 3-1: not running at top speed; connect to a high speed hub [ 1563.191789][T22250] usb 3-1: config 12 interface 0 altsetting 4 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1563.205428][T22250] usb 3-1: config 12 interface 0 has no altsetting 0 [ 1563.218520][T22250] usb 3-1: New USB device found, idVendor=eb1a, idProduct=5051, bcdDevice=d0.01 [ 1563.228186][T22250] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1563.237720][T22250] usb 3-1: Product: syz [ 1563.243160][T22250] usb 3-1: Manufacturer: syz [ 1563.248058][T22250] usb 3-1: SerialNumber: syz [ 1563.500406][T19647] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1563.543713][T24110] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 1563.549469][ T5973] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1563.558378][ T5907] IPVS: starting estimator thread 0... [ 1563.585983][T22250] usb 3-1: USB disconnect, device number 9 [ 1563.601150][ T5973] usb 6-1: device descriptor read/8, error -71 [ 1563.651676][T24128] IPVS: using max 28 ests per chain, 67200 per kthread [ 1563.661184][T19647] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1563.670917][T19647] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1563.683747][T19647] usb 2-1: config 0 descriptor?? [ 1563.702695][T19647] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1563.709082][T22252] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 1563.728446][T24132] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 1563.735027][T24132] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1563.744559][T24132] vhci_hcd vhci_hcd.0: Device attached [ 1563.850397][ T5973] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1563.869622][ T5973] usb 6-1: device descriptor read/8, error -71 [ 1563.872019][T22252] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1563.886263][T22252] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1563.895866][T22252] usb 4-1: config 1 has no interface number 0 [ 1563.902178][T22252] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1563.913343][T22252] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1563.924775][T22252] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1563.936836][T22252] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1563.946978][T22252] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1563.955227][T22252] usb 4-1: Product: syz [ 1563.959925][T22252] usb 4-1: Manufacturer: syz [ 1563.964591][T22252] usb 4-1: SerialNumber: syz [ 1563.974553][T24124] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1563.981971][ T6270] usb 33-1: new high-speed USB device number 9 using vhci_hcd [ 1563.992377][ T5973] usb usb6-port1: unable to enumerate USB device [ 1563.998911][T22250] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 1564.121090][T19647] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 1564.162787][T22250] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1564.176463][T22250] usb 1-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1564.190990][T22250] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1564.205517][T22250] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1564.356298][T22252] cdc_ncm 4-1:1.1: bind() failure [ 1564.407497][T22252] usb 4-1: USB disconnect, device number 11 [ 1564.478858][T22254] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1564.546683][T24133] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 8 [ 1564.582325][ T50] vhci_hcd vhci_hcd.0: stop threads [ 1564.614340][ T50] vhci_hcd vhci_hcd.0: release socket [ 1564.637661][ T50] vhci_hcd vhci_hcd.0: disconnect device [ 1564.653624][T22254] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1564.678889][T22254] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1564.706502][T22254] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1564.732422][T22254] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1564.737397][T19647] gspca_cpia1: usb_control_msg 05, error -71 [ 1564.792466][T19647] cpia1 2-1:0.0: unexpected systemstate: 00 [ 1564.804852][T22254] usb 3-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1564.818862][T22254] usb 3-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1564.840124][T22254] usb 3-1: Manufacturer: syz [ 1564.901322][T19647] usb 2-1: USB disconnect, device number 6 [ 1564.903854][T22254] usb 3-1: config 0 descriptor?? [ 1564.930780][T22250] usb 1-1: string descriptor 0 read error: -71 [ 1564.943010][T22254] smsusb:smsusb_probe: board id=9, interface number 0 [ 1564.967342][T22250] usb 1-1: USB disconnect, device number 11 [ 1564.986406][T22254] smsusb:smsusb_probe: Device initialized with return code -19 [ 1565.159525][T24136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1565.179960][T24136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1565.769135][ T5973] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1565.884199][ T6383] usb 3-1: USB disconnect, device number 10 [ 1565.949259][T19647] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1565.957968][ T5973] usb 2-1: Using ep0 maxpacket: 16 [ 1565.975184][ T5973] usb 2-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=98.5e [ 1565.995342][ T5973] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1566.008331][ T5973] usb 2-1: Product: syz [ 1566.013517][ T5973] usb 2-1: Manufacturer: syz [ 1566.018130][ T5973] usb 2-1: SerialNumber: syz [ 1566.049897][ T5973] usb 2-1: config 0 descriptor?? [ 1566.128926][T19647] usb 6-1: Using ep0 maxpacket: 16 [ 1566.138971][T19647] usb 6-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=98.5e [ 1566.149583][T19647] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1566.157741][T19647] usb 6-1: Product: syz [ 1566.162514][T19647] usb 6-1: Manufacturer: syz [ 1566.167156][T19647] usb 6-1: SerialNumber: syz [ 1566.175118][T19647] usb 6-1: config 0 descriptor?? [ 1566.269306][T22254] usb 2-1: USB disconnect, device number 7 [ 1566.388963][T19647] usb 6-1: USB disconnect, device number 15 [ 1566.808880][T22254] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1566.949029][ T6383] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1566.958982][T22254] usb 3-1: Using ep0 maxpacket: 16 [ 1566.980774][T22254] usb 3-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=98.5e [ 1567.007757][T24164] FAULT_INJECTION: forcing a failure. [ 1567.007757][T24164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1567.007768][T22254] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1567.007796][T22254] usb 3-1: Product: syz [ 1567.055909][T22254] usb 3-1: Manufacturer: syz [ 1567.066610][T22254] usb 3-1: SerialNumber: syz [ 1567.073045][T24164] CPU: 0 UID: 0 PID: 24164 Comm: syz.1.4807 Tainted: G L syzkaller #0 PREEMPT(full) [ 1567.073078][T24164] Tainted: [L]=SOFTLOCKUP [ 1567.073087][T24164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1567.073101][T24164] Call Trace: [ 1567.073110][T24164] [ 1567.073120][T24164] dump_stack_lvl+0x189/0x250 [ 1567.073152][T24164] ? __pfx____ratelimit+0x10/0x10 [ 1567.073183][T24164] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1567.073211][T24164] ? __pfx__printk+0x10/0x10 [ 1567.073243][T24164] ? __might_fault+0xb0/0x130 [ 1567.073288][T24164] should_fail_ex+0x414/0x560 [ 1567.073324][T24164] _copy_from_user+0x2d/0xb0 [ 1567.073348][T24164] get_compat_msghdr+0xad/0x4a0 [ 1567.073374][T24164] ? finish_task_switch+0x23d/0x940 [ 1567.073408][T24164] ? lockdep_hardirqs_on+0x98/0x140 [ 1567.073464][T24164] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1567.073492][T24164] ? rcu_is_watching+0x15/0xb0 [ 1567.073529][T24164] ___sys_sendmsg+0x193/0x2a0 [ 1567.073556][T24164] ? __pfx____sys_sendmsg+0x10/0x10 [ 1567.073622][T24164] ? __fget_files+0x2a/0x420 [ 1567.073650][T24164] ? __fget_files+0x3a0/0x420 [ 1567.073690][T24164] __sys_sendmsg+0x164/0x220 [ 1567.073714][T24164] ? lockdep_hardirqs_on+0x98/0x140 [ 1567.073746][T24164] ? __pfx___sys_sendmsg+0x10/0x10 [ 1567.073767][T24164] ? irqentry_exit+0x5dd/0x660 [ 1567.073822][T24164] __do_fast_syscall_32+0x1f7/0x570 [ 1567.073845][T24164] ? rcu_is_watching+0x15/0xb0 [ 1567.073870][T24164] ? do_fast_syscall_32+0x34/0x80 [ 1567.073898][T24164] do_fast_syscall_32+0x34/0x80 [ 1567.073919][T24164] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1567.073946][T24164] RIP: 0023:0xf7f06539 [ 1567.073965][T24164] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1567.073985][T24164] RSP: 002b:00000000f53f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1567.074009][T24164] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 1567.074025][T24164] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1567.074037][T24164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1567.074051][T24164] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1567.074064][T24164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1567.074097][T24164] [ 1567.083341][T22254] usb 3-1: config 0 descriptor?? [ 1567.343230][ T6383] usb 1-1: Using ep0 maxpacket: 16 [ 1567.728672][ T6383] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1567.738801][ T6383] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1567.746912][ T6383] usb 1-1: Product: syz [ 1567.752132][ T6383] usb 1-1: Manufacturer: syz [ 1567.761510][ T6383] usb 1-1: SerialNumber: syz [ 1567.797736][ T6383] usb 1-1: config 0 descriptor?? [ 1567.882601][ T5948] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1567.951966][T19647] usb 3-1: USB disconnect, device number 11 [ 1567.964295][T24181] FAULT_INJECTION: forcing a failure. [ 1567.964295][T24181] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1568.013714][T24181] CPU: 0 UID: 0 PID: 24181 Comm: syz.5.4812 Tainted: G L syzkaller #0 PREEMPT(full) [ 1568.013747][T24181] Tainted: [L]=SOFTLOCKUP [ 1568.013754][T24181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1568.013763][T24181] Call Trace: [ 1568.013770][T24181] [ 1568.013778][T24181] dump_stack_lvl+0x189/0x250 [ 1568.013801][T24181] ? __pfx____ratelimit+0x10/0x10 [ 1568.013824][T24181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1568.013842][T24181] ? __pfx__printk+0x10/0x10 [ 1568.013865][T24181] ? __might_fault+0xb0/0x130 [ 1568.013897][T24181] should_fail_ex+0x414/0x560 [ 1568.013925][T24181] _copy_from_user+0x2d/0xb0 [ 1568.013943][T24181] get_compat_msghdr+0xad/0x4a0 [ 1568.013966][T24181] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1568.013985][T24181] ? kstrtouint+0x6e/0xe0 [ 1568.014010][T24181] ___sys_sendmsg+0x193/0x2a0 [ 1568.014029][T24181] ? __pfx____sys_sendmsg+0x10/0x10 [ 1568.014050][T24181] ? rcu_read_lock_any_held+0xb3/0x120 [ 1568.014090][T24181] ? __fget_files+0x2a/0x420 [ 1568.014109][T24181] ? __fget_files+0x3a0/0x420 [ 1568.014136][T24181] __sys_sendmsg+0x164/0x220 [ 1568.014153][T24181] ? __pfx___sys_sendmsg+0x10/0x10 [ 1568.014175][T24181] ? __pfx_ksys_write+0x10/0x10 [ 1568.014193][T24181] ? __do_fast_syscall_32+0xbe/0x570 [ 1568.014211][T24181] __do_fast_syscall_32+0x1f7/0x570 [ 1568.014226][T24181] ? rcu_is_watching+0x15/0xb0 [ 1568.014244][T24181] ? do_fast_syscall_32+0x34/0x80 [ 1568.014262][T24181] do_fast_syscall_32+0x34/0x80 [ 1568.014276][T24181] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1568.014296][T24181] RIP: 0023:0xf70fd539 [ 1568.014311][T24181] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1568.014325][T24181] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1568.014341][T24181] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140 [ 1568.014353][T24181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1568.014362][T24181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1568.014371][T24181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1568.014381][T24181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1568.014403][T24181] [ 1568.272521][T24176] input: syz1 as /devices/virtual/input/input358 [ 1568.339821][ T5948] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 1568.348581][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.357622][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.368797][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.386173][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.397770][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.408798][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.416494][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.425861][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.436863][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.444611][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.453947][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.465068][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.549864][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.566541][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.613166][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.660738][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.718890][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.755450][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.781222][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.830836][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.842022][T24184] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 1568.848570][T24184] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1568.887315][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.900502][ T5948] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1568.916762][T24184] vhci_hcd vhci_hcd.0: Device attached [ 1568.920482][ T5948] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1568.945929][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1568.961592][ T5948] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1568.972131][ T5948] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1568.983687][ T5948] usb 2-1: Product: syz [ 1568.987955][ T5948] usb 2-1: Manufacturer: syz [ 1568.993371][ T5948] usb 2-1: SerialNumber: syz [ 1569.005375][ T5948] usb 2-1: config 0 descriptor?? [ 1569.031554][ T5948] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 1569.075677][ T6270] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1569.109186][ T6383] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 1569.149573][ T5973] usb 37-1: new high-speed USB device number 11 using vhci_hcd [ 1569.282513][ T6383] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1569.303203][ T5948] usb 2-1: USB disconnect, device number 8 [ 1569.318935][ T6383] usb 3-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1569.328303][ T6383] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1569.344732][ T6383] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1569.369955][ T5948] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 1569.573816][T24187] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 10 [ 1569.582034][ T6383] usb 3-1: string descriptor 0 read error: -71 [ 1569.603462][ T13] vhci_hcd vhci_hcd.2: stop threads [ 1569.618881][ T6383] usb 3-1: USB disconnect, device number 12 [ 1569.628471][ T13] vhci_hcd vhci_hcd.2: release socket [ 1569.636045][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 1570.020647][T24205] FAULT_INJECTION: forcing a failure. [ 1570.020647][T24205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1570.042013][T24205] CPU: 0 UID: 0 PID: 24205 Comm: syz.5.4819 Tainted: G L syzkaller #0 PREEMPT(full) [ 1570.042050][T24205] Tainted: [L]=SOFTLOCKUP [ 1570.042059][T24205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1570.042073][T24205] Call Trace: [ 1570.042083][T24205] [ 1570.042093][T24205] dump_stack_lvl+0x189/0x250 [ 1570.042128][T24205] ? __pfx____ratelimit+0x10/0x10 [ 1570.042161][T24205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1570.042188][T24205] ? __pfx__printk+0x10/0x10 [ 1570.042237][T24205] should_fail_ex+0x414/0x560 [ 1570.042275][T24205] _copy_from_user+0x2d/0xb0 [ 1570.042301][T24205] memdup_sockptr_noprof+0x95/0x100 [ 1570.042330][T24205] do_ip_setsockopt+0x1fc2/0x2d00 [ 1570.042368][T24205] ? ksys_write+0x1cb/0x250 [ 1570.042391][T24205] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 1570.042426][T24205] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 1570.042460][T24205] ? aa_sk_perm+0x15f/0x920 [ 1570.042485][T24205] ? aa_sk_perm+0x7ee/0x920 [ 1570.042514][T24205] ? __pfx_aa_sk_perm+0x10/0x10 [ 1570.042540][T24205] ? aa_sock_opt_perm+0xff/0x1a0 [ 1570.042569][T24205] ip_setsockopt+0x66/0x110 [ 1570.042594][T24205] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1570.042630][T24205] do_sock_setsockopt+0x17c/0x1b0 [ 1570.042657][T24205] __ia32_sys_setsockopt+0x13f/0x1b0 [ 1570.042686][T24205] __do_fast_syscall_32+0x1f7/0x570 [ 1570.042709][T24205] ? rcu_is_watching+0x15/0xb0 [ 1570.042735][T24205] ? do_fast_syscall_32+0x34/0x80 [ 1570.042762][T24205] do_fast_syscall_32+0x34/0x80 [ 1570.042784][T24205] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1570.042811][T24205] RIP: 0023:0xf70fd539 [ 1570.042831][T24205] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1570.042850][T24205] RSP: 002b:00000000f54cc55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 1570.042874][T24205] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 1570.042889][T24205] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 000000000000001c [ 1570.042903][T24205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1570.042916][T24205] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1570.042930][T24205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1570.042963][T24205] [ 1570.993482][T24216] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4822'. [ 1571.093690][T24235] input: syz1 as /devices/virtual/input/input359 [ 1571.523682][T24240] input: syz1 as /devices/virtual/input/input360 [ 1572.864401][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1572.864420][ T30] audit: type=1326 audit(1765463247.115:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24218 comm="syz.5.4824" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fd539 code=0x0 [ 1572.888277][T24251] input: syz1 as /devices/virtual/input/input361 [ 1573.738572][T24259] input: syz1 as /devices/virtual/input/input362 [ 1574.019092][T24263] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 1574.025859][T24263] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1574.138254][T24263] vhci_hcd vhci_hcd.0: Device attached [ 1574.268974][ T5973] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 1574.294460][T24272] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4833'. [ 1574.328915][ T6270] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 1574.378904][ T6383] usb 39-1: new high-speed USB device number 9 using vhci_hcd [ 1574.480788][ T6270] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1574.480811][ T6270] usb 4-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1574.480839][ T6270] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1574.480857][ T6270] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1574.693256][T24264] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 7 [ 1574.701510][ T6270] usb 4-1: string descriptor 0 read error: -71 [ 1574.721675][ T6270] usb 4-1: USB disconnect, device number 12 [ 1574.740135][ T1986] vhci_hcd vhci_hcd.3: stop threads [ 1574.757564][ T1986] vhci_hcd vhci_hcd.3: release socket [ 1574.788045][ T1986] vhci_hcd vhci_hcd.3: disconnect device [ 1575.512832][T24280] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4837'. [ 1575.873136][T24303] IPVS: set_ctl: invalid protocol: 92 100.1.1.0:20003 [ 1575.882025][T24303] netlink: 'syz.1.4840': attribute type 9 has an invalid length. [ 1576.235853][ T5973] usb 1-1: USB disconnect, device number 12 [ 1577.417027][T24315] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4844'. [ 1577.818807][ T5973] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 1578.009929][ T5973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1578.041265][T24331] input: syz1 as /devices/virtual/input/input364 [ 1578.055682][ T5973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1578.068233][ T5973] usb 4-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00 [ 1578.089561][ T5973] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1578.145158][ T5973] usb 4-1: config 0 descriptor?? [ 1578.150936][T24317] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1578.540471][ T5822] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1578.570785][ T5973] glorious 0003:22D4:1503.003F: hidraw0: USB HID v0.00 Device [Glorious Model I] on usb-dummy_hcd.3-1/input0 [ 1578.769357][ T5822] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1578.769488][T22252] usb 4-1: USB disconnect, device number 13 [ 1578.821054][ T5822] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1578.865970][ T5822] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1578.909287][ T5822] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1578.949326][ T5822] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1578.978837][ T5822] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1579.008499][ T5822] usb 2-1: Manufacturer: syz [ 1579.054840][ T5822] usb 2-1: config 0 descriptor?? [ 1579.073500][ T5822] smsusb:smsusb_probe: board id=9, interface number 0 [ 1579.101052][ T5822] smsusb:smsusb_probe: Device initialized with return code -19 [ 1579.115642][T24342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4852'. [ 1579.306505][T24336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1579.329974][T24336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1579.469263][ T6383] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1579.613705][ T5973] usb 2-1: USB disconnect, device number 9 [ 1579.659172][ T5822] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1579.684324][T24355] netlink: 'syz.3.4854': attribute type 10 has an invalid length. [ 1579.821331][ T5822] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1579.833041][ T5822] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1579.843389][ T5822] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1579.853205][ T5822] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1579.874054][ T5822] usb 6-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1579.885052][ T5822] usb 6-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1579.893691][ T5822] usb 6-1: Manufacturer: syz [ 1579.902766][ T5822] usb 6-1: config 0 descriptor?? [ 1579.914341][ T5822] smsusb:smsusb_probe: board id=9, interface number 0 [ 1579.930446][ T5822] smsusb:smsusb_probe: Device initialized with return code -19 [ 1580.145897][T24358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1580.156148][T24358] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1580.556240][T24377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4857'. [ 1580.808439][ T6383] usb 6-1: USB disconnect, device number 16 [ 1581.114149][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4860'. [ 1581.124111][T24382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4860'. [ 1581.998833][ T6270] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1582.184578][ T6270] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1582.194437][ T6270] usb 4-1: config 0 has no interface number 0 [ 1582.207787][ T6270] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1582.220203][ T6270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1582.229091][ T6270] usb 4-1: Product: syz [ 1582.233506][ T6270] usb 4-1: Manufacturer: syz [ 1582.238298][ T6270] usb 4-1: SerialNumber: syz [ 1582.247342][ T6270] usb 4-1: config 0 descriptor?? [ 1582.455398][ T6270] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1582.466903][ T6270] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1582.479992][ T6270] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1582.488451][ T6270] usb 4-1: media controller created [ 1582.518352][ T6270] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1582.624639][T24403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4866'. [ 1583.531780][T24416] netlink: 'syz.5.4867': attribute type 10 has an invalid length. [ 1583.562233][T24416] netdevsim netdevsim5 netdevsim0: left allmulticast mode [ 1583.586206][T24416] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 1583.612219][T24416] bridge0: port 3(netdevsim0) entered disabled state [ 1583.736391][T24429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4870'. [ 1583.812625][ T6270] usb 4-1: USB disconnect, device number 14 [ 1583.995508][T24416] batman_adv: batadv0: Adding interface: netdevsim0 [ 1584.017499][T24416] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1584.181337][T24416] batman_adv: batadv0: Interface activated: netdevsim0 [ 1584.444590][T24434] netlink: 'syz.1.4872': attribute type 1 has an invalid length. [ 1584.611580][T24437] FAULT_INJECTION: forcing a failure. [ 1584.611580][T24437] name failslab, interval 1, probability 0, space 0, times 0 [ 1584.637489][T24437] CPU: 0 UID: 0 PID: 24437 Comm: syz.3.4873 Tainted: G L syzkaller #0 PREEMPT(full) [ 1584.637518][T24437] Tainted: [L]=SOFTLOCKUP [ 1584.637524][T24437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1584.637534][T24437] Call Trace: [ 1584.637540][T24437] [ 1584.637548][T24437] dump_stack_lvl+0x189/0x250 [ 1584.637573][T24437] ? __pfx____ratelimit+0x10/0x10 [ 1584.637595][T24437] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1584.637614][T24437] ? __pfx__printk+0x10/0x10 [ 1584.637638][T24437] ? __lock_acquire+0x6b6/0x2cf0 [ 1584.637660][T24437] should_fail_ex+0x414/0x560 [ 1584.637693][T24437] should_failslab+0xa8/0x100 [ 1584.637715][T24437] kmem_cache_alloc_noprof+0x88/0x710 [ 1584.637742][T24437] ? __netlink_lookup+0xbd/0x8a0 [ 1584.637768][T24437] ? skb_clone+0x212/0x3a0 [ 1584.637798][T24437] skb_clone+0x212/0x3a0 [ 1584.637819][T24437] __netlink_deliver_tap+0x404/0x850 [ 1584.637846][T24437] ? netlink_deliver_tap+0x2e/0x1b0 [ 1584.637864][T24437] netlink_deliver_tap+0x19c/0x1b0 [ 1584.637883][T24437] netlink_unicast+0x7fa/0x9e0 [ 1584.637904][T24437] ? __pfx_netlink_unicast+0x10/0x10 [ 1584.637923][T24437] ? netlink_sendmsg+0x642/0xb30 [ 1584.637939][T24437] ? skb_put+0x11b/0x210 [ 1584.637956][T24437] netlink_sendmsg+0x805/0xb30 [ 1584.637981][T24437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1584.638001][T24437] ? __import_iovec+0x5d4/0x7f0 [ 1584.638015][T24437] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1584.638035][T24437] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1584.638050][T24437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1584.638069][T24437] __sock_sendmsg+0x21c/0x270 [ 1584.638091][T24437] ____sys_sendmsg+0x505/0x820 [ 1584.638112][T24437] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1584.638132][T24437] ? kstrtouint+0x6e/0xe0 [ 1584.638159][T24437] ___sys_sendmsg+0x21f/0x2a0 [ 1584.638177][T24437] ? __pfx____sys_sendmsg+0x10/0x10 [ 1584.638198][T24437] ? rcu_read_lock_any_held+0xb3/0x120 [ 1584.638238][T24437] ? __fget_files+0x2a/0x420 [ 1584.638258][T24437] ? __fget_files+0x3a0/0x420 [ 1584.638285][T24437] __sys_sendmsg+0x164/0x220 [ 1584.638303][T24437] ? __pfx___sys_sendmsg+0x10/0x10 [ 1584.638326][T24437] ? __pfx_ksys_write+0x10/0x10 [ 1584.638345][T24437] ? __do_fast_syscall_32+0xbe/0x570 [ 1584.638363][T24437] __do_fast_syscall_32+0x1f7/0x570 [ 1584.638379][T24437] ? rcu_is_watching+0x15/0xb0 [ 1584.638397][T24437] ? do_fast_syscall_32+0x34/0x80 [ 1584.638416][T24437] do_fast_syscall_32+0x34/0x80 [ 1584.638432][T24437] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1584.638451][T24437] RIP: 0023:0xf702d539 [ 1584.638466][T24437] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1584.638480][T24437] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1584.638502][T24437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 1584.638514][T24437] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1584.638523][T24437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1584.638532][T24437] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1584.638542][T24437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1584.638564][T24437] [ 1585.124094][T24437] veth0_to_batadv: entered promiscuous mode [ 1586.295447][T24448] bridge0: port 4(batadv0) entered disabled state [ 1586.302939][T24448] bridge0: port 3(team0) entered disabled state [ 1586.309766][T24448] bridge0: port 2(bridge_slave_1) entered disabled state [ 1586.317194][T24448] bridge0: port 1(bridge_slave_0) entered disabled state [ 1586.479113][T24457] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1586.585774][T24448] wg1: left promiscuous mode [ 1586.594437][T24448] wg1: left allmulticast mode [ 1586.660233][T24457] usb 4-1: Using ep0 maxpacket: 16 [ 1586.672241][T24457] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 57681, setting to 1024 [ 1586.693904][T24457] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1586.705065][T24457] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1586.706353][T24448] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1586.713728][T24457] usb 4-1: Product: syz [ 1586.726933][T24457] usb 4-1: Manufacturer: syz [ 1586.732921][T24457] usb 4-1: SerialNumber: syz [ 1586.740901][T24457] usb 4-1: config 0 descriptor?? [ 1586.770030][T24457] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1586.781633][T24457] em28xx 4-1:0.0: DVB interface 0 found: isoc [ 1586.784836][T24448] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1586.884495][T24448] batman_adv: batadv0: Interface deactivated: netdevsim0 [ 1586.894651][T24471] FAULT_INJECTION: forcing a failure. [ 1586.894651][T24471] name failslab, interval 1, probability 0, space 0, times 0 [ 1586.911019][T24471] CPU: 1 UID: 0 PID: 24471 Comm: syz.1.4879 Tainted: G L syzkaller #0 PREEMPT(full) [ 1586.911056][T24471] Tainted: [L]=SOFTLOCKUP [ 1586.911066][T24471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1586.911080][T24471] Call Trace: [ 1586.911090][T24471] [ 1586.911100][T24471] dump_stack_lvl+0x189/0x250 [ 1586.911135][T24471] ? __pfx____ratelimit+0x10/0x10 [ 1586.911168][T24471] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1586.911196][T24471] ? __pfx__printk+0x10/0x10 [ 1586.911229][T24471] ? __lock_acquire+0x6b6/0x2cf0 [ 1586.911262][T24471] should_fail_ex+0x414/0x560 [ 1586.911299][T24471] should_failslab+0xa8/0x100 [ 1586.911329][T24471] kmem_cache_alloc_noprof+0x88/0x710 [ 1586.911362][T24471] ? __netlink_lookup+0xbd/0x8a0 [ 1586.911389][T24471] ? skb_clone+0x212/0x3a0 [ 1586.911418][T24471] skb_clone+0x212/0x3a0 [ 1586.911447][T24471] __netlink_deliver_tap+0x404/0x850 [ 1586.911486][T24471] ? netlink_deliver_tap+0x2e/0x1b0 [ 1586.911513][T24471] netlink_deliver_tap+0x19c/0x1b0 [ 1586.911538][T24471] netlink_unicast+0x7fa/0x9e0 [ 1586.911570][T24471] ? __pfx_netlink_unicast+0x10/0x10 [ 1586.911595][T24471] ? netlink_sendmsg+0x642/0xb30 [ 1586.911619][T24471] ? skb_put+0x11b/0x210 [ 1586.911644][T24471] netlink_sendmsg+0x805/0xb30 [ 1586.911679][T24471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1586.911708][T24471] ? __import_iovec+0x5d4/0x7f0 [ 1586.911729][T24471] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1586.911758][T24471] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1586.911778][T24471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1586.911813][T24471] __sock_sendmsg+0x21c/0x270 [ 1586.911845][T24471] ____sys_sendmsg+0x505/0x820 [ 1586.911876][T24471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1586.911905][T24471] ? kstrtouint+0x6e/0xe0 [ 1586.911943][T24471] ___sys_sendmsg+0x21f/0x2a0 [ 1586.911969][T24471] ? __pfx____sys_sendmsg+0x10/0x10 [ 1586.912000][T24471] ? rcu_read_lock_any_held+0xb3/0x120 [ 1586.912060][T24471] ? __fget_files+0x2a/0x420 [ 1586.912088][T24471] ? __fget_files+0x3a0/0x420 [ 1586.912128][T24471] __sys_sendmsg+0x164/0x220 [ 1586.912155][T24471] ? __pfx___sys_sendmsg+0x10/0x10 [ 1586.912189][T24471] ? __pfx_ksys_write+0x10/0x10 [ 1586.912216][T24471] ? __do_fast_syscall_32+0xbe/0x570 [ 1586.912243][T24471] __do_fast_syscall_32+0x1f7/0x570 [ 1586.912265][T24471] ? rcu_is_watching+0x15/0xb0 [ 1586.912291][T24471] ? do_fast_syscall_32+0x34/0x80 [ 1586.912319][T24471] do_fast_syscall_32+0x34/0x80 [ 1586.912340][T24471] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1586.912367][T24471] RIP: 0023:0xf7f06539 [ 1586.912387][T24471] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1586.912408][T24471] RSP: 002b:00000000f53d555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1586.912433][T24471] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800004c0 [ 1586.912449][T24471] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1586.912463][T24471] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1586.912476][T24471] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1586.912489][T24471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1586.912523][T24471] [ 1587.285925][T24448] ip6gre1: left allmulticast mode [ 1587.317337][T24448] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode [ 1587.328450][T24448] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode [ 1587.375877][T24448] gretap1: left promiscuous mode [ 1587.404471][T24448] vxlan0: left promiscuous mode [ 1587.528735][ T50] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1587.548610][ T50] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1587.619172][T24476] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4880'. [ 1587.619254][T24471] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1587.662251][T24471] bond1: (slave lo): Enslaving as a backup interface with an up link [ 1587.692330][T24471] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1587.693158][ T50] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1587.693196][ T50] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1587.697632][ T50] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1587.697669][ T50] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1587.697720][ T50] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1587.697775][ T50] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1587.759059][T24482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4881'. [ 1587.779722][T24457] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 1587.843773][T24457] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1587.843829][T24457] em28xx 4-1:0.0: board has no eeprom [ 1587.934967][T24457] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1587.935000][T24457] em28xx 4-1:0.0: dvb set to isoc mode. [ 1587.935057][T24465] em28xx 4-1:0.0: Binding DVB extension [ 1587.972417][T24457] usb 4-1: USB disconnect, device number 15 [ 1587.973876][T24457] em28xx 4-1:0.0: Disconnecting em28xx [ 1588.024597][T24465] em28xx 4-1:0.0: Registering input extension [ 1588.024859][T24457] em28xx 4-1:0.0: Closing input extension [ 1588.042021][T24457] em28xx 4-1:0.0: Freeing device [ 1588.669989][T24490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1588.682156][T24490] 8021q: adding VLAN 0 to HW filter on device team0 [ 1588.732328][T24490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1588.742055][T24503] FAULT_INJECTION: forcing a failure. [ 1588.742055][T24503] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.775680][T24503] CPU: 1 UID: 0 PID: 24503 Comm: syz.3.4886 Tainted: G L syzkaller #0 PREEMPT(full) [ 1588.775714][T24503] Tainted: [L]=SOFTLOCKUP [ 1588.775722][T24503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1588.775735][T24503] Call Trace: [ 1588.775744][T24503] [ 1588.775754][T24503] dump_stack_lvl+0x189/0x250 [ 1588.775786][T24503] ? __pfx____ratelimit+0x10/0x10 [ 1588.775817][T24503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1588.775843][T24503] ? __pfx__printk+0x10/0x10 [ 1588.775881][T24503] ? __pfx___might_resched+0x10/0x10 [ 1588.775904][T24503] ? fs_reclaim_acquire+0x7d/0x100 [ 1588.775934][T24503] should_fail_ex+0x414/0x560 [ 1588.775969][T24503] should_failslab+0xa8/0x100 [ 1588.775999][T24503] kmem_cache_alloc_noprof+0x88/0x710 [ 1588.776034][T24503] ? security_file_alloc+0x34/0x330 [ 1588.776071][T24503] security_file_alloc+0x34/0x330 [ 1588.776105][T24503] init_file+0x93/0x2f0 [ 1588.776138][T24503] alloc_empty_file+0x6e/0x1d0 [ 1588.776168][T24503] path_openat+0x108/0x3dd0 [ 1588.776200][T24503] ? stack_trace_save+0x9c/0xe0 [ 1588.776234][T24503] ? __pfx_stack_trace_save+0x10/0x10 [ 1588.776269][T24503] ? stack_depot_save_flags+0x40/0x850 [ 1588.776307][T24503] ? kasan_save_track+0x4f/0x80 [ 1588.776327][T24503] ? kasan_save_track+0x3e/0x80 [ 1588.776347][T24503] ? __kasan_slab_alloc+0x6c/0x80 [ 1588.776368][T24503] ? kmem_cache_alloc_noprof+0x37d/0x710 [ 1588.776399][T24503] ? getname_flags+0xb8/0x540 [ 1588.776422][T24503] ? do_sys_openat2+0xbc/0x200 [ 1588.776451][T24503] ? __pfx_path_openat+0x10/0x10 [ 1588.776474][T24503] ? __lock_acquire+0x6b6/0x2cf0 [ 1588.776508][T24503] do_filp_open+0x1fa/0x410 [ 1588.776532][T24503] ? __pfx_do_filp_open+0x10/0x10 [ 1588.776588][T24503] ? _raw_spin_unlock+0x28/0x50 [ 1588.776616][T24503] ? alloc_fd+0x64c/0x6c0 [ 1588.776655][T24503] do_sys_openat2+0x121/0x200 [ 1588.776688][T24503] ? __pfx_do_sys_openat2+0x10/0x10 [ 1588.776723][T24503] ? ksys_write+0x22a/0x250 [ 1588.776742][T24503] ? exc_page_fault+0x82/0x100 [ 1588.776775][T24503] ? __pfx_ksys_write+0x10/0x10 [ 1588.776799][T24503] __ia32_compat_sys_openat+0x131/0x160 [ 1588.776837][T24503] __do_fast_syscall_32+0x1f7/0x570 [ 1588.776860][T24503] ? rcu_is_watching+0x15/0xb0 [ 1588.776885][T24503] ? do_fast_syscall_32+0x34/0x80 [ 1588.776910][T24503] do_fast_syscall_32+0x34/0x80 [ 1588.776930][T24503] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1588.776956][T24503] RIP: 0023:0xf702d539 [ 1588.776973][T24503] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1588.776990][T24503] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 1588.777013][T24503] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040 [ 1588.777030][T24503] RDX: 0000000000000042 RSI: 0000000000000000 RDI: 0000000000000000 [ 1588.777043][T24503] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1588.777056][T24503] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1588.777069][T24503] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1588.777100][T24503] [ 1589.404711][T24507] FAULT_INJECTION: forcing a failure. [ 1589.404711][T24507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1589.422558][T24507] CPU: 0 UID: 0 PID: 24507 Comm: syz.2.4889 Tainted: G L syzkaller #0 PREEMPT(full) [ 1589.422584][T24507] Tainted: [L]=SOFTLOCKUP [ 1589.422590][T24507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1589.422600][T24507] Call Trace: [ 1589.422607][T24507] [ 1589.422614][T24507] dump_stack_lvl+0x189/0x250 [ 1589.422637][T24507] ? __pfx____ratelimit+0x10/0x10 [ 1589.422659][T24507] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1589.422677][T24507] ? __pfx__printk+0x10/0x10 [ 1589.422700][T24507] ? __might_fault+0xb0/0x130 [ 1589.422731][T24507] should_fail_ex+0x414/0x560 [ 1589.422756][T24507] _copy_from_iter+0x1cd/0x1630 [ 1589.422783][T24507] ? __build_skb_around+0x22d/0x3c0 [ 1589.422811][T24507] ? __pfx__copy_from_iter+0x10/0x10 [ 1589.422832][T24507] ? __alloc_skb+0x2f1/0x430 [ 1589.422856][T24507] ? __pfx___alloc_skb+0x10/0x10 [ 1589.422881][T24507] ? netlink_sendmsg+0x642/0xb30 [ 1589.422897][T24507] ? skb_put+0x11b/0x210 [ 1589.422914][T24507] netlink_sendmsg+0x6b2/0xb30 [ 1589.422938][T24507] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1589.422967][T24507] ? __import_iovec+0x5d4/0x7f0 [ 1589.422981][T24507] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1589.423000][T24507] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1589.423016][T24507] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1589.423034][T24507] __sock_sendmsg+0x21c/0x270 [ 1589.423057][T24507] ____sys_sendmsg+0x505/0x820 [ 1589.423078][T24507] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1589.423097][T24507] ? kstrtouint+0x6e/0xe0 [ 1589.423123][T24507] ___sys_sendmsg+0x21f/0x2a0 [ 1589.423141][T24507] ? __pfx____sys_sendmsg+0x10/0x10 [ 1589.423162][T24507] ? rcu_read_lock_any_held+0xb3/0x120 [ 1589.423256][T24507] ? __fget_files+0x2a/0x420 [ 1589.423276][T24507] ? __fget_files+0x3a0/0x420 [ 1589.423304][T24507] __sys_sendmsg+0x164/0x220 [ 1589.423321][T24507] ? __pfx___sys_sendmsg+0x10/0x10 [ 1589.423344][T24507] ? __pfx_ksys_write+0x10/0x10 [ 1589.423363][T24507] ? __do_fast_syscall_32+0xbe/0x570 [ 1589.423381][T24507] __do_fast_syscall_32+0x1f7/0x570 [ 1589.423396][T24507] ? rcu_is_watching+0x15/0xb0 [ 1589.423415][T24507] ? do_fast_syscall_32+0x34/0x80 [ 1589.423433][T24507] do_fast_syscall_32+0x34/0x80 [ 1589.423448][T24507] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1589.423467][T24507] RIP: 0023:0xf702d539 [ 1589.423481][T24507] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1589.423495][T24507] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1589.423511][T24507] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 1589.423523][T24507] RDX: 0000000000008014 RSI: 0000000000000000 RDI: 0000000000000000 [ 1589.423533][T24507] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1589.423542][T24507] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1589.423551][T24507] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1589.423573][T24507] [ 1589.726008][T24501] netlink: 'syz.5.4888': attribute type 10 has an invalid length. [ 1589.739523][ T30] audit: type=1326 audit(1765463263.995:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24508 comm="syz.3.4890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x7ffc0000 [ 1589.781213][ T30] audit: type=1326 audit(1765463264.035:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24508 comm="syz.3.4890" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x7ffc0000 [ 1589.979152][T24514] fuse: Invalid gid '00000000000000000005' [ 1590.239258][T24527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4894'. [ 1590.863411][T24531] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4896'. [ 1591.260978][T24544] netlink: 'syz.1.4898': attribute type 10 has an invalid length. [ 1591.285860][T24544] bridge0: port 2(bridge_slave_1) entered disabled state [ 1591.293326][T24544] bridge0: port 1(bridge_slave_0) entered disabled state [ 1591.539464][T24546] FAULT_INJECTION: forcing a failure. [ 1591.539464][T24546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1591.588780][T24546] CPU: 0 UID: 0 PID: 24546 Comm: syz.1.4899 Tainted: G L syzkaller #0 PREEMPT(full) [ 1591.588815][T24546] Tainted: [L]=SOFTLOCKUP [ 1591.588823][T24546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1591.588837][T24546] Call Trace: [ 1591.588847][T24546] [ 1591.588857][T24546] dump_stack_lvl+0x189/0x250 [ 1591.588889][T24546] ? __pfx____ratelimit+0x10/0x10 [ 1591.588920][T24546] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1591.588946][T24546] ? __pfx__printk+0x10/0x10 [ 1591.588983][T24546] ? __might_fault+0xb0/0x130 [ 1591.589026][T24546] should_fail_ex+0x414/0x560 [ 1591.589060][T24546] _copy_from_iter+0x1cd/0x1630 [ 1591.589099][T24546] ? __build_skb_around+0x22d/0x3c0 [ 1591.589139][T24546] ? __pfx__copy_from_iter+0x10/0x10 [ 1591.589169][T24546] ? __alloc_skb+0x2f1/0x430 [ 1591.589205][T24546] ? __pfx___alloc_skb+0x10/0x10 [ 1591.589240][T24546] ? netlink_sendmsg+0x642/0xb30 [ 1591.589264][T24546] ? skb_put+0x11b/0x210 [ 1591.589295][T24546] netlink_sendmsg+0x6b2/0xb30 [ 1591.589331][T24546] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1591.589360][T24546] ? __import_iovec+0x5d4/0x7f0 [ 1591.589380][T24546] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1591.589408][T24546] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1591.589430][T24546] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1591.589456][T24546] __sock_sendmsg+0x21c/0x270 [ 1591.589489][T24546] ____sys_sendmsg+0x505/0x820 [ 1591.589518][T24546] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1591.589547][T24546] ? kstrtouint+0x6e/0xe0 [ 1591.589584][T24546] ___sys_sendmsg+0x21f/0x2a0 [ 1591.589610][T24546] ? __pfx____sys_sendmsg+0x10/0x10 [ 1591.589641][T24546] ? rcu_read_lock_any_held+0xb3/0x120 [ 1591.589698][T24546] ? __fget_files+0x2a/0x420 [ 1591.589725][T24546] ? __fget_files+0x3a0/0x420 [ 1591.589765][T24546] __sys_sendmsg+0x164/0x220 [ 1591.589791][T24546] ? __pfx___sys_sendmsg+0x10/0x10 [ 1591.589823][T24546] ? __pfx_ksys_write+0x10/0x10 [ 1591.589850][T24546] ? __do_fast_syscall_32+0xbe/0x570 [ 1591.589876][T24546] __do_fast_syscall_32+0x1f7/0x570 [ 1591.589898][T24546] ? rcu_is_watching+0x15/0xb0 [ 1591.589924][T24546] ? do_fast_syscall_32+0x34/0x80 [ 1591.589951][T24546] do_fast_syscall_32+0x34/0x80 [ 1591.589972][T24546] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1591.589999][T24546] RIP: 0023:0xf7f06539 [ 1591.590018][T24546] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1591.590038][T24546] RSP: 002b:00000000f53f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1591.590062][T24546] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500 [ 1591.590077][T24546] RDX: 0000000024000044 RSI: 0000000000000000 RDI: 0000000000000000 [ 1591.590091][T24546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1591.590104][T24546] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1591.590118][T24546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1591.590150][T24546] [ 1592.239891][T24552] sg_read: process 1357 (syz.2.4902) changed security contexts after opening file descriptor, this is not allowed. [ 1592.418313][T24562] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8) [ 1592.424904][T24562] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1592.449216][T24562] vhci_hcd vhci_hcd.0: Device attached [ 1592.670971][T24567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4907'. [ 1592.689013][ T6520] usb 43-1: new high-speed USB device number 3 using vhci_hcd [ 1592.708958][T22254] usb 6-1: new low-speed USB device number 17 using dummy_hcd [ 1592.891447][T22254] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1592.903020][T24559] netlink: 'syz.1.4906': attribute type 10 has an invalid length. [ 1592.914427][T24574] FAULT_INJECTION: forcing a failure. [ 1592.914427][T24574] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1592.940753][T22254] usb 6-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1592.955484][T24559] batman_adv: batadv0: Adding interface: netdevsim0 [ 1592.962877][T24559] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1592.977708][T22254] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1593.019217][T24574] CPU: 1 UID: 0 PID: 24574 Comm: syz.2.4909 Tainted: G L syzkaller #0 PREEMPT(full) [ 1593.019244][T24574] Tainted: [L]=SOFTLOCKUP [ 1593.019250][T24574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1593.019260][T24574] Call Trace: [ 1593.019267][T24574] [ 1593.019275][T24574] dump_stack_lvl+0x189/0x250 [ 1593.019298][T24574] ? __pfx____ratelimit+0x10/0x10 [ 1593.019320][T24574] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1593.019339][T24574] ? __pfx__printk+0x10/0x10 [ 1593.019370][T24574] should_fail_ex+0x414/0x560 [ 1593.019396][T24574] strncpy_from_user+0x36/0x2c0 [ 1593.019419][T24574] getname_flags+0xf3/0x540 [ 1593.019442][T24574] __ia32_sys_link+0x69/0x90 [ 1593.019461][T24574] __do_fast_syscall_32+0x1f7/0x570 [ 1593.019477][T24574] ? rcu_is_watching+0x15/0xb0 [ 1593.019495][T24574] ? do_fast_syscall_32+0x34/0x80 [ 1593.019514][T24574] do_fast_syscall_32+0x34/0x80 [ 1593.019528][T24574] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1593.019547][T24574] RIP: 0023:0xf702d539 [ 1593.019562][T24574] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1593.019577][T24574] RSP: 002b:00000000f53fc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1593.019594][T24574] RAX: ffffffffffffffda RBX: 0000000080000280 RCX: 0000000080000400 [ 1593.019605][T24574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1593.019615][T24574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1593.019624][T24574] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1593.019634][T24574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1593.019655][T24574] [ 1593.259116][T22254] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1593.334465][T24559] batman_adv: batadv0: Interface activated: netdevsim0 [ 1593.450671][T24580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4910'. [ 1593.474655][T24563] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 1593.483224][T22254] usb 6-1: string descriptor 0 read error: -71 [ 1593.489666][ T50] vhci_hcd vhci_hcd.5: stop threads [ 1593.496887][T22254] usb 6-1: USB disconnect, device number 17 [ 1593.502978][ T50] vhci_hcd vhci_hcd.5: release socket [ 1593.514278][ T50] vhci_hcd vhci_hcd.5: disconnect device [ 1593.843429][T24599] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4914'. [ 1594.138848][T22254] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1594.309881][T22254] usb 1-1: Using ep0 maxpacket: 16 [ 1594.327073][T24618] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4920'. [ 1594.371244][T22254] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1594.371285][T22254] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1594.371328][T22254] usb 1-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00 [ 1594.371357][T22254] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1594.375272][T22254] usb 1-1: config 0 descriptor?? [ 1594.498948][T18284] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1594.519222][ T5149] Bluetooth: hci3: command 0x0406 tx timeout [ 1594.648977][T18284] usb 2-1: Using ep0 maxpacket: 32 [ 1594.656481][T18284] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 1594.675889][T18284] usb 2-1: config 0 has no interface number 0 [ 1594.696207][T18284] usb 2-1: config 0 interface 12 has no altsetting 0 [ 1594.720629][T18284] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1594.744364][T18284] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1594.774381][T18284] usb 2-1: Product: syz [ 1594.778644][T18284] usb 2-1: Manufacturer: syz [ 1594.813945][T18284] usb 2-1: SerialNumber: syz [ 1594.837167][T18284] usb 2-1: config 0 descriptor?? [ 1595.710199][T22254] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5012.0040/input/input366 [ 1595.878852][T22254] input: HID 0458:5012 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5012.0040/input/input367 [ 1595.998488][T24632] netlink: 'syz.3.4924': attribute type 10 has an invalid length. [ 1596.014294][T22254] kye 0003:0458:5012.0040: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5012] on usb-dummy_hcd.0-1/input0 [ 1597.008998][T22254] usb 1-1: reset high-speed USB device number 13 using dummy_hcd [ 1597.016972][T18284] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 1597.032596][T18284] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 1597.041619][T18284] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1597.050137][T18284] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 1597.064627][T18284] usb 2-1: USB disconnect, device number 10 [ 1597.159326][T22254] usb 1-1: device descriptor read/64, error -32 [ 1597.159422][T24455] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 1597.235365][T24651] FAULT_INJECTION: forcing a failure. [ 1597.235365][T24651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1597.270143][T24651] CPU: 1 UID: 0 PID: 24651 Comm: syz.1.4929 Tainted: G L syzkaller #0 PREEMPT(full) [ 1597.270180][T24651] Tainted: [L]=SOFTLOCKUP [ 1597.270189][T24651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1597.270204][T24651] Call Trace: [ 1597.270213][T24651] [ 1597.270224][T24651] dump_stack_lvl+0x189/0x250 [ 1597.270261][T24651] ? __pfx____ratelimit+0x10/0x10 [ 1597.270293][T24651] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1597.270321][T24651] ? __pfx__printk+0x10/0x10 [ 1597.270354][T24651] ? __might_fault+0xb0/0x130 [ 1597.270398][T24651] should_fail_ex+0x414/0x560 [ 1597.270434][T24651] _copy_from_user+0x2d/0xb0 [ 1597.270459][T24651] get_compat_msghdr+0xad/0x4a0 [ 1597.270491][T24651] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1597.270518][T24651] ? rcu_is_watching+0x15/0xb0 [ 1597.270545][T24651] ? ___sys_recvmsg+0x1c4/0x510 [ 1597.270576][T24651] ___sys_recvmsg+0x17f/0x510 [ 1597.270605][T24651] ? __pfx____sys_recvmsg+0x10/0x10 [ 1597.270653][T24651] ? __fget_files+0x3a0/0x420 [ 1597.270700][T24651] do_recvmmsg+0x36a/0x770 [ 1597.270735][T24651] ? __pfx_do_recvmmsg+0x10/0x10 [ 1597.270772][T24651] ? __pfx_vfs_write+0x10/0x10 [ 1597.270810][T24651] __sys_recvmmsg+0x19d/0x280 [ 1597.270838][T24651] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1597.270859][T24651] ? ksys_write+0x22a/0x250 [ 1597.270883][T24651] ? __pfx_ksys_write+0x10/0x10 [ 1597.270911][T24651] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 1597.270943][T24651] __do_fast_syscall_32+0x1f7/0x570 [ 1597.270965][T24651] ? rcu_is_watching+0x15/0xb0 [ 1597.270990][T24651] ? do_fast_syscall_32+0x34/0x80 [ 1597.271017][T24651] do_fast_syscall_32+0x34/0x80 [ 1597.271039][T24651] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1597.271066][T24651] RIP: 0023:0xf7f06539 [ 1597.271086][T24651] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1597.271107][T24651] RSP: 002b:00000000f53d555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 1597.271130][T24651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 1597.271146][T24651] RDX: 000000000291962b RSI: 000000002e4b39ff RDI: 0000000000000000 [ 1597.271161][T24651] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1597.271180][T24651] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1597.271194][T24651] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1597.271227][T24651] [ 1597.529281][T24455] usb 3-1: Using ep0 maxpacket: 8 [ 1597.568340][T24455] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1597.603128][T24455] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1597.628755][T24455] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1597.639205][T22254] usb 1-1: reset high-speed USB device number 13 using dummy_hcd [ 1597.708872][T24455] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 1597.718112][T24455] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1597.731451][T24649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4928'. [ 1597.761804][T24455] usb 3-1: config 0 descriptor?? [ 1597.778838][T22254] usb 1-1: device descriptor read/64, error -32 [ 1597.788933][ T6520] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 1597.865995][T24662] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4931'. [ 1597.887434][T24662] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4931'. [ 1597.908987][T24662] netlink: 'syz.5.4931': attribute type 2 has an invalid length. [ 1597.916966][T24662] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4931'. [ 1597.976708][T24645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1597.991453][T24645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1597.999699][T24666] FAULT_INJECTION: forcing a failure. [ 1597.999699][T24666] name failslab, interval 1, probability 0, space 0, times 0 [ 1598.012674][T24666] CPU: 1 UID: 0 PID: 24666 Comm: syz.5.4933 Tainted: G L syzkaller #0 PREEMPT(full) [ 1598.012719][T24666] Tainted: [L]=SOFTLOCKUP [ 1598.012729][T24666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1598.012743][T24666] Call Trace: [ 1598.012752][T24666] [ 1598.012761][T24666] dump_stack_lvl+0x189/0x250 [ 1598.012793][T24666] ? __pfx____ratelimit+0x10/0x10 [ 1598.012816][T24666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1598.012835][T24666] ? __pfx__printk+0x10/0x10 [ 1598.012870][T24666] ? __lock_acquire+0x6b6/0x2cf0 [ 1598.012902][T24666] should_fail_ex+0x414/0x560 [ 1598.012938][T24666] should_failslab+0xa8/0x100 [ 1598.012961][T24666] kmem_cache_alloc_noprof+0x88/0x710 [ 1598.012984][T24666] ? __netlink_lookup+0xbd/0x8a0 [ 1598.013009][T24666] ? skb_clone+0x212/0x3a0 [ 1598.013040][T24666] skb_clone+0x212/0x3a0 [ 1598.013067][T24666] __netlink_deliver_tap+0x404/0x850 [ 1598.013102][T24666] ? netlink_deliver_tap+0x2e/0x1b0 [ 1598.013121][T24666] netlink_deliver_tap+0x19c/0x1b0 [ 1598.013140][T24666] netlink_unicast+0x7fa/0x9e0 [ 1598.013170][T24666] ? __pfx_netlink_unicast+0x10/0x10 [ 1598.013195][T24666] ? netlink_sendmsg+0x642/0xb30 [ 1598.013217][T24666] ? skb_put+0x11b/0x210 [ 1598.013241][T24666] netlink_sendmsg+0x805/0xb30 [ 1598.013269][T24666] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1598.013289][T24666] ? __import_iovec+0x5d4/0x7f0 [ 1598.013305][T24666] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1598.013334][T24666] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1598.013356][T24666] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1598.013381][T24666] __sock_sendmsg+0x21c/0x270 [ 1598.013411][T24666] ____sys_sendmsg+0x505/0x820 [ 1598.013434][T24666] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1598.013455][T24666] ? kstrtouint+0x6e/0xe0 [ 1598.013495][T24666] ___sys_sendmsg+0x21f/0x2a0 [ 1598.013521][T24666] ? __pfx____sys_sendmsg+0x10/0x10 [ 1598.013550][T24666] ? rcu_read_lock_any_held+0xb3/0x120 [ 1598.013594][T24666] ? __fget_files+0x2a/0x420 [ 1598.013618][T24666] ? __fget_files+0x3a0/0x420 [ 1598.013659][T24666] __sys_sendmsg+0x164/0x220 [ 1598.013691][T24666] ? __pfx___sys_sendmsg+0x10/0x10 [ 1598.013720][T24666] ? __pfx_ksys_write+0x10/0x10 [ 1598.013739][T24666] ? __do_fast_syscall_32+0xbe/0x570 [ 1598.013757][T24666] __do_fast_syscall_32+0x1f7/0x570 [ 1598.013780][T24666] ? rcu_is_watching+0x15/0xb0 [ 1598.013807][T24666] ? do_fast_syscall_32+0x34/0x80 [ 1598.013833][T24666] do_fast_syscall_32+0x34/0x80 [ 1598.013853][T24666] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1598.013876][T24666] RIP: 0023:0xf70fd539 [ 1598.013891][T24666] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1598.013904][T24666] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1598.013925][T24666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 1598.013942][T24666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1598.013956][T24666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1598.013968][T24666] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1598.013981][T24666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1598.014015][T24666] [ 1598.014038][T24666] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4933'. [ 1598.208159][ T5973] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1598.212832][T22254] usb 1-1: reset high-speed USB device number 13 using dummy_hcd [ 1598.369791][T24455] logitech 0003:046D:C293.0041: unknown main item tag 0x0 [ 1598.377186][T24455] logitech 0003:046D:C293.0041: unknown main item tag 0x0 [ 1598.388820][T24455] logitech 0003:046D:C293.0041: unknown main item tag 0x0 [ 1598.398651][T24455] logitech 0003:046D:C293.0041: unknown main item tag 0x0 [ 1598.415657][T24455] logitech 0003:046D:C293.0041: hidraw1: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.2-1/input0 [ 1598.419674][T22254] usb 1-1: device not accepting address 13, error -71 [ 1598.431903][T24455] logitech 0003:046D:C293.0041: no inputs found [ 1598.603707][T18284] usb 3-1: USB disconnect, device number 13 [ 1598.632689][ T5973] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1598.663676][ T5973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1598.686997][ T5973] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1598.714731][ T5973] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1598.791111][ T5973] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1598.818495][ T5973] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1598.837098][ T5973] usb 2-1: Manufacturer: syz [ 1598.855493][ T5973] usb 2-1: config 0 descriptor?? [ 1598.886698][ T5973] smsusb:smsusb_probe: board id=9, interface number 0 [ 1598.912951][ T5973] smsusb:smsusb_probe: Device initialized with return code -19 [ 1599.173790][T24664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1599.206867][T24664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1599.220631][ T6270] usb 1-1: USB disconnect, device number 13 [ 1599.331190][T24684] netlink: 'syz.2.4938': attribute type 10 has an invalid length. [ 1599.698736][T24697] input: syz1 as /devices/virtual/input/input368 [ 1599.830720][T24455] usb 2-1: USB disconnect, device number 11 [ 1601.178648][T24724] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 1601.185265][T24724] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1601.198899][T24724] vhci_hcd vhci_hcd.0: Device attached [ 1601.438793][ T6270] usb 39-1: new high-speed USB device number 10 using vhci_hcd [ 1601.456714][T22254] usb 4-1: new low-speed USB device number 16 using dummy_hcd [ 1601.629232][T24455] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1601.653850][T22254] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1601.677458][T22254] usb 4-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 1601.715905][T22254] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1601.717794][T24729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4946'. [ 1601.782424][T22254] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1601.851406][T24455] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1601.862170][T24455] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1601.899217][T24455] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1601.910192][T24455] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 1601.972754][T24455] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 1601.993009][T24455] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1602.002844][T24455] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1602.012119][T24455] usb 6-1: Product: syz [ 1602.017074][T24455] usb 6-1: Manufacturer: syz [ 1602.038497][T24455] cdc_wdm 6-1:1.0: skipping garbage [ 1602.061760][T24455] cdc_wdm 6-1:1.0: skipping garbage [ 1602.093997][T24455] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 1602.100894][T24455] cdc_wdm 6-1:1.0: Unknown control protocol [ 1602.239175][T24727] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 8 [ 1602.246914][T22254] usb 4-1: string descriptor 0 read error: -71 [ 1602.262709][ T35] vhci_hcd vhci_hcd.3: stop threads [ 1602.268097][ T35] vhci_hcd vhci_hcd.3: release socket [ 1602.287757][T22254] usb 4-1: USB disconnect, device number 16 [ 1602.294226][ T35] vhci_hcd vhci_hcd.3: disconnect device [ 1602.341793][T24741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1602.385589][T24741] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1602.516297][T24455] usb 6-1: USB disconnect, device number 18 [ 1603.240881][T24770] xt_NFQUEUE: number of total queues is 0 [ 1603.415593][T24776] binder: 24768:24776 ioctl 4018620d 0 returned -22 [ 1603.508221][T24777] input: syz1 as /devices/virtual/input/input369 [ 1603.568812][T24455] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1603.733350][T24455] usb 4-1: Using ep0 maxpacket: 32 [ 1603.741652][T24455] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 1603.764240][T24455] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1603.780528][T24455] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1603.797471][T24455] usb 4-1: Product: syz [ 1603.807417][T24455] usb 4-1: Manufacturer: syz [ 1603.818652][T24455] usb 4-1: SerialNumber: syz [ 1603.837915][T24455] usb 4-1: config 0 descriptor?? [ 1603.856054][T24774] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1603.970008][T24455] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input370 [ 1604.074241][T24779] FAULT_INJECTION: forcing a failure. [ 1604.074241][T24779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1604.097529][T24779] CPU: 1 UID: 0 PID: 24779 Comm: syz.2.4963 Tainted: G L syzkaller #0 PREEMPT(full) [ 1604.097564][T24779] Tainted: [L]=SOFTLOCKUP [ 1604.097572][T24779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1604.097585][T24779] Call Trace: [ 1604.097594][T24779] [ 1604.097603][T24779] dump_stack_lvl+0x189/0x250 [ 1604.097634][T24779] ? __pfx____ratelimit+0x10/0x10 [ 1604.097664][T24779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1604.097689][T24779] ? __pfx__printk+0x10/0x10 [ 1604.097735][T24779] should_fail_ex+0x414/0x560 [ 1604.097769][T24779] _copy_to_user+0x31/0xb0 [ 1604.097794][T24779] simple_read_from_buffer+0xe1/0x170 [ 1604.097825][T24779] proc_fail_nth_read+0x1b3/0x220 [ 1604.097861][T24779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1604.097887][T24779] ? rw_verify_area+0x2a6/0x4d0 [ 1604.097907][T24779] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1604.097932][T24779] vfs_read+0x200/0xa30 [ 1604.097950][T24779] ? fdget_pos+0x247/0x320 [ 1604.097980][T24779] ? __pfx___mutex_lock+0x10/0x10 [ 1604.098000][T24779] ? __pfx_vfs_read+0x10/0x10 [ 1604.098022][T24779] ? __fget_files+0x2a/0x420 [ 1604.098054][T24779] ? __fget_files+0x3a0/0x420 [ 1604.098080][T24779] ? __fget_files+0x2a/0x420 [ 1604.098118][T24779] ksys_read+0x145/0x250 [ 1604.098138][T24779] ? exc_page_fault+0x82/0x100 [ 1604.098171][T24779] ? __pfx_ksys_read+0x10/0x10 [ 1604.098196][T24779] ? __do_fast_syscall_32+0xbe/0x570 [ 1604.098222][T24779] __do_fast_syscall_32+0x1f7/0x570 [ 1604.098244][T24779] ? rcu_is_watching+0x15/0xb0 [ 1604.098270][T24779] ? do_fast_syscall_32+0x34/0x80 [ 1604.098296][T24779] do_fast_syscall_32+0x34/0x80 [ 1604.098317][T24779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1604.098342][T24779] RIP: 0023:0xf702d539 [ 1604.098361][T24779] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1604.098381][T24779] RSP: 002b:00000000f541d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 1604.098404][T24779] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f541d620 [ 1604.098419][T24779] RDX: 000000000000000f RSI: 00000000f73c6ff4 RDI: 0000000000000000 [ 1604.098433][T24779] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1604.098445][T24779] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1604.098457][T24779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1604.098489][T24779] [ 1604.633687][T24455] usb 4-1: USB disconnect, device number 17 [ 1604.633774][ C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1604.758475][T24785] FAULT_INJECTION: forcing a failure. [ 1604.758475][T24785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1604.837386][T24785] CPU: 1 UID: 0 PID: 24785 Comm: syz.0.4962 Tainted: G L syzkaller #0 PREEMPT(full) [ 1604.837425][T24785] Tainted: [L]=SOFTLOCKUP [ 1604.837434][T24785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1604.837449][T24785] Call Trace: [ 1604.837458][T24785] [ 1604.837468][T24785] dump_stack_lvl+0x189/0x250 [ 1604.837501][T24785] ? __pfx____ratelimit+0x10/0x10 [ 1604.837534][T24785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1604.837560][T24785] ? __pfx__printk+0x10/0x10 [ 1604.837594][T24785] ? __might_fault+0xb0/0x130 [ 1604.837638][T24785] should_fail_ex+0x414/0x560 [ 1604.837675][T24785] _copy_from_iter+0x1cd/0x1630 [ 1604.837714][T24785] ? __build_skb_around+0x22d/0x3c0 [ 1604.837754][T24785] ? __pfx__copy_from_iter+0x10/0x10 [ 1604.837786][T24785] ? __alloc_skb+0x2f1/0x430 [ 1604.837821][T24785] ? __pfx___alloc_skb+0x10/0x10 [ 1604.837857][T24785] ? netlink_sendmsg+0x642/0xb30 [ 1604.837880][T24785] ? skb_put+0x11b/0x210 [ 1604.837904][T24785] netlink_sendmsg+0x6b2/0xb30 [ 1604.837944][T24785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1604.837980][T24785] ? __import_iovec+0x5d4/0x7f0 [ 1604.838001][T24785] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1604.838029][T24785] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1604.838050][T24785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1604.838077][T24785] __sock_sendmsg+0x21c/0x270 [ 1604.838109][T24785] ____sys_sendmsg+0x505/0x820 [ 1604.838139][T24785] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1604.838168][T24785] ? kstrtouint+0x6e/0xe0 [ 1604.838206][T24785] ___sys_sendmsg+0x21f/0x2a0 [ 1604.838232][T24785] ? __pfx____sys_sendmsg+0x10/0x10 [ 1604.838263][T24785] ? rcu_read_lock_any_held+0xb3/0x120 [ 1604.838320][T24785] ? __fget_files+0x2a/0x420 [ 1604.838349][T24785] ? __fget_files+0x3a0/0x420 [ 1604.838389][T24785] __sys_sendmsg+0x164/0x220 [ 1604.838415][T24785] ? __pfx___sys_sendmsg+0x10/0x10 [ 1604.838448][T24785] ? __pfx_ksys_write+0x10/0x10 [ 1604.838474][T24785] ? __do_fast_syscall_32+0xbe/0x570 [ 1604.838501][T24785] __do_fast_syscall_32+0x1f7/0x570 [ 1604.838535][T24785] ? rcu_is_watching+0x15/0xb0 [ 1604.838561][T24785] ? do_fast_syscall_32+0x34/0x80 [ 1604.838588][T24785] do_fast_syscall_32+0x34/0x80 [ 1604.838609][T24785] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1604.838649][T24785] RIP: 0023:0xf7f66539 [ 1604.838669][T24785] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1604.838687][T24785] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1604.838710][T24785] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000900 [ 1604.838726][T24785] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 1604.838739][T24785] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1604.838753][T24785] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1604.838766][T24785] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1604.838796][T24785] [ 1605.734014][T24812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4973'. [ 1605.940081][T24832] binder: 24825:24832 ioctl 4018620d 0 returned -22 [ 1605.965005][T24832] input: syz1 as /devices/virtual/input/input371 [ 1606.599413][ T6270] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1606.871974][ T6520] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1607.051024][ T6520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1607.063933][ T6520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1607.101624][ T6520] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1607.145192][ T6520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1607.194253][ T6520] usb 3-1: config 0 descriptor?? [ 1607.542275][T24836] [ 1607.544661][T24836] ===================================================== [ 1607.551597][T24836] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1607.559075][T24836] syzkaller #0 Tainted: G L [ 1607.565061][T24836] ----------------------------------------------------- [ 1607.572010][T24836] syz.0.4971/24836 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1607.579743][T24836] ffffffff8dc0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420 [ 1607.588558][T24836] [ 1607.588558][T24836] and this task is already holding: [ 1607.595930][T24836] ffff88814041f920 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 [ 1607.604673][T24836] which would create a new lock dependency: [ 1607.610850][T24836] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1607.618465][T24836] [ 1607.618465][T24836] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1607.627929][T24836] (&dev->event_lock#2){..-.}-{3:3} [ 1607.627968][T24836] [ 1607.627968][T24836] ... which became SOFTIRQ-irq-safe at: [ 1607.640866][T24836] lock_acquire+0x117/0x340 [ 1607.645465][T24836] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1607.650759][T24836] input_event+0x76/0xe0 [ 1607.655119][T24836] atp_complete_geyser_3_4+0xf6d/0x1e80 [ 1607.660761][T24836] __usb_hcd_giveback_urb+0x376/0x540 [ 1607.666230][T24836] dummy_timer+0x85f/0x45b0 [ 1607.670854][T24836] __hrtimer_run_queues+0x51c/0xc30 [ 1607.676148][T24836] hrtimer_run_softirq+0x187/0x2b0 [ 1607.681353][T24836] handle_softirqs+0x27d/0x850 [ 1607.686239][T24836] __irq_exit_rcu+0xca/0x1f0 [ 1607.690935][T24836] irq_exit_rcu+0x9/0x30 [ 1607.695282][T24836] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1607.701010][T24836] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1607.707155][T24836] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1607.712983][T24836] dummy_urb_enqueue+0x58a/0x780 [ 1607.718027][T24836] usb_hcd_submit_urb+0x328/0x1b80 [ 1607.723239][T24836] atp_open+0x63/0xc0 [ 1607.727315][T24836] input_open_device+0x1d3/0x390 [ 1607.732344][T24836] mousedev_open_device+0xcc/0x150 [ 1607.737552][T24836] mousedev_open+0x2ef/0x4a0 [ 1607.742236][T24836] chrdev_open+0x4cc/0x5e0 [ 1607.746743][T24836] do_dentry_open+0x7ce/0x1420 [ 1607.751643][T24836] vfs_open+0x3b/0x340 [ 1607.755826][T24836] path_openat+0x340e/0x3dd0 [ 1607.760507][T24836] do_filp_open+0x1fa/0x410 [ 1607.765099][T24836] do_sys_openat2+0x121/0x200 [ 1607.769892][T24836] __x64_sys_openat+0x138/0x170 [ 1607.774841][T24836] do_syscall_64+0xfa/0xf80 [ 1607.779445][T24836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1607.785425][T24836] [ 1607.785425][T24836] to a SOFTIRQ-irq-unsafe lock: [ 1607.792525][T24836] (tasklist_lock){.+.+}-{3:3} [ 1607.792552][T24836] [ 1607.792552][T24836] ... which became SOFTIRQ-irq-unsafe at: [ 1607.805199][T24836] ... [ 1607.805209][T24836] lock_acquire+0x117/0x340 [ 1607.812398][T24836] _raw_read_lock+0x36/0x50 [ 1607.817000][T24836] __do_wait+0xde/0x740 [ 1607.821270][T24836] do_wait+0x1e8/0x4f0 [ 1607.825434][T24836] kernel_wait+0xab/0x170 [ 1607.829860][T24836] call_usermodehelper_exec_work+0xbe/0x230 [ 1607.835842][T24836] process_scheduled_works+0xad1/0x1770 [ 1607.841479][T24836] worker_thread+0x8a0/0xda0 [ 1607.846159][T24836] kthread+0x711/0x8a0 [ 1607.850319][T24836] ret_from_fork+0x599/0xb30 [ 1607.854997][T24836] ret_from_fork_asm+0x1a/0x30 [ 1607.859855][T24836] [ 1607.859855][T24836] other info that might help us debug this: [ 1607.859855][T24836] [ 1607.870084][T24836] Chain exists of: [ 1607.870084][T24836] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 1607.870084][T24836] [ 1607.883223][T24836] Possible interrupt unsafe locking scenario: [ 1607.883223][T24836] [ 1607.891630][T24836] CPU0 CPU1 [ 1607.897006][T24836] ---- ---- [ 1607.902392][T24836] lock(tasklist_lock); [ 1607.906641][T24836] local_irq_disable(); [ 1607.913401][T24836] lock(&dev->event_lock#2); [ 1607.920635][T24836] lock(&f_owner->lock); [ 1607.927496][T24836] [ 1607.930975][T24836] lock(&dev->event_lock#2); [ 1607.935850][T24836] [ 1607.935850][T24836] *** DEADLOCK *** [ 1607.935850][T24836] [ 1607.944014][T24836] 2 locks held by syz.0.4971/24836: [ 1607.949218][T24836] #0: ffff888079c84ce0 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x1b0/0x4f0 [ 1607.957766][T24836] #1: ffff88814041f920 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 [ 1607.966920][T24836] [ 1607.966920][T24836] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1607.977326][T24836] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1607.983164][T24836] IN-SOFTIRQ-W at: [ 1607.987404][T24836] lock_acquire+0x117/0x340 [ 1607.994082][T24836] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1608.001459][T24836] input_event+0x76/0xe0 [ 1608.007882][T24836] atp_complete_geyser_3_4+0xf6d/0x1e80 [ 1608.015606][T24836] __usb_hcd_giveback_urb+0x376/0x540 [ 1608.023162][T24836] dummy_timer+0x85f/0x45b0 [ 1608.029866][T24836] __hrtimer_run_queues+0x51c/0xc30 [ 1608.037260][T24836] hrtimer_run_softirq+0x187/0x2b0 [ 1608.044573][T24836] handle_softirqs+0x27d/0x850 [ 1608.051512][T24836] __irq_exit_rcu+0xca/0x1f0 [ 1608.058477][T24836] irq_exit_rcu+0x9/0x30 [ 1608.064891][T24836] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1608.072705][T24836] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1608.080859][T24836] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1608.088762][T24836] dummy_urb_enqueue+0x58a/0x780 [ 1608.095892][T24836] usb_hcd_submit_urb+0x328/0x1b80 [ 1608.103178][T24836] atp_open+0x63/0xc0 [ 1608.109337][T24836] input_open_device+0x1d3/0x390 [ 1608.116480][T24836] mousedev_open_device+0xcc/0x150 [ 1608.123777][T24836] mousedev_open+0x2ef/0x4a0 [ 1608.130565][T24836] chrdev_open+0x4cc/0x5e0 [ 1608.137245][T24836] do_dentry_open+0x7ce/0x1420 [ 1608.144188][T24836] vfs_open+0x3b/0x340 [ 1608.150433][T24836] path_openat+0x340e/0x3dd0 [ 1608.157191][T24836] do_filp_open+0x1fa/0x410 [ 1608.163864][T24836] do_sys_openat2+0x121/0x200 [ 1608.170738][T24836] __x64_sys_openat+0x138/0x170 [ 1608.177764][T24836] do_syscall_64+0xfa/0xf80 [ 1608.184457][T24836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1608.192520][T24836] INITIAL USE at: [ 1608.196680][T24836] lock_acquire+0x117/0x340 [ 1608.203265][T24836] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1608.210557][T24836] input_inject_event+0xa5/0x340 [ 1608.217579][T24836] kbd_led_trigger_activate+0xbc/0x100 [ 1608.225135][T24836] led_trigger_set+0x52d/0x950 [ 1608.231992][T24836] led_trigger_set_default+0x260/0x2a0 [ 1608.239546][T24836] led_classdev_register_ext+0x73d/0x960 [ 1608.247272][T24836] input_leds_connect+0x517/0x790 [ 1608.254431][T24836] input_register_device+0xd00/0x1170 [ 1608.261890][T24836] atkbd_connect+0x73b/0xa50 [ 1608.268637][T24836] serio_driver_probe+0x82/0xd0 [ 1608.275597][T24836] really_probe+0x26d/0xad0 [ 1608.282194][T24836] __driver_probe_device+0x18c/0x320 [ 1608.289581][T24836] driver_probe_device+0x4f/0x240 [ 1608.296695][T24836] __driver_attach+0x349/0x650 [ 1608.303549][T24836] bus_for_each_dev+0x233/0x2b0 [ 1608.310489][T24836] serio_handle_event+0x1f9/0x8d0 [ 1608.317603][T24836] process_scheduled_works+0xad1/0x1770 [ 1608.325230][T24836] worker_thread+0x8a0/0xda0 [ 1608.331997][T24836] kthread+0x711/0x8a0 [ 1608.338245][T24836] ret_from_fork+0x599/0xb30 [ 1608.344935][T24836] ret_from_fork_asm+0x1a/0x30 [ 1608.351793][T24836] } [ 1608.354549][T24836] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 1608.363839][T24836] -> (&client->buffer_lock){....}-{3:3} { [ 1608.369757][T24836] INITIAL USE at: [ 1608.373852][T24836] lock_acquire+0x117/0x340 [ 1608.380265][T24836] _raw_spin_lock+0x2e/0x40 [ 1608.386686][T24836] evdev_pass_values+0xb9/0xbd0 [ 1608.393461][T24836] evdev_events+0x1e6/0x340 [ 1608.399886][T24836] input_pass_values+0x288/0x890 [ 1608.406839][T24836] input_event_dispose+0x330/0x6b0 [ 1608.413877][T24836] input_inject_event+0x1dd/0x340 [ 1608.420816][T24836] evdev_write+0x2fc/0x480 [ 1608.427147][T24836] vfs_write+0x27e/0xb30 [ 1608.433298][T24836] ksys_write+0x145/0x250 [ 1608.439542][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.446651][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.453413][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.461660][T24836] } [ 1608.464328][T24836] ... key at: [] evdev_open.__key.26+0x0/0x20 [ 1608.472668][T24836] ... acquired at: [ 1608.476649][T24836] _raw_spin_lock+0x2e/0x40 [ 1608.481337][T24836] evdev_pass_values+0xb9/0xbd0 [ 1608.486375][T24836] evdev_events+0x1e6/0x340 [ 1608.491057][T24836] input_pass_values+0x288/0x890 [ 1608.496180][T24836] input_event_dispose+0x330/0x6b0 [ 1608.501473][T24836] input_inject_event+0x1dd/0x340 [ 1608.506684][T24836] evdev_write+0x2fc/0x480 [ 1608.511281][T24836] vfs_write+0x27e/0xb30 [ 1608.515697][T24836] ksys_write+0x145/0x250 [ 1608.520201][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.525586][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.530783][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.537288][T24836] [ 1608.539612][T24836] -> (&new->fa_lock){....}-{3:3} { [ 1608.544826][T24836] INITIAL USE at: [ 1608.548808][T24836] lock_acquire+0x117/0x340 [ 1608.555064][T24836] _raw_write_lock_irq+0xa2/0xf0 [ 1608.561744][T24836] fasync_remove_entry+0xf1/0x1c0 [ 1608.568516][T24836] __fput+0x8a2/0xa70 [ 1608.574240][T24836] task_work_run+0x1d4/0x260 [ 1608.580573][T24836] do_exit+0x6c5/0x2310 [ 1608.586472][T24836] do_group_exit+0x21c/0x2d0 [ 1608.592850][T24836] get_signal+0x1285/0x1340 [ 1608.599114][T24836] arch_do_signal_or_restart+0x9a/0x7a0 [ 1608.606452][T24836] exit_to_user_mode_loop+0x87/0x4f0 [ 1608.613577][T24836] __do_fast_syscall_32+0x3cb/0x570 [ 1608.620603][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.627213][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.635309][T24836] INITIAL READ USE at: [ 1608.639866][T24836] lock_acquire+0x117/0x340 [ 1608.646581][T24836] _raw_read_lock_irqsave+0xaf/0x100 [ 1608.654046][T24836] kill_fasync+0x199/0x4d0 [ 1608.660648][T24836] lease_break_callback+0x26/0x30 [ 1608.667855][T24836] __break_lease+0x730/0x1620 [ 1608.674707][T24836] do_dentry_open+0x73a/0x1420 [ 1608.681648][T24836] vfs_open+0x3b/0x340 [ 1608.687891][T24836] path_openat+0x340e/0x3dd0 [ 1608.694651][T24836] do_filp_open+0x1fa/0x410 [ 1608.701412][T24836] do_sys_openat2+0x121/0x200 [ 1608.708265][T24836] __ia32_compat_sys_openat+0x131/0x160 [ 1608.715988][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.723360][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.730396][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.738904][T24836] } [ 1608.741506][T24836] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1608.750373][T24836] ... acquired at: [ 1608.754302][T24836] _raw_read_lock_irqsave+0xaf/0x100 [ 1608.759767][T24836] kill_fasync+0x199/0x4d0 [ 1608.764364][T24836] evdev_pass_values+0x627/0xbd0 [ 1608.769486][T24836] evdev_events+0x1e6/0x340 [ 1608.774180][T24836] input_pass_values+0x288/0x890 [ 1608.779310][T24836] input_event_dispose+0x330/0x6b0 [ 1608.784619][T24836] input_inject_event+0x1dd/0x340 [ 1608.789833][T24836] evdev_write+0x2fc/0x480 [ 1608.794449][T24836] vfs_write+0x27e/0xb30 [ 1608.798880][T24836] ksys_write+0x145/0x250 [ 1608.803403][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.808790][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.813835][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.820346][T24836] [ 1608.822676][T24836] -> (&f_owner->lock){....}-{3:3} { [ 1608.827914][T24836] INITIAL USE at: [ 1608.831804][T24836] lock_acquire+0x117/0x340 [ 1608.837877][T24836] _raw_write_lock_irq+0xa2/0xf0 [ 1608.844401][T24836] __f_setown+0x67/0x370 [ 1608.850306][T24836] fcntl_dirnotify+0x3fa/0x6a0 [ 1608.856639][T24836] do_fcntl+0x745/0x1a50 [ 1608.862454][T24836] do_compat_fcntl64+0x477/0x720 [ 1608.868970][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.875744][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.882161][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.890056][T24836] INITIAL READ USE at: [ 1608.894387][T24836] lock_acquire+0x117/0x340 [ 1608.900888][T24836] _raw_read_lock_irqsave+0xaf/0x100 [ 1608.908199][T24836] send_sigio+0x38/0x370 [ 1608.914446][T24836] kill_fasync+0x24d/0x4d0 [ 1608.920872][T24836] lease_break_callback+0x26/0x30 [ 1608.927903][T24836] __break_lease+0x730/0x1620 [ 1608.934754][T24836] do_dentry_open+0x73a/0x1420 [ 1608.941520][T24836] vfs_open+0x3b/0x340 [ 1608.947734][T24836] path_openat+0x340e/0x3dd0 [ 1608.954510][T24836] do_filp_open+0x1fa/0x410 [ 1608.961022][T24836] do_sys_openat2+0x121/0x200 [ 1608.967835][T24836] __ia32_compat_sys_openat+0x131/0x160 [ 1608.975404][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1608.982613][T24836] do_fast_syscall_32+0x34/0x80 [ 1608.989469][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1608.997801][T24836] } [ 1609.000299][T24836] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1609.009158][T24836] ... acquired at: [ 1609.012976][T24836] _raw_read_lock_irqsave+0xaf/0x100 [ 1609.018618][T24836] send_sigio+0x38/0x370 [ 1609.023043][T24836] kill_fasync+0x24d/0x4d0 [ 1609.027652][T24836] lease_break_callback+0x26/0x30 [ 1609.032859][T24836] __break_lease+0x730/0x1620 [ 1609.037708][T24836] do_dentry_open+0x73a/0x1420 [ 1609.042652][T24836] vfs_open+0x3b/0x340 [ 1609.046949][T24836] path_openat+0x340e/0x3dd0 [ 1609.051717][T24836] do_filp_open+0x1fa/0x410 [ 1609.056393][T24836] do_sys_openat2+0x121/0x200 [ 1609.061247][T24836] __ia32_compat_sys_openat+0x131/0x160 [ 1609.066985][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1609.072356][T24836] do_fast_syscall_32+0x34/0x80 [ 1609.077383][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1609.083893][T24836] [ 1609.086213][T24836] [ 1609.086213][T24836] the dependencies between the lock to be acquired [ 1609.086222][T24836] and SOFTIRQ-irq-unsafe lock: [ 1609.099724][T24836] -> (tasklist_lock){.+.+}-{3:3} { [ 1609.104859][T24836] HARDIRQ-ON-R at: [ 1609.108850][T24836] lock_acquire+0x117/0x340 [ 1609.115038][T24836] _raw_read_lock+0x36/0x50 [ 1609.121303][T24836] __do_wait+0xde/0x740 [ 1609.127122][T24836] do_wait+0x1e8/0x4f0 [ 1609.132848][T24836] kernel_wait+0xab/0x170 [ 1609.138842][T24836] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.146404][T24836] process_scheduled_works+0xad1/0x1770 [ 1609.153606][T24836] worker_thread+0x8a0/0xda0 [ 1609.159859][T24836] kthread+0x711/0x8a0 [ 1609.165587][T24836] ret_from_fork+0x599/0xb30 [ 1609.171827][T24836] ret_from_fork_asm+0x1a/0x30 [ 1609.178246][T24836] SOFTIRQ-ON-R at: [ 1609.182224][T24836] lock_acquire+0x117/0x340 [ 1609.188388][T24836] _raw_read_lock+0x36/0x50 [ 1609.194548][T24836] __do_wait+0xde/0x740 [ 1609.200362][T24836] do_wait+0x1e8/0x4f0 [ 1609.206092][T24836] kernel_wait+0xab/0x170 [ 1609.212165][T24836] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.219709][T24836] process_scheduled_works+0xad1/0x1770 [ 1609.226902][T24836] worker_thread+0x8a0/0xda0 [ 1609.233141][T24836] kthread+0x711/0x8a0 [ 1609.238872][T24836] ret_from_fork+0x599/0xb30 [ 1609.245119][T24836] ret_from_fork_asm+0x1a/0x30 [ 1609.251537][T24836] INITIAL USE at: [ 1609.255429][T24836] lock_acquire+0x117/0x340 [ 1609.261494][T24836] _raw_write_lock_irq+0xa2/0xf0 [ 1609.268002][T24836] copy_process+0x2185/0x3950 [ 1609.274240][T24836] kernel_clone+0x21e/0x820 [ 1609.280309][T24836] user_mode_thread+0xdd/0x140 [ 1609.286634][T24836] rest_init+0x23/0x300 [ 1609.292354][T24836] start_kernel+0x3a7/0x400 [ 1609.298438][T24836] x86_64_start_reservations+0x24/0x30 [ 1609.305462][T24836] x86_64_start_kernel+0x143/0x1c0 [ 1609.312141][T24836] common_startup_64+0x13e/0x147 [ 1609.318646][T24836] INITIAL READ USE at: [ 1609.322982][T24836] lock_acquire+0x117/0x340 [ 1609.329504][T24836] _raw_read_lock+0x36/0x50 [ 1609.336017][T24836] __do_wait+0xde/0x740 [ 1609.342194][T24836] do_wait+0x1e8/0x4f0 [ 1609.348263][T24836] kernel_wait+0xab/0x170 [ 1609.354595][T24836] call_usermodehelper_exec_work+0xbe/0x230 [ 1609.362503][T24836] process_scheduled_works+0xad1/0x1770 [ 1609.370048][T24836] worker_thread+0x8a0/0xda0 [ 1609.376636][T24836] kthread+0x711/0x8a0 [ 1609.382705][T24836] ret_from_fork+0x599/0xb30 [ 1609.389310][T24836] ret_from_fork_asm+0x1a/0x30 [ 1609.396089][T24836] } [ 1609.398582][T24836] ... key at: [] tasklist_lock+0x18/0x40 [ 1609.406323][T24836] ... acquired at: [ 1609.410141][T24836] _raw_read_lock+0x36/0x50 [ 1609.414820][T24836] send_sigurg+0x12b/0x420 [ 1609.419414][T24836] sk_send_sigurg+0x6c/0x2e0 [ 1609.424198][T24836] queue_oob+0x420/0x4f0 [ 1609.428632][T24836] unix_stream_sendmsg+0xc32/0xde0 [ 1609.433926][T24836] __sock_sendmsg+0x21c/0x270 [ 1609.438789][T24836] ____sys_sendmsg+0x505/0x820 [ 1609.443753][T24836] ___sys_sendmsg+0x21f/0x2a0 [ 1609.448602][T24836] __sys_sendmsg+0x164/0x220 [ 1609.453369][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1609.458752][T24836] do_fast_syscall_32+0x34/0x80 [ 1609.463787][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1609.470318][T24836] [ 1609.472642][T24836] [ 1609.472642][T24836] stack backtrace: [ 1609.478529][T24836] CPU: 1 UID: 0 PID: 24836 Comm: syz.0.4971 Tainted: G L syzkaller #0 PREEMPT(full) [ 1609.478552][T24836] Tainted: [L]=SOFTLOCKUP [ 1609.478559][T24836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1609.478569][T24836] Call Trace: [ 1609.478578][T24836] [ 1609.478586][T24836] dump_stack_lvl+0x189/0x250 [ 1609.478610][T24836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1609.478630][T24836] ? __pfx__printk+0x10/0x10 [ 1609.478657][T24836] __lock_acquire+0x2a95/0x2cf0 [ 1609.478684][T24836] ? send_sigurg+0x12b/0x420 [ 1609.478717][T24836] lock_acquire+0x117/0x340 [ 1609.478739][T24836] ? send_sigurg+0x12b/0x420 [ 1609.478770][T24836] ? _raw_read_lock_irqsave+0xbb/0x100 [ 1609.478806][T24836] _raw_read_lock+0x36/0x50 [ 1609.478834][T24836] ? send_sigurg+0x12b/0x420 [ 1609.478866][T24836] send_sigurg+0x12b/0x420 [ 1609.478898][T24836] sk_send_sigurg+0x6c/0x2e0 [ 1609.478928][T24836] queue_oob+0x420/0x4f0 [ 1609.478963][T24836] ? __pfx_queue_oob+0x10/0x10 [ 1609.478994][T24836] ? __schedule+0x14d2/0x5000 [ 1609.479024][T24836] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 1609.479049][T24836] unix_stream_sendmsg+0xc32/0xde0 [ 1609.479087][T24836] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 1609.479111][T24836] ? __asan_memset+0x22/0x50 [ 1609.479125][T24836] ? __import_iovec+0x5d4/0x7f0 [ 1609.479140][T24836] ? aa_sock_msg_perm+0xda/0x1b0 [ 1609.479158][T24836] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1609.479172][T24836] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 1609.479195][T24836] __sock_sendmsg+0x21c/0x270 [ 1609.479217][T24836] ____sys_sendmsg+0x505/0x820 [ 1609.479235][T24836] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1609.479252][T24836] ? __pfx_futex_wake_mark+0x10/0x10 [ 1609.479276][T24836] ___sys_sendmsg+0x21f/0x2a0 [ 1609.479293][T24836] ? __pfx____sys_sendmsg+0x10/0x10 [ 1609.479311][T24836] ? futex_wait+0x285/0x360 [ 1609.479340][T24836] ? __fget_files+0x2a/0x420 [ 1609.479368][T24836] ? __fget_files+0x3a0/0x420 [ 1609.479392][T24836] __sys_sendmsg+0x164/0x220 [ 1609.479407][T24836] ? lockdep_hardirqs_on+0x98/0x140 [ 1609.479432][T24836] ? __pfx___sys_sendmsg+0x10/0x10 [ 1609.479454][T24836] ? __do_fast_syscall_32+0xbe/0x570 [ 1609.479470][T24836] __do_fast_syscall_32+0x1f7/0x570 [ 1609.479486][T24836] ? rcu_is_watching+0x15/0xb0 [ 1609.479505][T24836] ? do_fast_syscall_32+0x34/0x80 [ 1609.479522][T24836] do_fast_syscall_32+0x34/0x80 [ 1609.479537][T24836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1609.479557][T24836] RIP: 0023:0xf7f66539 [ 1609.479572][T24836] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1609.479587][T24836] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1609.479604][T24836] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 1609.479616][T24836] RDX: 00000000240408c1 RSI: 0000000000000000 RDI: 0000000000000000 [ 1609.479626][T24836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1609.479635][T24836] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1609.479645][T24836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1609.479660][T24836] [ 1609.832445][ T6520] usbhid 3-1:0.0: can't add hid device: -71 [ 1609.838519][ T6520] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1609.876611][ T6520] usb 3-1: USB disconnect, device number 14 [ 1610.138796][T24465] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1610.290382][T24465] usb 4-1: config 0 has an invalid interface number: 144 but max is 0 [ 1610.298597][T24465] usb 4-1: config 0 has no interface number 0 [ 1610.304769][T24465] usb 4-1: config 0 interface 144 has no altsetting 0 [ 1610.313884][T24465] usb 4-1: New USB device found, idVendor=04d8, idProduct=f58b, bcdDevice=fa.a9 [ 1610.323092][T24465] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1610.331192][T24465] usb 4-1: Product: syz [ 1610.335359][T24465] usb 4-1: Manufacturer: syz [ 1610.340382][T24465] usb 4-1: SerialNumber: syz [ 1610.346442][T24465] usb 4-1: config 0 descriptor?? [ 1610.586764][T24465] ir_toy 4-1:0.144: required endpoints not found [ 1610.595273][T24465] usb 4-1: USB disconnect, device number 18 [ 1612.930230][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.938112][ T1298] ieee802154 phy1 wpan1: encryption failed: -22