last executing test programs: 15.443287258s ago: executing program 1 (id=1159): r0 = socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x200000000000) socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x30, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid}, @typed={0x8, 0x13, 0x0, 0x0, @uid}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 13.92452419s ago: executing program 1 (id=1161): socket$kcm(0x11, 0x2, 0x300) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e"], 0x22) socket$kcm(0x11, 0x200000000000002, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x6a, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$ITER_CREATE(0x1d, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) sendmsg$NL80211_CMD_DEL_INTERFACE(r3, &(0x7f0000000680)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x20, 0x0, 0x442, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x81, 0x13}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x4000040) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e0ffff2000a600ff84000aac141440e0", 0x0, 0x11, 0x6000cfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000180)={0x9}) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x8, 0x7, 0x5, 0x1000, 0x3, 0xffffffffffffffff}) ioctl$BINDER_FREEZE(r5, 0x400c620e, &(0x7f0000000380)={r7, 0x1, 0x4862}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r5}, 0x4) 12.748914798s ago: executing program 1 (id=1164): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xfffffffffffffbff, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x2e}, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x20000000) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="cc0000002100010027bd7000fefffffffc020000000000000000000000000000fc020000000000000000000000000001dffc0000000000020a00e00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="020000000000000050001100fe800000000000000000000000000011ac1414aa000000000000000000000000ac1414aa000000000000000000000000fe8000000000000000000000000000bb3c000000000000007f000a002c0013"], 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r0) r3 = fsopen(&(0x7f00000000c0)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) close(r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={0x48, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0) 12.121896551s ago: executing program 1 (id=1168): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x6, 0x6, 0x7ffcfffc}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xac5) r0 = syz_open_dev$vcsu(&(0x7f0000000080), 0x8, 0x8000) sendmsg$nl_route_sched(r0, 0x0, 0x2000c000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) setgroups(0x0, 0x0) mmap(&(0x7f00002a5000/0x3000)=nil, 0x3000, 0xb635773f05ebbeea, 0x10, 0xffffffffffffffff, 0x196a4000) chdir(0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r1 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 10.783179391s ago: executing program 1 (id=1173): socket$nl_netfilter(0x10, 0x3, 0xc) waitid(0x11, 0x0, 0x0, 0x8, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="4604", @ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r1], 0x4}}, 0x0) sendfile(r4, r2, 0x0, 0x100000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000240)={@hyper}) sendmsg$AUDIT_USER(r0, 0x0, 0x48000) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe}) r9 = syz_open_dev$sg(0x0, 0x1, 0x40002) readv(r9, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r8, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4}) syz_usb_connect(0x5, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000339a50640720528135f9c01020301090212000102028007090422030047d3f304512af98676b04d4cb02bc3b955ab1fdef27621a87732b75f2c2da55f89fe1dad9f05324226175b6cb7b8c2b657"], &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0}) r10 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_int(r10, 0x101, 0x0, &(0x7f00000002c0)=0x5, 0x4) socket$inet6(0xa, 0x5, 0x0) 8.231170979s ago: executing program 0 (id=1183): socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) fsetxattr(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="6f3a8f"], 0x0, 0x0, 0x2) write$P9_RLERRORu(r0, &(0x7f0000000100)=ANY=[], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 7.776426858s ago: executing program 0 (id=1184): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xfffe, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x4, 0x8, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x8001, 0x400056}]}}}}}}}, 0x0) 7.698207971s ago: executing program 0 (id=1185): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$mice(0xffffffffffffff9c, &(0x7f0000000400), 0x400200) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="8500010008000000d400000000000018950000000400000004e20cd7fd751494ff2db38540aca2ba6caf97a4541271ebfc8d93740ea9f3e480241615f8c874b7d58a94e5d4f5cd2160e5a4181c99a3e463b7d6250e18a45ec58d454c7599b1d91bfcb1b0d899ff659be97e019b1d0b22917debc2bf7d7d16179c91cf8b47f48f9f6b37354ca84486c2eb5d1dc11ee3980eead865b439c55de4831feaa1cc1bc90c1cf326ccdd890916aa78b2cecf13eeba15bbe7b0"], &(0x7f0000000240)='GPL\x00', 0x1, 0xc3, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0x12a, 0xfffffffffffffffe}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r1, 0x0, 0xb, 0x0, &(0x7f0000000180)) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x55) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) pwritev(r2, &(0x7f0000000500)=[{&(0x7f0000000140)="6b666ad446ab4735a432ad75a4390801f7a80f72a21b8ac65f46879973bc0070c7c12d2222296f2311fc7dd3c4579e538ce6", 0x32}, {&(0x7f0000000440)="fd5febfdc829ac86b576ec0accd9b197ad3812b12099b15c9514eea19a35d0383219144509ecb950e5759519528bb94dac6e9c9e1c2b283edb3cc69f63fffff341f1e3f158c42807849dedf6fa93c0ab9fd53397b76878786150a9e9ca388fd4db0a74381fc690026440e2ccf5830bc33a069666278571667cb35824d629911ffd5942de1a7ed49691b36ffc414042254ad8e0bcc5e02c0a479385a341c160a4fa03afef9fdb1ea764f4", 0xaa}], 0x2, 0xb9ca, 0x6ba) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4000000000000001) unshare(0x24020400) r4 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r4, &(0x7f0000000340)={0x2c, 0x20, 0x0, 0xb, r4}, 0x10) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0x6, 0xa, 0x1, "0200000025052e8bd9e466020100000000c2370000722a01000800", 0x41564e57}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x2c) fsetxattr$security_capability(r2, &(0x7f0000000640), &(0x7f0000000680)=@v1={0x1000000, [{0x7, 0x9}]}, 0xc, 0x3) bind$inet6(r6, &(0x7f0000000540)={0xa, 0x4e22, 0x2007651, @empty, 0x200}, 0x1c) mmap$IORING_OFF_SQES(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x300000a, 0x30, r3, 0x10000000) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 7.259496602s ago: executing program 1 (id=1187): capset(&(0x7f0000000400)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x8000000, 0x0, 0x0, 0x1003}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='quota,grpquota_block_hardlimit=3']) 6.234044037s ago: executing program 0 (id=1188): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r7, 0x2007ffb) close(r7) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0xc8a02, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0xf5, 0xfffff010}, {0x20, 0x0, 0x0, 0xfbfff00c}, {0x6}]}, 0x10) sendmmsg$inet(r3, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)="940c4c65", 0x4}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0)={0x3}) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r10 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f0000000000)=0x0) bind$nfc_llcp(r9, &(0x7f0000001040)={0x27, r11, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60) close(r10) r12 = socket$kcm(0xa, 0x2, 0x3a) write$cgroup_subtree(r12, 0x0, 0x1e) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r8, 0x400455c8, 0x1) ioctl$TIOCSETD(r8, 0x5412, &(0x7f0000000140)=0xd6) close_range(r0, 0xffffffffffffffff, 0x0) 4.615468105s ago: executing program 3 (id=1192): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000780)}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000007000000070000000020000000400000000e3ff01050000000300000005000093010004000a000000ffff00000600000002000000ff0f00000500000004000000400000000300000031e28cab08f3182c81000000100002007304000001000000060000000000000e0400"/128], 0x0, 0x8a, 0x0, 0x1, 0x6}, 0x28) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x15, "fb95785b587f23ba61bfb990191a2af1"}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001800)="a5", 0x48}], 0x1}, 0x0) 4.533005093s ago: executing program 3 (id=1193): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x20}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x1}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x5}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f0000000780)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff0000820095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x10a, &(0x7f0000000640)=""/266}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x1c, 0x13, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20048000) r2 = socket$kcm(0x10, 0x2, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) openat(r3, &(0x7f0000000080)='./file0\x00', 0x400880, 0x22) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0305602, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3, 0x200c, 0x0, 0x0, 0x3, 0x3e41173ce03b5098, 0x7}}) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 4.292772872s ago: executing program 4 (id=1194): socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) fsetxattr(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="6f3a8f"], 0x0, 0x0, 0x2) write$P9_RLERRORu(r0, &(0x7f0000000100)=ANY=[], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 3.741008528s ago: executing program 4 (id=1197): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x1fc, 0x30, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [{0xd0, 0x1, [@m_skbedit={0xcc, 0xf, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xf, 0x8}}]}, {0x95, 0x6, "a89c8d3290a687e42ac4510ada767e9fb80ad6dff828eb5e6235c0c180479ec7c252323f8806574cdea774aed480d74752401c70bcfa6a70f5f7ffd9584800d99985f8e4095a90bc5a93c017dcc4b882739e87a473d22f19bd7ec680e8040455fbbf38be0e400ab35968726851a3a616582e7f39c02f72bc6f97df830a7a59275c0c55dfd92ed888aeee722c4f3c7f689a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, {0x118, 0x1, [@m_skbmod={0xe8, 0x21, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_SMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="3e33861f36eb"}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x9, 0x1, 0x20000000, 0xd04, 0x8}, 0x7}}]}, {0x5a, 0x6, "f81782037c8e1f7fce7d04f75d2d01876efef68b43bf9d7429e02add52bbc63558b0e66dedf8acc979dd8b9447688285bceab64aea3c8eb6e322349d54cf03a098a41d902f8a3750d12c17b057bb5e5cc95da9f4101b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x2c, 0x17, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x2}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/10, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 3.634559141s ago: executing program 3 (id=1198): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="15060000f2ff01000000010000003000018014000400ff010000000000000000000000000001060005004e220000060001000a0000000800060001"], 0x44}, 0x5}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) unshare(0x6020400) r3 = syz_io_uring_setup(0x2790, &(0x7f0000000580)={0x0, 0xc386, 0x3010, 0x2, 0x1b0}, &(0x7f0000000240), &(0x7f0000000140), &(0x7f0000000600)) r4 = epoll_create(0xaf2) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0xe000201b}) r5 = syz_io_uring_setup(0x315b, &(0x7f0000000140)={0x0, 0xc7ca, 0x42, 0x1000, 0x7a}, &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r5, 0xc, 0x2000000, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8) syz_usb_connect(0x2, 0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a000905000000000000000705", @ANYBLOB="f8a100b37d"], 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000280)=0x1, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) r7 = syz_clone3(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0xb7) r8 = getpgid(r7) kcmp(r7, r8, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x7d8, 0xfffffffffffffffe) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r9, 0x80049370, &(0x7f00000001c0)) 3.63423372s ago: executing program 4 (id=1199): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0x8) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f00000002c0)={[{@mpol={'mpol', 0x3d, {'local', '=relative', @void}}}]}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x4bfa, &(0x7f0000000000)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='rdma.current\x00', 0x26e1, 0x0) ioctl$FIOCLEX(r4, 0x5451) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x3, 0x0, &(0x7f0000fd7ff0), &(0x7f0000048000), 0x2) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) close(r4) sendmsg$key(0xffffffffffffffff, 0x0, 0x4) socket$kcm(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @local}) ioctl$OCFS2_IOC_UNRESVSP64(r0, 0x4030582b, &(0x7f0000000240)={0x1, 0x2, 0x8000000000000, 0x2, 0xdae, 0xea}) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, 0x0, &(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) 2.679181336s ago: executing program 3 (id=1200): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000280)={0x28, 0x2, r2, r1, 0x0, 0x0, 0xdead, 0x0, 0x0}) close_range(r0, r0, 0x2) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, 0x0, 0x0) syz_emit_ethernet(0x75, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x67, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x53, 0x0, @opaque="6046bcac7ead75b79a775a498827ca82717eaf2f40827015aa936726371a1f8259cbe4f0a9063097ea65b9cab7bfe2b309214596e1e5b6e0f29044411d1e17912370b7070ab6547b72271f"}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x2, r1, 0x0, &(0x7f0000000000/0x800000)=nil, 0x800000, 0x1004000}) 2.265643595s ago: executing program 2 (id=1201): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="180300000000000000000000000001008510000006000000180000000000000000000000000000003f00000000000000180000000000000000000000000000009500000000000000370300000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x1}, 0x94) r0 = socket(0x2c, 0x3, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bind$tipc(r4, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x1, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r2, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0) ioctl$KDSETLED(r3, 0x4b32, 0x2) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) 1.979268882s ago: executing program 0 (id=1202): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)='T', 0x1}], 0x1}}], 0x1, 0x40881) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000002c0)={0x0, 'syzkaller0\x00', {0x1}, 0xb5}) r2 = socket$netlink(0x10, 0x3, 0x0) preadv(r0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/18, 0x12}], 0x3e8, 0xe, 0x6) (fail_nth: 1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) 1.805464826s ago: executing program 2 (id=1203): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000780)}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000007000000070000000020000000400000000e3ff01050000000300000005000093010004000a000000ffff00000600000002000000ff0f00000500000004000000400000000300000031e28cab08f3182c81000000100002007304000001000000060000000000000e0400"/128], 0x0, 0x8a, 0x0, 0x1, 0x6}, 0x28) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x15, "fb95785b587f23ba61bfb990191a2af1"}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001800)="a5", 0x48}], 0x1}, 0x0) 1.58927018s ago: executing program 2 (id=1204): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0xd, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xffffffff, 0xe, 0x0, &(0x7f0000000480)="05004013ffffffffa000c4353512", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00', 0x0}) r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00') statx(r3, &(0x7f0000000000)='./file0\x00', 0x2000, 0xffff4a9c0080ffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r4, &(0x7f0000000200)=[{&(0x7f0000000340)=""/127, 0x7f}, {&(0x7f0000000240)=""/75, 0x4b}], 0x2, 0x6, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4}, 0x50) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4}, 0x50) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x3) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1f, 0x18, &(0x7f00000000c0)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {0x3, 0x3, 0x3, 0x9}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x24}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) ioctl$SIOCAX25GETINFO(r7, 0x89ed, &(0x7f0000000080)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_ext={0x1c, 0x0, &(0x7f00000000c0), &(0x7f0000000100)='GPL\x00', 0x1, 0xc5, &(0x7f00000004c0)=""/197, 0x40f00, 0x1a, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000640)={0x5, 0x6, 0x80000000, 0x7}, 0x10, 0x5ac7, r0, 0x0, &(0x7f0000000780)=[r2, r3, r4, r5, r6], 0x0, 0x10, 0xfffe00}, 0x94) 1.195352844s ago: executing program 2 (id=1205): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xbb898000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xea98, 0x2}, &(0x7f0000000440)=0x5d) 1.179808913s ago: executing program 3 (id=1206): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0xfff2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804) (fail_nth: 1) 696.981477ms ago: executing program 4 (id=1207): openat$vsock(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) fsetxattr(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="6f3a8f"], 0x0, 0x0, 0x2) write$P9_RLERRORu(r0, &(0x7f0000000100)=ANY=[], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 258.975567ms ago: executing program 4 (id=1208): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) poll(&(0x7f0000000000)=[{r0, 0x1000}], 0x1, 0x2) 131.428892ms ago: executing program 2 (id=1209): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x1fc, 0x30, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [{0xd0, 0x1, [@m_skbedit={0xcc, 0xf, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xf, 0x8}}]}, {0x95, 0x6, "a89c8d3290a687e42ac4510ada767e9fb80ad6dff828eb5e6235c0c180479ec7c252323f8806574cdea774aed480d74752401c70bcfa6a70f5f7ffd9584800d99985f8e4095a90bc5a93c017dcc4b882739e87a473d22f19bd7ec680e8040455fbbf38be0e400ab35968726851a3a616582e7f39c02f72bc6f97df830a7a59275c0c55dfd92ed888aeee722c4f3c7f689a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, {0x118, 0x1, [@m_skbmod={0xe8, 0x21, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_SMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="3e33861f36eb"}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x9, 0x1, 0x20000000, 0xd04, 0x8}, 0x7}}]}, {0x5a, 0x6, "f81782037c8e1f7fce7d04f75d2d01876efef68b43bf9d7429e02add52bbc63558b0e66dedf8acc979dd8b9447688285bceab64aea3c8eb6e322349d54cf03a098a41d902f8a3750d12c17b057bb5e5cc95da9f4101b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x2c, 0x17, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x2}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/10, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 128.283921ms ago: executing program 4 (id=1210): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="15060000f2ff01000000010000003000018014000400ff010000000000000000000000000001060005004e220000060001000a0000000800060001"], 0x44}, 0x5}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) unshare(0x6020400) syz_io_uring_setup(0x2790, &(0x7f0000000580)={0x0, 0xc386, 0x3010, 0x2, 0x1b0}, &(0x7f0000000240), &(0x7f0000000140), &(0x7f0000000600)) epoll_create(0xaf2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000002cb400000000000000000000002d3d43788eefce0c0000000000000067b2a500f528e31470e3fcb4620a37f2975733e0f1cf70b5f9240a7b2df440402569edf0793774e9e201333db74663b3dd3487d3d163b35fda1747a9fc751357fb3d053adcd127b40caedaa768591f4b08fab45654c025a9f2f72e5350c1a08400000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = syz_io_uring_setup(0x315b, &(0x7f0000000140)={0x0, 0xc7ca, 0x42, 0x1000, 0x7a}, &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x2000000, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r2}, 0x8) syz_usb_connect(0x2, 0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed010203010902220001000000000904000001437b6a000905000000000000000705", @ANYBLOB="f8a100b37d"], 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000280)=0x1, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', 0x0}) r5 = syz_clone3(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0xb7) r6 = getpgid(r5) kcmp(r5, r6, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x7d8, 0xfffffffffffffffe) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r7, 0x80049370, &(0x7f00000001c0)) 105.178732ms ago: executing program 2 (id=1211): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000240), 0x0, 0x2) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000280)=@fd={0x5, 0x4, 0x4, 0xe000, 0x4, {0x77359400}, {0x3, 0x8, 0x5, 0x3, 0xd9, 0x48, "18fd28ef"}, 0xffffa53c, 0x4, {}, 0x9}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x3d, 0x7fff0000}]}) r2 = semget(0x0, 0x4, 0x3c4) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000000)) semtimedop(r2, &(0x7f0000000180)=[{0x3, 0x949, 0x3800}], 0x1, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0xc82) readv(r3, &(0x7f0000000440)=[{&(0x7f0000000040)=""/234, 0xea}, {0x0}], 0x2) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f00000006c0)={0x40, 0x6, 0x5c}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x6b, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaabbc1c4bec200000186ddb0a7ddf000283afffe880000000000000000000000000101ff020010"], 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x5, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000c40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 486.72µs ago: executing program 3 (id=1212): syz_usb_connect$uac1(0x4, 0x9c, &(0x7f0000000000)=ANY=[@ANYRES16], 0x0) (async) r0 = fsmount(0xffffffffffffffff, 0x1, 0x89) (async, rerun: 32) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, 0xd, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x4004000) (async) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="29d55dbc02c96439c826d025e39a4abdd39488e5d9bfa732978076ece76df169671708b898c55c01208ce4a69a2479f73306e30475ddc7d83ab3772181508c9cb97ea51bb71e3bf935526ea4fdb0a522c6a7fdd00c794e3553a6d356c4061786e20f77038e9537c7386b61059d735e36f5d7bfba2419e12e2dc1782ebb3d792b8fa750cc96b736b31a2ddbcc6fb4dd", 0x8f, 0x44000, &(0x7f0000000300)={0xa, 0x4e20, 0x2, @local, 0x7f}, 0x1c) (async) dup3(r0, r2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0], 0x3, 0x0, 0x0, 0xffffffffffffffff}) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000200)={0xaab, 0xa, 0x2}) ioctl$XFS_IOC_FD_TO_HANDLE(r1, 0xc038586a, &(0x7f0000000400)={r3, &(0x7f00000001c0)='\x90\xa3(+\x00', 0xc02000, &(0x7f0000000340)={@_ha_fsid={[0xf, 0x298]}, {0xd21, 0x9, 0x1ff, 0xda}}, 0x7fff, &(0x7f0000000380), &(0x7f00000003c0)=0x6}) ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000190c0)={0x100, 0x1, 0x1, {0x2, @meta={0x48435655, 0x358fdee1, 0x6948, 0x475c, 0x3454c9d}}, 0xffffffff}) (async, rerun: 32) openat$cgroup_ro(r4, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) (rerun: 32) 0s ago: executing program 0 (id=1213): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$kcm(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x4c, &(0x7f00000000c0)=r4, 0x4) sched_getaffinity(r0, 0x8, &(0x7f0000000000)) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03"], 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x28040010) open(0x0, 0x1, 0xea) socket(0x15, 0x2, 0x0) r11 = socket$inet(0x2, 0x5, 0x1) bind$inet(r11, &(0x7f0000000040)={0x2, 0x4e1d, @rand_addr=0x64010102}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="660a00000700000061114c000000000085000000cf00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94) kernel console output (not intermixed with test programs): probe with driver gs_usb failed with error -71 [ 555.134648][ T814] usb 1-1: USB disconnect, device number 22 [ 556.163394][ T50] usb 3-1: USB disconnect, device number 20 [ 557.381605][ T7854] udevd[7854]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 558.334732][ T7962] 9pnet_fd: Insufficient options for proto=fd [ 559.809693][ T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 559.923227][ T814] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 559.979742][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 559.984485][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 559.984512][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.984530][ T10] usb 1-1: Product: syz [ 559.984543][ T10] usb 1-1: Manufacturer: syz [ 559.984555][ T10] usb 1-1: SerialNumber: syz [ 560.070239][ T814] usb 3-1: Using ep0 maxpacket: 32 [ 560.908839][ T10] usb 1-1: config 0 descriptor?? [ 560.913333][ T814] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 560.913362][ T814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.976850][ T814] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 561.199321][ T10] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 561.708051][ T814] gspca_nw80x: reg_r err -110 [ 561.708983][ T814] nw80x 3-1:3.0: probe with driver nw80x failed with error -110 [ 562.582535][ T5861] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 562.740886][ T5861] usb 5-1: Using ep0 maxpacket: 32 [ 562.753323][ T5861] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 562.753351][ T5861] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 562.753757][ T5861] usb 5-1: config 0 interface 0 has no altsetting 0 [ 562.769034][ T5861] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 562.769061][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.769133][ T5861] usb 5-1: Product: syz [ 562.769146][ T5861] usb 5-1: Manufacturer: syz [ 562.769159][ T5861] usb 5-1: SerialNumber: syz [ 562.790188][ T5861] usb 5-1: config 0 descriptor?? [ 562.812267][ T10] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 563.013606][ T7986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.017023][ T7986] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.027074][ T7986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.031136][ T7986] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 563.382477][ T1330] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.382639][ T1330] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.436687][ T5861] gs_usb 5-1:0.0: Couldn't get device config: (err=-71) [ 563.436728][ T5861] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71 [ 563.464351][ T5861] usb 5-1: USB disconnect, device number 29 [ 563.632915][ T10] usb 3-1: USB disconnect, device number 21 [ 563.889774][ T10] usb 1-1: USB disconnect, device number 23 [ 564.012824][ T8009] 9p: Bad value for 'wfdno' [ 564.326282][ T8020] netlink: 104 bytes leftover after parsing attributes in process `syz.4.617'. [ 565.465108][ T8036] fuse: fd is not a fuse device [ 565.962587][ T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 566.058957][ T8046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.623'. [ 566.990814][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 567.007587][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 567.008102][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.011991][ T10] usb 5-1: Product: syz [ 567.012008][ T10] usb 5-1: Manufacturer: syz [ 567.012022][ T10] usb 5-1: SerialNumber: syz [ 567.058571][ T10] usb 5-1: config 0 descriptor?? [ 567.272496][ T10] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 567.750739][ T8052] 9p: Bad value for 'wfdno' [ 568.293205][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 568.389250][ T8064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.629'. [ 569.721053][ T5855] usb 5-1: USB disconnect, device number 30 [ 570.007900][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.634'. [ 570.850875][ T8077] overlayfs: conflicting options: userxattr,metacopy=on [ 571.002450][ T8086] capability: warning: `syz.0.635' uses deprecated v2 capabilities in a way that may be insecure [ 571.078337][ T8088] 9p: Bad value for 'wfdno' [ 571.939758][ T5855] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 572.325276][ T5855] usb 3-1: Using ep0 maxpacket: 8 [ 572.341298][ T5855] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 572.341328][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.341346][ T5855] usb 3-1: Product: syz [ 572.341360][ T5855] usb 3-1: Manufacturer: syz [ 572.341374][ T5855] usb 3-1: SerialNumber: syz [ 572.357347][ T5855] usb 3-1: config 0 descriptor?? [ 572.584558][ T5855] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 572.868762][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.647'. [ 572.969818][ T5863] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 573.088668][ T8125] netlink: 128 bytes leftover after parsing attributes in process `syz.1.650'. [ 573.088686][ T8125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.650'. [ 573.088694][ T8125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.650'. [ 573.147312][ T5863] usb 5-1: unable to get BOS descriptor or descriptor too short [ 573.150119][ T5863] usb 5-1: config 2 has an invalid interface number: 34 but max is 0 [ 573.150144][ T5863] usb 5-1: config 2 has no interface number 0 [ 573.150173][ T5863] usb 5-1: config 2 interface 34 has no altsetting 0 [ 573.163819][ T5863] usb 5-1: New USB device found, idVendor=0572, idProduct=1328, bcdDevice=9c.5f [ 573.164002][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.169772][ T5863] usb 5-1: Product: syz [ 573.169790][ T5863] usb 5-1: Manufacturer: syz [ 573.169803][ T5863] usb 5-1: SerialNumber: syz [ 573.618296][ T5855] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 574.632344][ T36] audit: type=1326 audit(1777004250.221:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.632642][ T36] audit: type=1326 audit(1777004250.221:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.633279][ T36] audit: type=1326 audit(1777004250.221:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.633566][ T36] audit: type=1326 audit(1777004250.221:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.635504][ T36] audit: type=1326 audit(1777004250.221:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.635555][ T36] audit: type=1326 audit(1777004250.221:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.635594][ T36] audit: type=1326 audit(1777004250.221:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.635635][ T36] audit: type=1326 audit(1777004250.221:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.635673][ T36] audit: type=1326 audit(1777004250.221:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.636320][ T36] audit: type=1326 audit(1777004250.221:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8140 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 574.903589][ T31] usb 3-1: USB disconnect, device number 22 [ 576.060584][ T5863] usb 5-1: USB disconnect, device number 31 [ 576.232057][ T8172] netlink: 10 bytes leftover after parsing attributes in process `syz.3.664'. [ 576.555490][ T8179] tmpfs: Bad value for 'mpol' [ 577.749459][ T8188] tmpfs: Bad value for 'mpol' [ 578.595104][ T8196] FAULT_INJECTION: forcing a failure. [ 578.595104][ T8196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 578.595137][ T8196] CPU: 1 UID: 0 PID: 8196 Comm: syz.2.673 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 578.595163][ T8196] Tainted: [L]=SOFTLOCKUP [ 578.595170][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 578.595182][ T8196] Call Trace: [ 578.595189][ T8196] [ 578.595197][ T8196] dump_stack_lvl+0xe8/0x150 [ 578.595233][ T8196] should_fail_ex+0x46b/0x600 [ 578.595267][ T8196] _copy_from_user+0x2d/0xb0 [ 578.595291][ T8196] ___sys_sendmsg+0x1c6/0x360 [ 578.595321][ T8196] ? __lock_acquire+0x6b5/0x2cf0 [ 578.595347][ T8196] ? __pfx____sys_sendmsg+0x10/0x10 [ 578.595404][ T8196] ? __fget_files+0x2a/0x420 [ 578.595425][ T8196] ? __fget_files+0x3a6/0x420 [ 578.595455][ T8196] __x64_sys_sendmsg+0x1c3/0x2a0 [ 578.595485][ T8196] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 578.595519][ T8196] ? __pfx_ksys_write+0x10/0x10 [ 578.595551][ T8196] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.595571][ T8196] do_syscall_64+0x15f/0xf80 [ 578.595589][ T8196] ? trace_irq_disable+0x3b/0x140 [ 578.595617][ T8196] ? clear_bhb_loop+0x40/0x90 [ 578.595640][ T8196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.595659][ T8196] RIP: 0033:0x7f7d5872c819 [ 578.595676][ T8196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 578.595692][ T8196] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 578.595712][ T8196] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 578.595726][ T8196] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 578.595739][ T8196] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 578.595751][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.595762][ T8196] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 578.595791][ T8196] [ 578.711665][ T8198] atomic_op ffff888062fcca18 conn xmit_atomic 0000000000000000 [ 578.729277][ T8198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.674'. [ 578.804794][ T8198] team1: entered promiscuous mode [ 578.804821][ T8198] team1: entered allmulticast mode [ 578.805360][ T8198] 8021q: adding VLAN 0 to HW filter on device team1 [ 579.203855][ T5863] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 579.730033][ T814] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 579.819771][ T5863] usb 1-1: Using ep0 maxpacket: 32 [ 579.823390][ T5863] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 579.823408][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.839765][ T5863] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 579.907243][ T814] usb 3-1: unable to get BOS descriptor or descriptor too short [ 579.909177][ T814] usb 3-1: config 2 has an invalid interface number: 34 but max is 0 [ 579.909203][ T814] usb 3-1: config 2 has no interface number 0 [ 579.909234][ T814] usb 3-1: config 2 interface 34 has no altsetting 0 [ 579.918939][ T814] usb 3-1: New USB device found, idVendor=0572, idProduct=1328, bcdDevice=9c.5f [ 579.918968][ T814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.918986][ T814] usb 3-1: Product: syz [ 579.918999][ T814] usb 3-1: Manufacturer: syz [ 579.919013][ T814] usb 3-1: SerialNumber: syz [ 581.079763][ T5863] gspca_nw80x: reg_r err -110 [ 581.079856][ T5863] nw80x 1-1:3.0: probe with driver nw80x failed with error -110 [ 581.324927][ T5855] usb 1-1: USB disconnect, device number 24 [ 581.993683][ T8227] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.681'. [ 582.861532][ T8233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'. [ 583.892558][ T814] usb 3-1: USB disconnect, device number 23 [ 584.039677][ T50] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 584.193010][ T50] usb 5-1: Using ep0 maxpacket: 16 [ 584.233750][ T50] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 584.233783][ T50] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 584.233805][ T50] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 584.233831][ T50] usb 5-1: config 0 interface 0 has no altsetting 0 [ 584.233863][ T50] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 584.233885][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.342101][ T50] usb 5-1: config 0 descriptor?? [ 584.396200][ T8240] FAULT_INJECTION: forcing a failure. [ 584.396200][ T8240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.396235][ T8240] CPU: 0 UID: 0 PID: 8240 Comm: syz.2.686 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 584.396262][ T8240] Tainted: [L]=SOFTLOCKUP [ 584.396269][ T8240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 584.396281][ T8240] Call Trace: [ 584.396289][ T8240] [ 584.396296][ T8240] dump_stack_lvl+0xe8/0x150 [ 584.396319][ T8240] should_fail_ex+0x46b/0x600 [ 584.396338][ T8240] _copy_from_user+0x2d/0xb0 [ 584.396353][ T8240] ___sys_sendmsg+0x1c6/0x360 [ 584.396387][ T8240] ? __lock_acquire+0x6b5/0x2cf0 [ 584.396414][ T8240] ? __pfx____sys_sendmsg+0x10/0x10 [ 584.396469][ T8240] ? __fget_files+0x2a/0x420 [ 584.396482][ T8240] ? __fget_files+0x3a6/0x420 [ 584.396497][ T8240] __x64_sys_sendmsg+0x1c3/0x2a0 [ 584.396512][ T8240] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 584.396545][ T8240] ? __pfx_ksys_write+0x10/0x10 [ 584.396579][ T8240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.396600][ T8240] do_syscall_64+0x15f/0xf80 [ 584.396617][ T8240] ? trace_irq_disable+0x3b/0x140 [ 584.396639][ T8240] ? clear_bhb_loop+0x40/0x90 [ 584.396651][ T8240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.396661][ T8240] RIP: 0033:0x7f7d5872c819 [ 584.396671][ T8240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 584.396680][ T8240] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 584.396700][ T8240] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 584.396714][ T8240] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000004 [ 584.396727][ T8240] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 584.396739][ T8240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 584.396750][ T8240] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 584.396781][ T8240] [ 584.800628][ T8251] netlink: 48 bytes leftover after parsing attributes in process `syz.1.690'. [ 585.271555][ T8263] tmpfs: Bad value for 'mpol' [ 586.161763][ T50] usbhid 5-1:0.0: can't add hid device: -71 [ 586.161872][ T50] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 586.180044][ T50] usb 5-1: USB disconnect, device number 32 [ 586.426454][ T8277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.695'. [ 587.449696][ T5863] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 587.600472][ T5863] usb 1-1: Using ep0 maxpacket: 32 [ 587.629775][ T5863] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 587.629804][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.710679][ T8295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.703'. [ 588.712149][ T5863] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 590.265587][ T5863] gspca_nw80x: reg_r err -110 [ 590.265674][ T5863] nw80x 1-1:3.0: probe with driver nw80x failed with error -110 [ 590.439745][ T5863] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 590.649881][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.709'. [ 591.135909][ T5863] usb 5-1: Using ep0 maxpacket: 16 [ 591.569765][ T10] usb 1-1: USB disconnect, device number 25 [ 591.681245][ T5863] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.681277][ T5863] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.681298][ T5863] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 591.681322][ T5863] usb 5-1: config 0 interface 0 has no altsetting 0 [ 591.681353][ T5863] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 591.681373][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.689247][ T5863] usb 5-1: config 0 descriptor?? [ 592.114524][ T5863] usbhid 5-1:0.0: can't add hid device: -71 [ 592.114606][ T5863] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 592.136020][ T5863] usb 5-1: USB disconnect, device number 33 [ 593.206558][ T8346] tipc: Started in network mode [ 593.206578][ T8346] tipc: Node identity 42b40e8ac786, cluster identity 4711 [ 593.206937][ T8346] tipc: Enabled bearer , priority 0 [ 593.209437][ T8346] syzkaller0: entered promiscuous mode [ 593.209455][ T8346] syzkaller0: entered allmulticast mode [ 593.373094][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.721'. [ 593.398685][ T8348] tipc: Resetting bearer [ 593.527576][ T8344] tipc: Resetting bearer [ 594.299271][ T8364] netlink: 'syz.0.727': attribute type 5 has an invalid length. [ 594.299293][ T8364] netlink: 24 bytes leftover after parsing attributes in process `syz.0.727'. [ 594.483148][ T8365] random: crng reseeded on system resumption [ 595.492303][ T8344] tipc: Disabling bearer [ 596.249189][ T10] tipc: Node number set to 2234650250 [ 596.326348][ T8382] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.733'. [ 596.592665][ T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 596.769487][ T10] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 596.769509][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.769518][ T10] usb 5-1: Product: syz [ 596.770651][ T10] usb 5-1: Manufacturer: syz [ 596.770669][ T10] usb 5-1: SerialNumber: syz [ 596.799351][ T10] usb 5-1: config 0 descriptor?? [ 596.882916][ T31] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 596.971273][ T814] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 597.062567][ T31] usb 1-1: Using ep0 maxpacket: 16 [ 597.084605][ T31] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 597.084637][ T31] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.084657][ T31] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 597.084685][ T31] usb 1-1: config 0 interface 0 has no altsetting 0 [ 597.084713][ T31] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 597.084735][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.186107][ T814] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 597.186143][ T814] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 597.186161][ T814] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 597.186209][ T814] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 597.186234][ T814] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 597.193271][ T814] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 597.193299][ T814] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 597.193318][ T814] usb 3-1: Product: syz [ 597.193331][ T814] usb 3-1: Manufacturer: syz [ 597.282417][ T31] usb 1-1: config 0 descriptor?? [ 597.323116][ T814] cdc_wdm 3-1:1.0: skipping garbage [ 597.323169][ T814] cdc_wdm 3-1:1.0: skipping garbage [ 597.535488][ T814] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 597.535510][ T814] cdc_wdm 3-1:1.0: Unknown control protocol [ 597.840351][ T814] usb 3-1: USB disconnect, device number 24 [ 597.903073][ T10] usb 5-1: non-Atmel transceiver xxxx001b [ 598.227185][ T31] usbhid 1-1:0.0: can't add hid device: -71 [ 598.227303][ T31] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 598.246131][ T31] usb 1-1: USB disconnect, device number 26 [ 599.104878][ T8414] comedi comedi3: comedi_config --init_data is deprecated [ 599.161355][ T10] usb 5-1: Firmware version (0.0) predates our first public release. [ 599.161381][ T10] usb 5-1: Please update to version 0.2 or newer [ 599.161832][ T10] usb 5-1: atusb_probe: initialization failed, error = -19 [ 599.299170][ T10] usb 5-1: USB disconnect, device number 34 [ 599.557604][ T8427] netlink: 140 bytes leftover after parsing attributes in process `syz.2.746'. [ 599.558444][ T8427] syz.2.746 (8427): drop_caches: 0 [ 599.645855][ T8429] FAULT_INJECTION: forcing a failure. [ 599.645855][ T8429] name failslab, interval 1, probability 0, space 0, times 0 [ 599.645899][ T8429] CPU: 0 UID: 0 PID: 8429 Comm: syz.0.745 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 599.645926][ T8429] Tainted: [L]=SOFTLOCKUP [ 599.645932][ T8429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 599.645944][ T8429] Call Trace: [ 599.645952][ T8429] [ 599.645960][ T8429] dump_stack_lvl+0xe8/0x150 [ 599.645997][ T8429] should_fail_ex+0x46b/0x600 [ 599.646033][ T8429] should_failslab+0xa8/0x100 [ 599.646063][ T8429] __kmalloc_noprof+0xdf/0x7b0 [ 599.646089][ T8429] ? kfree+0x4d/0x6c0 [ 599.646111][ T8429] ? tomoyo_path_number_perm+0x219/0x630 [ 599.646136][ T8429] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 599.646174][ T8429] tomoyo_realpath_from_path+0xe3/0x5d0 [ 599.646205][ T8429] ? tomoyo_domain+0xd8/0x130 [ 599.646230][ T8429] ? tomoyo_path_number_perm+0x219/0x630 [ 599.646256][ T8429] tomoyo_path_number_perm+0x246/0x630 [ 599.646283][ T8429] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 599.646307][ T8429] ? __lock_acquire+0x6b5/0x2cf0 [ 599.646332][ T8429] ? do_raw_spin_lock+0x12b/0x2f0 [ 599.646391][ T8429] ? __fget_files+0x2a/0x420 [ 599.646416][ T8429] ? __fget_files+0x2a/0x420 [ 599.646437][ T8429] ? __fget_files+0x3a6/0x420 [ 599.646458][ T8429] ? __fget_files+0x2a/0x420 [ 599.646484][ T8429] security_file_ioctl+0xc3/0x2a0 [ 599.646513][ T8429] __se_sys_ioctl+0x47/0x170 [ 599.646541][ T8429] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.646562][ T8429] do_syscall_64+0x15f/0xf80 [ 599.646581][ T8429] ? trace_irq_disable+0x3b/0x140 [ 599.646611][ T8429] ? clear_bhb_loop+0x40/0x90 [ 599.646635][ T8429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.646654][ T8429] RIP: 0033:0x7fd30558c819 [ 599.646672][ T8429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 599.646689][ T8429] RSP: 002b:00007fd30379c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 599.646711][ T8429] RAX: ffffffffffffffda RBX: 00007fd305806180 RCX: 00007fd30558c819 [ 599.646725][ T8429] RDX: 0000200000000000 RSI: 0000000000005452 RDI: 0000000000000006 [ 599.646738][ T8429] RBP: 00007fd30379c090 R08: 0000000000000000 R09: 0000000000000000 [ 599.646750][ T8429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 599.646761][ T8429] R13: 00007fd305806218 R14: 00007fd305806180 R15: 00007ffedd3c9cb8 [ 599.646792][ T8429] [ 599.647950][ T8429] ERROR: Out of memory at tomoyo_realpath_from_path. [ 599.670356][ T8431] FAULT_INJECTION: forcing a failure. [ 599.670356][ T8431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 599.670391][ T8431] CPU: 0 UID: 0 PID: 8431 Comm: syz.2.747 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 599.670418][ T8431] Tainted: [L]=SOFTLOCKUP [ 599.670424][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 599.670435][ T8431] Call Trace: [ 599.670443][ T8431] [ 599.670450][ T8431] dump_stack_lvl+0xe8/0x150 [ 599.670485][ T8431] should_fail_ex+0x46b/0x600 [ 599.670520][ T8431] _copy_from_user+0x2d/0xb0 [ 599.670541][ T8431] __sys_bpf+0x229/0x950 [ 599.670579][ T8431] ? __pfx___sys_bpf+0x10/0x10 [ 599.670595][ T8431] ? rt_mutex_slowunlock+0x1cb/0x300 [ 599.670633][ T8431] ? ksys_write+0x248/0x270 [ 599.670661][ T8431] ? __pfx_ksys_write+0x10/0x10 [ 599.670688][ T8431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.670710][ T8431] __x64_sys_bpf+0x7c/0x90 [ 599.670737][ T8431] do_syscall_64+0x15f/0xf80 [ 599.670753][ T8431] ? trace_irq_disable+0x3b/0x140 [ 599.670780][ T8431] ? clear_bhb_loop+0x40/0x90 [ 599.670803][ T8431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.670821][ T8431] RIP: 0033:0x7f7d5872c819 [ 599.670838][ T8431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 599.670853][ T8431] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 599.670879][ T8431] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 599.670893][ T8431] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 599.670905][ T8431] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 599.670917][ T8431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 599.670929][ T8431] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 599.670957][ T8431] [ 600.878859][ T8459] netlink: 'syz.2.757': attribute type 21 has an invalid length. [ 600.878883][ T8459] netlink: 100 bytes leftover after parsing attributes in process `syz.2.757'. [ 601.021260][ T36] kauditd_printk_skb: 135 callbacks suppressed [ 601.021278][ T36] audit: type=1326 audit(1777004276.611:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.021438][ T36] audit: type=1326 audit(1777004276.611:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.023801][ T36] audit: type=1326 audit(1777004276.611:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.023910][ T36] audit: type=1326 audit(1777004276.611:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.027568][ T36] audit: type=1326 audit(1777004276.611:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.027614][ T36] audit: type=1326 audit(1777004276.611:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.027654][ T36] audit: type=1326 audit(1777004276.611:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.028277][ T36] audit: type=1326 audit(1777004276.611:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.028412][ T36] audit: type=1326 audit(1777004276.611:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.049675][ T36] audit: type=1326 audit(1777004276.621:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f4fc992c819 code=0x7ffc0000 [ 601.319729][ T814] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 601.397826][ T8475] nfs4: Unknown parameter '' [ 601.469807][ T814] usb 3-1: Using ep0 maxpacket: 16 [ 601.600724][ T814] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 601.600752][ T814] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 602.359876][ T814] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 602.359907][ T814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.359926][ T814] usb 3-1: Product: syz [ 602.359940][ T814] usb 3-1: Manufacturer: syz [ 602.359953][ T814] usb 3-1: SerialNumber: syz [ 602.520843][ T814] usb 3-1: 0:2 : does not exist [ 602.742408][ T814] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 602.787250][ T8489] netlink: 'syz.3.766': attribute type 3 has an invalid length. [ 602.856580][ T814] usb 3-1: USB disconnect, device number 25 [ 602.971966][ T8492] netlink: 'syz.0.767': attribute type 3 has an invalid length. [ 602.995774][ T8383] udevd[8383]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 607.105956][ T8531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.774'. [ 608.194789][ T8552] FAULT_INJECTION: forcing a failure. [ 608.194789][ T8552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.194824][ T8552] CPU: 0 UID: 0 PID: 8552 Comm: syz.0.784 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 608.194844][ T8552] Tainted: [L]=SOFTLOCKUP [ 608.194851][ T8552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 608.194857][ T8552] Call Trace: [ 608.194862][ T8552] [ 608.194867][ T8552] dump_stack_lvl+0xe8/0x150 [ 608.194888][ T8552] should_fail_ex+0x46b/0x600 [ 608.194908][ T8552] _copy_from_user+0x2d/0xb0 [ 608.194921][ T8552] ___sys_sendmsg+0x1c6/0x360 [ 608.194935][ T8552] ? __lock_acquire+0x6b5/0x2cf0 [ 608.194949][ T8552] ? __pfx____sys_sendmsg+0x10/0x10 [ 608.194981][ T8552] ? __fget_files+0x2a/0x420 [ 608.194993][ T8552] ? __fget_files+0x3a6/0x420 [ 608.195009][ T8552] __x64_sys_sendmsg+0x1c3/0x2a0 [ 608.195024][ T8552] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 608.195042][ T8552] ? __pfx_ksys_write+0x10/0x10 [ 608.195060][ T8552] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.195071][ T8552] do_syscall_64+0x15f/0xf80 [ 608.195081][ T8552] ? trace_irq_disable+0x3b/0x140 [ 608.195097][ T8552] ? clear_bhb_loop+0x40/0x90 [ 608.195109][ T8552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.195119][ T8552] RIP: 0033:0x7fd30558c819 [ 608.195129][ T8552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 608.195138][ T8552] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 608.195150][ T8552] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 608.195157][ T8552] RDX: 0000000004000800 RSI: 00002000000007c0 RDI: 0000000000000003 [ 608.195163][ T8552] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 608.195169][ T8552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.195175][ T8552] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 608.195190][ T8552] [ 608.537881][ T8555] tmpfs: Bad value for 'mpol' [ 609.157287][ T8559] FAULT_INJECTION: forcing a failure. [ 609.157287][ T8559] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 609.157322][ T8559] CPU: 1 UID: 0 PID: 8559 Comm: syz.0.786 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 609.157349][ T8559] Tainted: [L]=SOFTLOCKUP [ 609.157356][ T8559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 609.157369][ T8559] Call Trace: [ 609.157375][ T8559] [ 609.157384][ T8559] dump_stack_lvl+0xe8/0x150 [ 609.157419][ T8559] should_fail_ex+0x46b/0x600 [ 609.157454][ T8559] _copy_from_user+0x2d/0xb0 [ 609.157478][ T8559] ___sys_sendmsg+0x1c6/0x360 [ 609.157505][ T8559] ? __lock_acquire+0x6b5/0x2cf0 [ 609.157531][ T8559] ? __pfx____sys_sendmsg+0x10/0x10 [ 609.157591][ T8559] ? __fget_files+0x2a/0x420 [ 609.157613][ T8559] ? __fget_files+0x3a6/0x420 [ 609.157643][ T8559] __x64_sys_sendmsg+0x1c3/0x2a0 [ 609.157672][ T8559] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 609.157708][ T8559] ? __pfx_ksys_write+0x10/0x10 [ 609.157743][ T8559] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.157764][ T8559] do_syscall_64+0x15f/0xf80 [ 609.157781][ T8559] ? trace_irq_disable+0x3b/0x140 [ 609.157810][ T8559] ? clear_bhb_loop+0x40/0x90 [ 609.157834][ T8559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.157853][ T8559] RIP: 0033:0x7fd30558c819 [ 609.157877][ T8559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 609.157894][ T8559] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 609.157914][ T8559] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 609.157928][ T8559] RDX: 0000000020008000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 609.157941][ T8559] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 609.157954][ T8559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.157966][ T8559] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 609.157997][ T8559] [ 609.304539][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 609.347750][ T8565] FAULT_INJECTION: forcing a failure. [ 609.347750][ T8565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 609.347784][ T8565] CPU: 1 UID: 0 PID: 8565 Comm: syz.0.789 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 609.347810][ T8565] Tainted: [L]=SOFTLOCKUP [ 609.347816][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 609.347827][ T8565] Call Trace: [ 609.347834][ T8565] [ 609.347842][ T8565] dump_stack_lvl+0xe8/0x150 [ 609.347876][ T8565] should_fail_ex+0x46b/0x600 [ 609.347911][ T8565] _copy_from_user+0x2d/0xb0 [ 609.347932][ T8565] ___sys_sendmsg+0x1c6/0x360 [ 609.347957][ T8565] ? __lock_acquire+0x6b5/0x2cf0 [ 609.347982][ T8565] ? __pfx____sys_sendmsg+0x10/0x10 [ 609.348036][ T8565] ? __fget_files+0x2a/0x420 [ 609.348057][ T8565] ? __fget_files+0x3a6/0x420 [ 609.348087][ T8565] __x64_sys_sendmsg+0x1c3/0x2a0 [ 609.348114][ T8565] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 609.348147][ T8565] ? __pfx_ksys_write+0x10/0x10 [ 609.348180][ T8565] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.348200][ T8565] do_syscall_64+0x15f/0xf80 [ 609.348217][ T8565] ? trace_irq_disable+0x3b/0x140 [ 609.348244][ T8565] ? clear_bhb_loop+0x40/0x90 [ 609.348266][ T8565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.348284][ T8565] RIP: 0033:0x7fd30558c819 [ 609.348301][ T8565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 609.348318][ T8565] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 609.348337][ T8565] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 609.348350][ T8565] RDX: 00000000000440e0 RSI: 0000200000000100 RDI: 0000000000000003 [ 609.348363][ T8565] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 609.348375][ T8565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.348386][ T8565] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 609.348415][ T8565] [ 609.356329][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 609.356548][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 609.357782][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 609.357880][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 609.504216][ T8569] netlink: 'syz.4.790': attribute type 3 has an invalid length. [ 610.428482][ T8579] FAULT_INJECTION: forcing a failure. [ 610.428482][ T8579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.428517][ T8579] CPU: 0 UID: 0 PID: 8579 Comm: syz.4.794 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 610.428548][ T8579] Tainted: [L]=SOFTLOCKUP [ 610.428555][ T8579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 610.428567][ T8579] Call Trace: [ 610.428574][ T8579] [ 610.428582][ T8579] dump_stack_lvl+0xe8/0x150 [ 610.428617][ T8579] should_fail_ex+0x46b/0x600 [ 610.428653][ T8579] _copy_from_user+0x2d/0xb0 [ 610.428677][ T8579] ___sys_recvmsg+0x175/0x590 [ 610.428703][ T8579] ? get_pid_task+0x20/0x1f0 [ 610.428723][ T8579] ? get_pid_task+0x20/0x1f0 [ 610.428748][ T8579] ? __pfx____sys_recvmsg+0x10/0x10 [ 610.428779][ T8579] ? __fget_files+0x2a/0x420 [ 610.428817][ T8579] ? __fget_files+0x3a6/0x420 [ 610.428847][ T8579] __x64_sys_recvmsg+0x1c0/0x2a0 [ 610.428876][ T8579] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 610.428912][ T8579] ? __pfx_ksys_write+0x10/0x10 [ 610.428946][ T8579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.428967][ T8579] do_syscall_64+0x15f/0xf80 [ 610.428984][ T8579] ? trace_irq_disable+0x3b/0x140 [ 610.429013][ T8579] ? clear_bhb_loop+0x40/0x90 [ 610.429036][ T8579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.429055][ T8579] RIP: 0033:0x7f4fc992c819 [ 610.429072][ T8579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 610.429089][ T8579] RSP: 002b:00007f4fc7b86028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 610.429110][ T8579] RAX: ffffffffffffffda RBX: 00007f4fc9ba5fa0 RCX: 00007f4fc992c819 [ 610.429124][ T8579] RDX: 0000000000000000 RSI: 000020000000b680 RDI: 0000000000000004 [ 610.429137][ T8579] RBP: 00007f4fc7b86090 R08: 0000000000000000 R09: 0000000000000000 [ 610.429148][ T8579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.429160][ T8579] R13: 00007f4fc9ba6038 R14: 00007f4fc9ba5fa0 R15: 00007ffe35c24268 [ 610.429189][ T8579] [ 611.267285][ T5863] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 611.934215][ T5863] usb 3-1: Using ep0 maxpacket: 32 [ 611.959190][ T5863] usb 3-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 611.959208][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.959218][ T5863] usb 3-1: Product: syz [ 611.959224][ T5863] usb 3-1: Manufacturer: syz [ 611.959232][ T5863] usb 3-1: SerialNumber: syz [ 612.004437][ T5863] usb 3-1: config 0 descriptor?? [ 612.030604][ T5863] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 612.030980][ T5863] dvb-usb: bulk message failed: -22 (4/0) [ 612.030996][ T5863] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 612.031092][ T5863] dvb-usb: bulk message failed: -22 (5/0) [ 612.031103][ T5863] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 612.254884][ T5863] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 612.274680][ T8585] dvb-usb: bulk message failed: -22 (7/0) [ 612.274700][ T8585] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 612.274758][ T8585] ttusb2: i2c transfer failed. [ 612.283119][ T5863] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 612.314861][ T5863] usb 3-1: media controller created [ 612.478632][ T5863] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 612.819982][ T5863] usb 3-1: selecting invalid altsetting 3 [ 612.820003][ T5863] ttusb2: set interface to alts=3 failed [ 613.028911][ T5863] DVB: Unable to find symbol tda10086_attach() [ 613.028942][ T5863] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 613.030080][ T5863] dvb-usb: bulk message failed: -22 (4/0) [ 613.030096][ T5863] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 613.030211][ T5863] dvb-usb: bulk message failed: -22 (5/0) [ 613.030224][ T5863] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 613.030283][ T5863] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 613.043729][ T5863] usb 3-1: USB disconnect, device number 26 [ 613.454109][ T8607] netlink: 4 bytes leftover after parsing attributes in process `syz.3.802'. [ 614.464248][ T5863] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 614.681543][ T8612] netlink: 'syz.3.804': attribute type 3 has an invalid length. [ 614.758248][ T8616] netlink: 24 bytes leftover after parsing attributes in process `syz.0.806'. [ 616.009210][ T8630] FAULT_INJECTION: forcing a failure. [ 616.009210][ T8630] name failslab, interval 1, probability 0, space 0, times 0 [ 616.009247][ T8630] CPU: 0 UID: 0 PID: 8630 Comm: syz.2.811 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 616.009274][ T8630] Tainted: [L]=SOFTLOCKUP [ 616.009281][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 616.009293][ T8630] Call Trace: [ 616.009300][ T8630] [ 616.009309][ T8630] dump_stack_lvl+0xe8/0x150 [ 616.009344][ T8630] should_fail_ex+0x46b/0x600 [ 616.009380][ T8630] should_failslab+0xa8/0x100 [ 616.009415][ T8630] __kmalloc_noprof+0xdf/0x7b0 [ 616.009441][ T8630] ? kfree+0x4d/0x6c0 [ 616.009463][ T8630] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 616.009500][ T8630] tomoyo_realpath_from_path+0xe3/0x5d0 [ 616.009530][ T8630] ? tomoyo_domain+0xd8/0x130 [ 616.009551][ T8630] ? tomoyo_path_number_perm+0x219/0x630 [ 616.009574][ T8630] tomoyo_path_number_perm+0x246/0x630 [ 616.009602][ T8630] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 616.009626][ T8630] ? __lock_acquire+0x6b5/0x2cf0 [ 616.009651][ T8630] ? do_raw_spin_lock+0x12b/0x2f0 [ 616.009710][ T8630] ? __fget_files+0x2a/0x420 [ 616.009735][ T8630] ? __fget_files+0x2a/0x420 [ 616.009755][ T8630] ? __fget_files+0x3a6/0x420 [ 616.009775][ T8630] ? __fget_files+0x2a/0x420 [ 616.009800][ T8630] security_file_ioctl+0xc3/0x2a0 [ 616.009830][ T8630] __se_sys_ioctl+0x47/0x170 [ 616.009857][ T8630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.009878][ T8630] do_syscall_64+0x15f/0xf80 [ 616.009897][ T8630] ? trace_irq_disable+0x3b/0x140 [ 616.009926][ T8630] ? clear_bhb_loop+0x40/0x90 [ 616.009949][ T8630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.009969][ T8630] RIP: 0033:0x7f7d5872c819 [ 616.009986][ T8630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 616.010003][ T8630] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 616.010023][ T8630] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 616.010037][ T8630] RDX: 0000200000004a40 RSI: 00000000c0306201 RDI: 0000000000000003 [ 616.010050][ T8630] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 616.010063][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.010075][ T8630] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 616.010106][ T8630] [ 616.010632][ T8630] ERROR: Out of memory at tomoyo_realpath_from_path. [ 616.166584][ T814] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 616.410105][ T814] usb 1-1: Using ep0 maxpacket: 16 [ 616.414527][ T814] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 616.414558][ T814] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 616.414579][ T814] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 616.414604][ T814] usb 1-1: config 0 interface 0 has no altsetting 0 [ 616.414634][ T814] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 616.414656][ T814] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.512959][ T814] usb 1-1: config 0 descriptor?? [ 617.230539][ T814] usbhid 1-1:0.0: can't add hid device: -71 [ 617.230658][ T814] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 617.299317][ T814] usb 1-1: USB disconnect, device number 27 [ 617.681189][ T814] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 617.840383][ T814] usb 1-1: Using ep0 maxpacket: 32 [ 617.843041][ T814] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 9865, setting to 1024 [ 617.843073][ T814] usb 1-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 617.843098][ T814] usb 1-1: config 0 interface 0 has no altsetting 0 [ 617.843129][ T814] usb 1-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 617.843150][ T814] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.907454][ T814] usb 1-1: config 0 descriptor?? [ 617.908435][ T8664] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 618.069752][ T50] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 618.236917][ T50] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 618.238651][ T50] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.238674][ T50] usb 3-1: Product: syz [ 618.238687][ T50] usb 3-1: Manufacturer: syz [ 618.238701][ T50] usb 3-1: SerialNumber: syz [ 618.556388][ T814] usb 1-1: string descriptor 0 read error: -71 [ 618.557995][ T814] uclogic 0003:5543:0081.0004: failed retrieving string descriptor #200: -71 [ 618.558166][ T814] uclogic 0003:5543:0081.0004: failed retrieving pen parameters: -71 [ 618.558184][ T814] uclogic 0003:5543:0081.0004: failed probing pen v2 parameters: -71 [ 618.558262][ T814] uclogic 0003:5543:0081.0004: failed probing parameters: -71 [ 618.558419][ T814] uclogic 0003:5543:0081.0004: probe with driver uclogic failed with error -71 [ 618.625218][ T814] usb 1-1: USB disconnect, device number 28 [ 619.059274][ T50] rtl8150 3-1:1.0: eth1: rtl8150 is detected [ 619.239242][ T5855] usb 3-1: USB disconnect, device number 27 [ 619.843737][ T8711] overlayfs: conflicting options: userxattr,metacopy=on [ 620.189677][ T5855] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 620.342216][ T5855] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 620.342242][ T5855] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 620.342288][ T5855] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 620.356902][ T5855] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 620.356929][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.356948][ T5855] usb 3-1: Product: syz [ 620.356960][ T5855] usb 3-1: Manufacturer: syz [ 620.356974][ T5855] usb 3-1: SerialNumber: syz [ 620.399253][ T5855] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 620.399303][ T5855] cdc_ncm 3-1:1.0: bind() failure [ 620.607862][ T50] usb 3-1: USB disconnect, device number 28 [ 622.582276][ T8775] netlink: 'syz.3.860': attribute type 21 has an invalid length. [ 622.582300][ T8775] netlink: 100 bytes leftover after parsing attributes in process `syz.3.860'. [ 622.638820][ T8776] overlayfs: conflicting options: userxattr,metacopy=on [ 622.782339][ T8779] binder: 8778:8779 ioctl c0306201 200000000280 returned -14 [ 622.900193][ T8786] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size. [ 623.329183][ T8804] netlink: 'syz.3.873': attribute type 21 has an invalid length. [ 623.329207][ T8804] netlink: 100 bytes leftover after parsing attributes in process `syz.3.873'. [ 623.439763][ T5863] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 623.573234][ T8808] overlayfs: conflicting options: userxattr,metacopy=on [ 623.597026][ T5863] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 623.597055][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.597074][ T5863] usb 5-1: Product: syz [ 623.597089][ T5863] usb 5-1: Manufacturer: syz [ 623.597103][ T5863] usb 5-1: SerialNumber: syz [ 623.643872][ T5863] usb 5-1: config 0 descriptor?? [ 624.511836][ T8826] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 625.095654][ T1330] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.095720][ T1330] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.499199][ T5863] usb 5-1: non-Atmel transceiver xxxx001b [ 626.451240][ T5863] usb 5-1: Firmware version (0.0) predates our first public release. [ 626.451265][ T5863] usb 5-1: Please update to version 0.2 or newer [ 626.451712][ T5863] usb 5-1: atusb_probe: initialization failed, error = -19 [ 626.583192][ T5863] usb 5-1: USB disconnect, device number 35 [ 626.637688][ T8837] netlink: 'syz.3.884': attribute type 21 has an invalid length. [ 626.637704][ T8837] netlink: 100 bytes leftover after parsing attributes in process `syz.3.884'. [ 626.819762][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 626.973820][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 626.975876][ T10] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 626.975907][ T10] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 626.975929][ T10] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 626.975955][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 626.975985][ T10] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 626.976006][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 627.041942][ T5863] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 627.057857][ T10] usb 1-1: config 0 descriptor?? [ 627.457800][ T5863] usb 3-1: too many configurations: 70, using maximum allowed: 8 [ 627.472328][ T5863] usb 3-1: config index 0 descriptor too short (expected 65505, got 72) [ 627.477032][ T5863] usb 3-1: config index 1 descriptor too short (expected 65505, got 72) [ 627.478358][ T5863] usb 3-1: config index 2 descriptor too short (expected 65505, got 72) [ 627.528395][ T5863] usb 3-1: config index 3 descriptor too short (expected 65505, got 72) [ 627.543944][ T5863] usb 3-1: config index 4 descriptor too short (expected 65505, got 72) [ 627.545427][ T5863] usb 3-1: config index 5 descriptor too short (expected 65505, got 72) [ 627.547424][ T5863] usb 3-1: config index 6 descriptor too short (expected 65505, got 72) [ 627.589885][ T5863] usb 3-1: config index 7 descriptor too short (expected 65505, got 72) [ 627.601381][ T5863] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 627.601475][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.601495][ T5863] usb 3-1: Product: syz [ 627.601508][ T5863] usb 3-1: Manufacturer: syz [ 627.601522][ T5863] usb 3-1: SerialNumber: syz [ 627.715726][ T5863] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 627.917381][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 627.917491][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 627.961646][ T10] usb 1-1: USB disconnect, device number 29 [ 628.064899][ T8866] netlink: 'syz.3.895': attribute type 21 has an invalid length. [ 628.064924][ T8866] netlink: 100 bytes leftover after parsing attributes in process `syz.3.895'. [ 628.115501][ T5851] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 628.583873][ T8843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.593029][ T8843] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 629.219890][ T31] usb 3-1: USB disconnect, device number 29 [ 629.251142][ T5851] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 629.251860][ T5851] ath9k_htc: Failed to initialize the device [ 629.316167][ T31] usb 3-1: ath9k_htc: USB layer deinitialized [ 629.390310][ T8885] FAULT_INJECTION: forcing a failure. [ 629.390310][ T8885] name failslab, interval 1, probability 0, space 0, times 0 [ 629.390346][ T8885] CPU: 0 UID: 0 PID: 8885 Comm: syz.2.903 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 629.390374][ T8885] Tainted: [L]=SOFTLOCKUP [ 629.390381][ T8885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 629.390393][ T8885] Call Trace: [ 629.390401][ T8885] [ 629.390409][ T8885] dump_stack_lvl+0xe8/0x150 [ 629.390444][ T8885] should_fail_ex+0x46b/0x600 [ 629.390480][ T8885] should_failslab+0xa8/0x100 [ 629.390510][ T8885] __kmalloc_noprof+0xdf/0x7b0 [ 629.390535][ T8885] ? kfree+0x4d/0x6c0 [ 629.390557][ T8885] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 629.390592][ T8885] tomoyo_realpath_from_path+0xe3/0x5d0 [ 629.390624][ T8885] ? tomoyo_domain+0xd8/0x130 [ 629.390649][ T8885] ? tomoyo_path_number_perm+0x219/0x630 [ 629.390674][ T8885] tomoyo_path_number_perm+0x246/0x630 [ 629.390703][ T8885] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 629.390728][ T8885] ? __lock_acquire+0x6b5/0x2cf0 [ 629.390753][ T8885] ? do_raw_spin_lock+0x12b/0x2f0 [ 629.390821][ T8885] ? __fget_files+0x2a/0x420 [ 629.390846][ T8885] ? __fget_files+0x2a/0x420 [ 629.390867][ T8885] ? __fget_files+0x3a6/0x420 [ 629.390886][ T8885] ? __fget_files+0x2a/0x420 [ 629.390910][ T8885] security_file_ioctl+0xc3/0x2a0 [ 629.390937][ T8885] __se_sys_ioctl+0x47/0x170 [ 629.390964][ T8885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.390985][ T8885] do_syscall_64+0x15f/0xf80 [ 629.391006][ T8885] ? trace_irq_disable+0x3b/0x140 [ 629.391034][ T8885] ? clear_bhb_loop+0x40/0x90 [ 629.391058][ T8885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.391077][ T8885] RIP: 0033:0x7f7d5872c819 [ 629.391095][ T8885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 629.391112][ T8885] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 629.391134][ T8885] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 629.391148][ T8885] RDX: 0000200000000000 RSI: 0000000000008b04 RDI: 0000000000000004 [ 629.391161][ T8885] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 629.391174][ T8885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.391185][ T8885] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 629.391217][ T8885] [ 629.396142][ T8885] ERROR: Out of memory at tomoyo_realpath_from_path. [ 629.846622][ T8898] netlink: 'syz.2.908': attribute type 21 has an invalid length. [ 629.846645][ T8898] netlink: 100 bytes leftover after parsing attributes in process `syz.2.908'. [ 630.059817][ T5851] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 631.079712][ T5851] usb 1-1: Using ep0 maxpacket: 16 [ 631.083071][ T5851] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 631.083104][ T5851] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 631.083126][ T5851] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 631.083151][ T5851] usb 1-1: config 0 interface 0 has no altsetting 0 [ 631.083183][ T5851] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 631.083204][ T5851] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.091448][ T5851] usb 1-1: config 0 descriptor?? [ 631.394400][ T8916] netlink: 'syz.3.914': attribute type 83 has an invalid length. [ 631.422152][ T5851] usbhid 1-1:0.0: can't add hid device: -71 [ 631.422266][ T5851] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 631.431899][ T5851] usb 1-1: USB disconnect, device number 30 [ 632.333999][ T8926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.917'. [ 633.498188][ T8929] overlayfs: conflicting options: userxattr,metacopy=on [ 635.277423][ T8958] netlink: 'syz.3.929': attribute type 10 has an invalid length. [ 635.309814][ T8958] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 635.533616][ T8966] netlink: 24 bytes leftover after parsing attributes in process `syz.3.933'. [ 635.703631][ T8966] bond1: entered promiscuous mode [ 635.704123][ T8966] 8021q: adding VLAN 0 to HW filter on device bond1 [ 635.718476][ T8974] overlayfs: conflicting options: userxattr,metacopy=on [ 635.982569][ T8966] bond1 (unregistering): Released all slaves [ 636.095527][ T8957] FAULT_INJECTION: forcing a failure. [ 636.095527][ T8957] name failslab, interval 1, probability 0, space 0, times 0 [ 636.095562][ T8957] CPU: 0 UID: 0 PID: 8957 Comm: syz.0.928 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 636.095589][ T8957] Tainted: [L]=SOFTLOCKUP [ 636.095596][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 636.095608][ T8957] Call Trace: [ 636.095615][ T8957] [ 636.095623][ T8957] dump_stack_lvl+0xe8/0x150 [ 636.095663][ T8957] should_fail_ex+0x46b/0x600 [ 636.095699][ T8957] should_failslab+0xa8/0x100 [ 636.095730][ T8957] kmem_cache_alloc_noprof+0x87/0x680 [ 636.095757][ T8957] ? vm_area_dup+0x2b/0x670 [ 636.095780][ T8957] vm_area_dup+0x2b/0x670 [ 636.095804][ T8957] __split_vma+0x1e4/0xa30 [ 636.095832][ T8957] ? unwind_next_frame+0xa6/0x2550 [ 636.095860][ T8957] ? __pfx___split_vma+0x10/0x10 [ 636.095906][ T8957] ? can_vma_merge_left+0x191/0x3e0 [ 636.095929][ T8957] vma_modify+0x9f9/0x1f20 [ 636.095965][ T8957] vma_modify_flags+0x24b/0x330 [ 636.095989][ T8957] ? __pfx_vma_modify_flags+0x10/0x10 [ 636.096039][ T8957] mlock_fixup+0x3e4/0x850 [ 636.096068][ T8957] ? __pfx_mlock_fixup+0x10/0x10 [ 636.096095][ T8957] ? mas_find+0xb0e/0xd30 [ 636.096130][ T8957] apply_vma_lock_flags+0x2af/0x3e0 [ 636.096160][ T8957] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 636.096197][ T8957] ? do_mlock+0x173/0x750 [ 636.096223][ T8957] do_mlock+0x558/0x750 [ 636.096258][ T8957] ? __pfx_do_mlock+0x10/0x10 [ 636.096281][ T8957] ? fput+0xa0/0xd0 [ 636.096302][ T8957] ? ksys_write+0x248/0x270 [ 636.096330][ T8957] ? __pfx_ksys_write+0x10/0x10 [ 636.096361][ T8957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.096382][ T8957] __x64_sys_mlock+0x60/0x70 [ 636.096405][ T8957] do_syscall_64+0x15f/0xf80 [ 636.096422][ T8957] ? trace_irq_disable+0x3b/0x140 [ 636.096451][ T8957] ? clear_bhb_loop+0x40/0x90 [ 636.096475][ T8957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.096494][ T8957] RIP: 0033:0x7fd30558c819 [ 636.096512][ T8957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 636.096528][ T8957] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 636.096549][ T8957] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 636.096563][ T8957] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 636.096575][ T8957] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 636.096587][ T8957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 636.096599][ T8957] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 636.096631][ T8957] [ 636.685874][ T8982] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 636.703127][ T8982] netlink: 'syz.1.936': attribute type 10 has an invalid length. [ 636.720335][ T8982] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.737194][ T8982] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.869501][ T8982] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.870931][ T8982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.876871][ T8982] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.880243][ T8982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.962986][ T8982] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 637.931527][ T5863] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 638.674186][ T5863] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 638.674229][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 638.674255][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 638.676953][ T5863] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 638.676980][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.676998][ T5863] usb 1-1: Product: syz [ 638.677011][ T5863] usb 1-1: Manufacturer: syz [ 638.677024][ T5863] usb 1-1: SerialNumber: syz [ 638.691060][ T5863] usb 1-1: config 0 descriptor?? [ 638.896932][ T5863] powermate: unknown product id 0240 [ 638.896951][ T5863] powermate: Expected payload of 3--6 bytes, found 0 bytes! [ 638.897188][ T5863] powermate 1-1:0.0: probe with driver powermate failed with error -5 [ 638.939732][ T5863] usb 1-1: USB disconnect, device number 31 [ 641.052025][ T9022] netlink: 12 bytes leftover after parsing attributes in process `syz.4.947'. [ 641.052064][ T9022] netlink: 12 bytes leftover after parsing attributes in process `syz.4.947'. [ 641.169626][ T5863] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 641.324147][ T5863] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 641.324177][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.324195][ T5863] usb 3-1: Product: syz [ 641.324209][ T5863] usb 3-1: Manufacturer: syz [ 641.324222][ T5863] usb 3-1: SerialNumber: syz [ 641.327856][ T5863] usb 3-1: config 0 descriptor?? [ 641.491781][ T5863] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 641.710757][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'. [ 641.710897][ T9016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.946'. [ 641.710938][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'. [ 643.169068][ T5863] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 643.458004][ T5863] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19) [ 643.611578][ T5863] usb 3-1: USB disconnect, device number 30 [ 643.862192][ T9052] fuse: fd is not a fuse device [ 644.068277][ T9055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.954'. [ 645.323394][ T9063] tmpfs: Bad value for 'mpol' [ 648.965753][ T5861] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 649.431276][ T9105] fuse: Bad value for 'fd' [ 649.699100][ T9115] FAULT_INJECTION: forcing a failure. [ 649.699100][ T9115] name failslab, interval 1, probability 0, space 0, times 0 [ 649.699138][ T9115] CPU: 0 UID: 0 PID: 9115 Comm: syz.0.968 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 649.699200][ T9115] Tainted: [L]=SOFTLOCKUP [ 649.699216][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 649.699240][ T9115] Call Trace: [ 649.699257][ T9115] [ 649.699274][ T9115] dump_stack_lvl+0xe8/0x150 [ 649.699347][ T9115] should_fail_ex+0x46b/0x600 [ 649.699426][ T9115] should_failslab+0xa8/0x100 [ 649.699465][ T9115] __kmalloc_noprof+0xdf/0x7b0 [ 649.699492][ T9115] ? kernfs_fop_write_iter+0x159/0x540 [ 649.699533][ T9115] kernfs_fop_write_iter+0x159/0x540 [ 649.699566][ T9115] vfs_write+0x629/0xba0 [ 649.699598][ T9115] ? __pfx_vfs_write+0x10/0x10 [ 649.699623][ T9115] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 649.699651][ T9115] ? lockdep_hardirqs_on+0x7a/0x110 [ 649.699679][ T9115] ? mutex_lock_nested+0x152/0x1d0 [ 649.699702][ T9115] ? fdget_pos+0x252/0x320 [ 649.699733][ T9115] ksys_write+0x156/0x270 [ 649.699762][ T9115] ? __pfx_ksys_write+0x10/0x10 [ 649.699795][ T9115] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.699816][ T9115] do_syscall_64+0x15f/0xf80 [ 649.699833][ T9115] ? trace_irq_disable+0x3b/0x140 [ 649.699860][ T9115] ? clear_bhb_loop+0x40/0x90 [ 649.699884][ T9115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.699902][ T9115] RIP: 0033:0x7fd30558c819 [ 649.699919][ T9115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 649.699935][ T9115] RSP: 002b:00007fd30379c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 649.699955][ T9115] RAX: ffffffffffffffda RBX: 00007fd305806180 RCX: 00007fd30558c819 [ 649.699969][ T9115] RDX: 0000000000000012 RSI: 0000200000000000 RDI: 0000000000000007 [ 649.699981][ T9115] RBP: 00007fd30379c090 R08: 0000000000000000 R09: 0000000000000000 [ 649.699993][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 649.700004][ T9115] R13: 00007fd305806218 R14: 00007fd305806180 R15: 00007ffedd3c9cb8 [ 649.700036][ T9115] [ 650.460403][ T5861] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 650.464899][ T9139] FAULT_INJECTION: forcing a failure. [ 650.464899][ T9139] name failslab, interval 1, probability 0, space 0, times 0 [ 650.464931][ T9139] CPU: 1 UID: 0 PID: 9139 Comm: syz.4.977 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 650.464957][ T9139] Tainted: [L]=SOFTLOCKUP [ 650.464963][ T9139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 650.464976][ T9139] Call Trace: [ 650.464983][ T9139] [ 650.464991][ T9139] dump_stack_lvl+0xe8/0x150 [ 650.465027][ T9139] should_fail_ex+0x46b/0x600 [ 650.465063][ T9139] should_failslab+0xa8/0x100 [ 650.465094][ T9139] __kmalloc_noprof+0xdf/0x7b0 [ 650.465120][ T9139] ? kfree+0x4d/0x6c0 [ 650.465142][ T9139] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 650.465178][ T9139] tomoyo_realpath_from_path+0xe3/0x5d0 [ 650.465210][ T9139] ? tomoyo_domain+0xd8/0x130 [ 650.465232][ T9139] ? tomoyo_path_number_perm+0x219/0x630 [ 650.465258][ T9139] tomoyo_path_number_perm+0x246/0x630 [ 650.465287][ T9139] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 650.465311][ T9139] ? __lock_acquire+0x6b5/0x2cf0 [ 650.465335][ T9139] ? do_raw_spin_lock+0x12b/0x2f0 [ 650.465395][ T9139] ? __fget_files+0x2a/0x420 [ 650.465437][ T9139] ? __fget_files+0x2a/0x420 [ 650.465458][ T9139] ? __fget_files+0x3a6/0x420 [ 650.465478][ T9139] ? __fget_files+0x2a/0x420 [ 650.465505][ T9139] security_file_ioctl+0xc3/0x2a0 [ 650.465533][ T9139] __se_sys_ioctl+0x47/0x170 [ 650.465561][ T9139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.465582][ T9139] do_syscall_64+0x15f/0xf80 [ 650.465600][ T9139] ? trace_irq_disable+0x3b/0x140 [ 650.465629][ T9139] ? clear_bhb_loop+0x40/0x90 [ 650.465653][ T9139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.465678][ T9139] RIP: 0033:0x7f4fc992c819 [ 650.465696][ T9139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.465712][ T9139] RSP: 002b:00007f4fc7b86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 650.465733][ T9139] RAX: ffffffffffffffda RBX: 00007f4fc9ba5fa0 RCX: 00007f4fc992c819 [ 650.465747][ T9139] RDX: 0000200000000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 650.465764][ T9139] RBP: 00007f4fc7b86090 R08: 0000000000000000 R09: 0000000000000000 [ 650.465776][ T9139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.465788][ T9139] R13: 00007f4fc9ba6038 R14: 00007f4fc9ba5fa0 R15: 00007ffe35c24268 [ 650.465819][ T9139] [ 650.467377][ T9139] ERROR: Out of memory at tomoyo_realpath_from_path. [ 650.499259][ T5121] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 650.589783][ T5861] usb 3-1: device descriptor read/64, error -71 [ 650.829753][ T5861] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 650.959703][ T5861] usb 3-1: device descriptor read/64, error -71 [ 651.070115][ T5861] usb usb3-port1: attempt power cycle [ 651.419755][ T5861] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 651.442891][ T5861] usb 3-1: device descriptor read/8, error -71 [ 651.643264][ T9158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.984'. [ 652.590568][ T5861] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 652.614149][ T5861] usb 3-1: device descriptor read/8, error -71 [ 652.719982][ T5861] usb usb3-port1: unable to enumerate USB device [ 652.845139][ T9170] netlink: 16 bytes leftover after parsing attributes in process `syz.4.988'. [ 652.861146][ T9170] binder: 9169:9170 ioctl 40046205 0 returned -22 [ 652.936062][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.4.988'. [ 653.081263][ T9181] netlink: 'syz.4.992': attribute type 3 has an invalid length. [ 653.081287][ T9181] netlink: 8 bytes leftover after parsing attributes in process `syz.4.992'. [ 656.216742][ T9202] FAULT_INJECTION: forcing a failure. [ 656.216742][ T9202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.216776][ T9202] CPU: 0 UID: 0 PID: 9202 Comm: syz.2.995 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 656.216807][ T9202] Tainted: [L]=SOFTLOCKUP [ 656.216813][ T9202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 656.216825][ T9202] Call Trace: [ 656.216832][ T9202] [ 656.216847][ T9202] dump_stack_lvl+0xe8/0x150 [ 656.216881][ T9202] should_fail_ex+0x46b/0x600 [ 656.216917][ T9202] _copy_to_user+0x31/0xb0 [ 656.216940][ T9202] simple_read_from_buffer+0xe1/0x170 [ 656.216966][ T9202] proc_fail_nth_read+0x1be/0x230 [ 656.216992][ T9202] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 656.217017][ T9202] ? rw_verify_area+0x2ac/0x4e0 [ 656.217040][ T9202] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 656.217061][ T9202] vfs_read+0x212/0xa80 [ 656.217091][ T9202] ? __pfx_vfs_read+0x10/0x10 [ 656.217116][ T9202] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 656.217146][ T9202] ? lockdep_hardirqs_on+0x7a/0x110 [ 656.217174][ T9202] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 656.217203][ T9202] ? mutex_lock_nested+0x152/0x1d0 [ 656.217226][ T9202] ? fdget_pos+0x252/0x320 [ 656.217257][ T9202] ksys_read+0x156/0x270 [ 656.217285][ T9202] ? __pfx_ksys_read+0x10/0x10 [ 656.217317][ T9202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.217339][ T9202] do_syscall_64+0x15f/0xf80 [ 656.217357][ T9202] ? trace_irq_disable+0x3b/0x140 [ 656.217386][ T9202] ? clear_bhb_loop+0x40/0x90 [ 656.217410][ T9202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.217429][ T9202] RIP: 0033:0x7f7d586ed04e [ 656.217446][ T9202] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 656.217463][ T9202] RSP: 002b:00007f7d56964fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 656.217484][ T9202] RAX: ffffffffffffffda RBX: 00007f7d569656c0 RCX: 00007f7d586ed04e [ 656.217498][ T9202] RDX: 000000000000000f RSI: 00007f7d569650a0 RDI: 0000000000000004 [ 656.217510][ T9202] RBP: 00007f7d56965090 R08: 0000000000000000 R09: 0000000000000000 [ 656.217523][ T9202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.217534][ T9202] R13: 00007f7d589a6128 R14: 00007f7d589a6090 R15: 00007ffc6937e598 [ 656.217566][ T9202] [ 656.548259][ T9212] fuse: fd is not a fuse device [ 656.640184][ T5861] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 656.675827][ T9219] FAULT_INJECTION: forcing a failure. [ 656.675827][ T9219] name failslab, interval 1, probability 0, space 0, times 0 [ 656.675850][ T9219] CPU: 1 UID: 0 PID: 9219 Comm: syz.0.1002 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 656.675865][ T9219] Tainted: [L]=SOFTLOCKUP [ 656.675869][ T9219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 656.675876][ T9219] Call Trace: [ 656.675880][ T9219] [ 656.675888][ T9219] dump_stack_lvl+0xe8/0x150 [ 656.675921][ T9219] should_fail_ex+0x46b/0x600 [ 656.675954][ T9219] should_failslab+0xa8/0x100 [ 656.675982][ T9219] __kmalloc_noprof+0xdf/0x7b0 [ 656.676006][ T9219] ? kfree+0x4d/0x6c0 [ 656.676022][ T9219] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 656.676042][ T9219] tomoyo_realpath_from_path+0xe3/0x5d0 [ 656.676058][ T9219] ? tomoyo_domain+0xd8/0x130 [ 656.676071][ T9219] ? tomoyo_path_number_perm+0x219/0x630 [ 656.676084][ T9219] tomoyo_path_number_perm+0x246/0x630 [ 656.676099][ T9219] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 656.676112][ T9219] ? __lock_acquire+0x6b5/0x2cf0 [ 656.676126][ T9219] ? do_raw_spin_lock+0x12b/0x2f0 [ 656.676157][ T9219] ? __fget_files+0x2a/0x420 [ 656.676170][ T9219] ? __fget_files+0x2a/0x420 [ 656.676181][ T9219] ? __fget_files+0x3a6/0x420 [ 656.676192][ T9219] ? __fget_files+0x2a/0x420 [ 656.676205][ T9219] security_file_ioctl+0xc3/0x2a0 [ 656.676220][ T9219] __se_sys_ioctl+0x47/0x170 [ 656.676235][ T9219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.676246][ T9219] do_syscall_64+0x15f/0xf80 [ 656.676256][ T9219] ? trace_irq_disable+0x3b/0x140 [ 656.676272][ T9219] ? clear_bhb_loop+0x40/0x90 [ 656.676284][ T9219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.676295][ T9219] RIP: 0033:0x7fd30558c819 [ 656.676305][ T9219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 656.676314][ T9219] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 656.676326][ T9219] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 656.676333][ T9219] RDX: 0000200000000200 RSI: 000000004004af07 RDI: 0000000000000003 [ 656.676340][ T9219] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 656.676346][ T9219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.676352][ T9219] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 656.676367][ T9219] [ 656.676381][ T9219] ERROR: Out of memory at tomoyo_realpath_from_path. [ 656.942376][ T5861] usb 5-1: Using ep0 maxpacket: 8 [ 656.942537][ T5855] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 656.946344][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 656.946367][ T5861] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 656.948599][ T5861] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 656.948619][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.948628][ T5861] usb 5-1: Product: syz [ 656.948636][ T5861] usb 5-1: Manufacturer: syz [ 656.948643][ T5861] usb 5-1: SerialNumber: syz [ 657.022087][ T5861] usb 5-1: config 0 descriptor?? [ 657.091264][ T5855] usb 3-1: device descriptor read/64, error -71 [ 657.117725][ T9225] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 657.117756][ T9225] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 657.117777][ T9225] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 657.121023][ T9225] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 657.128271][ T9225] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 657.329829][ T5855] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 657.459763][ T5855] usb 3-1: device descriptor read/64, error -71 [ 657.580885][ T5855] usb usb3-port1: attempt power cycle [ 657.939985][ T5855] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 658.149311][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1010'. [ 658.263482][ T9246] fuse: Bad value for 'fd' [ 659.575585][ T31] usb 5-1: USB disconnect, device number 36 [ 659.673027][ T5855] usb 3-1: device descriptor read/8, error -71 [ 660.630108][ T31] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 661.459641][ T31] usb 5-1: device descriptor read/64, error -71 [ 661.705669][ T31] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 661.839788][ T31] usb 5-1: device descriptor read/64, error -71 [ 661.949961][ T31] usb usb5-port1: attempt power cycle [ 661.956106][ T9282] FAULT_INJECTION: forcing a failure. [ 661.956106][ T9282] name failslab, interval 1, probability 0, space 0, times 0 [ 661.956142][ T9282] CPU: 1 UID: 0 PID: 9282 Comm: syz.2.1019 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 661.956171][ T9282] Tainted: [L]=SOFTLOCKUP [ 661.956179][ T9282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 661.956191][ T9282] Call Trace: [ 661.956203][ T9282] [ 661.956212][ T9282] dump_stack_lvl+0xe8/0x150 [ 661.956251][ T9282] should_fail_ex+0x46b/0x600 [ 661.956298][ T9282] should_failslab+0xa8/0x100 [ 661.956326][ T9282] __kmalloc_noprof+0xdf/0x7b0 [ 661.956351][ T9282] ? kfree+0x4d/0x6c0 [ 661.956374][ T9282] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 661.956410][ T9282] tomoyo_realpath_from_path+0xe3/0x5d0 [ 661.956440][ T9282] ? tomoyo_domain+0xd8/0x130 [ 661.956465][ T9282] ? tomoyo_path_number_perm+0x219/0x630 [ 661.956491][ T9282] tomoyo_path_number_perm+0x246/0x630 [ 661.956518][ T9282] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 661.956542][ T9282] ? __lock_acquire+0x6b5/0x2cf0 [ 661.956567][ T9282] ? do_raw_spin_lock+0x12b/0x2f0 [ 661.956627][ T9282] ? __fget_files+0x2a/0x420 [ 661.956652][ T9282] ? __fget_files+0x2a/0x420 [ 661.956673][ T9282] ? __fget_files+0x3a6/0x420 [ 661.956693][ T9282] ? __fget_files+0x2a/0x420 [ 661.956719][ T9282] security_file_ioctl+0xc3/0x2a0 [ 661.956747][ T9282] __se_sys_ioctl+0x47/0x170 [ 661.956773][ T9282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.956791][ T9282] do_syscall_64+0x15f/0xf80 [ 661.956805][ T9282] ? trace_irq_disable+0x3b/0x140 [ 661.956825][ T9282] ? clear_bhb_loop+0x40/0x90 [ 661.956842][ T9282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.956856][ T9282] RIP: 0033:0x7f7d5872c819 [ 661.956869][ T9282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.956882][ T9282] RSP: 002b:00007f7d56944028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 661.956898][ T9282] RAX: ffffffffffffffda RBX: 00007f7d589a6180 RCX: 00007f7d5872c819 [ 661.956907][ T9282] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 661.956915][ T9282] RBP: 00007f7d56944090 R08: 0000000000000000 R09: 0000000000000000 [ 661.956924][ T9282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 661.956932][ T9282] R13: 00007f7d589a6218 R14: 00007f7d589a6180 R15: 00007ffc6937e598 [ 661.956955][ T9282] [ 662.177974][ T9282] ERROR: Out of memory at tomoyo_realpath_from_path. [ 662.399659][ T31] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 662.423569][ T31] usb 5-1: device descriptor read/8, error -71 [ 662.659661][ T31] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 662.680608][ T31] usb 5-1: device descriptor read/8, error -71 [ 662.789952][ T31] usb usb5-port1: unable to enumerate USB device [ 663.250552][ T5861] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 663.409945][ T5861] usb 1-1: Using ep0 maxpacket: 16 [ 663.414104][ T5861] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 663.414246][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 663.414273][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 663.414297][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 663.414321][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 663.414346][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 663.415536][ T5861] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 663.415561][ T5861] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 663.415581][ T5861] usb 1-1: Manufacturer: syz [ 663.429086][ T5861] usb 1-1: config 0 descriptor?? [ 663.650427][ T31] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 663.779818][ T31] usb 3-1: device descriptor read/64, error -71 [ 663.836522][ T9298] IPVS: Unknown mcast interface: syzkaller0 [ 664.111756][ T9298] devpts: Bad value for 'max' [ 665.159828][ T9335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1041'. [ 665.208897][ T31] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 665.766628][ T31] usb 3-1: device descriptor read/64, error -71 [ 665.973064][ T31] usb usb3-port1: attempt power cycle [ 666.216604][ T5861] usb 1-1: USB disconnect, device number 32 [ 666.435839][ T9353] FAULT_INJECTION: forcing a failure. [ 666.435839][ T9353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 666.435875][ T9353] CPU: 0 UID: 0 PID: 9353 Comm: syz.2.1049 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 666.435902][ T9353] Tainted: [L]=SOFTLOCKUP [ 666.435909][ T9353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 666.435920][ T9353] Call Trace: [ 666.435928][ T9353] [ 666.435936][ T9353] dump_stack_lvl+0xe8/0x150 [ 666.435970][ T9353] should_fail_ex+0x46b/0x600 [ 666.436006][ T9353] _copy_from_user+0x2d/0xb0 [ 666.436029][ T9353] ___sys_sendmsg+0x1c6/0x360 [ 666.436055][ T9353] ? __lock_acquire+0x6b5/0x2cf0 [ 666.436080][ T9353] ? __pfx____sys_sendmsg+0x10/0x10 [ 666.436111][ T9353] ? kstrtouint+0x6e/0xe0 [ 666.436163][ T9353] ? __fget_files+0x2a/0x420 [ 666.436185][ T9353] ? __fget_files+0x3a6/0x420 [ 666.436216][ T9353] __sys_sendmmsg+0x282/0x4e0 [ 666.436249][ T9353] ? __pfx___sys_sendmmsg+0x10/0x10 [ 666.436283][ T9353] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 666.436322][ T9353] ? ksys_write+0x248/0x270 [ 666.436351][ T9353] ? __pfx_ksys_write+0x10/0x10 [ 666.436383][ T9353] __x64_sys_sendmmsg+0xa0/0xc0 [ 666.436409][ T9353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.436430][ T9353] do_syscall_64+0x15f/0xf80 [ 666.436450][ T9353] ? clear_bhb_loop+0x40/0x90 [ 666.436473][ T9353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.436493][ T9353] RIP: 0033:0x7f7d5872c819 [ 666.436511][ T9353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.436533][ T9353] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 666.436553][ T9353] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 666.436568][ T9353] RDX: 0000000000000002 RSI: 00002000000060c0 RDI: 0000000000000003 [ 666.436580][ T9353] RBP: 00007f7d56986090 R08: 0000000000000000 R09: 0000000000000000 [ 666.436592][ T9353] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.436604][ T9353] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 666.436634][ T9353] [ 666.520756][ T31] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 666.698533][ T9356] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 666.731782][ T31] usb 3-1: device not accepting address 42, error -71 [ 669.168847][ T814] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 669.325619][ T9385] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1056'. [ 670.213353][ T814] usb 5-1: Using ep0 maxpacket: 16 [ 670.216646][ T814] usb 5-1: config 4 has an invalid interface number: 104 but max is 0 [ 670.216670][ T814] usb 5-1: config 4 has no interface number 0 [ 670.230054][ T814] usb 5-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=4b.f8 [ 670.230082][ T814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.230100][ T814] usb 5-1: Product: syz [ 670.230113][ T814] usb 5-1: Manufacturer: syz [ 670.230126][ T814] usb 5-1: SerialNumber: syz [ 670.530771][ T31] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 670.531268][ T814] rtsx_usb 5-1:4.104: probe with driver rtsx_usb failed with error -22 [ 670.559891][ T814] usb 5-1: USB disconnect, device number 41 [ 670.703194][ T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 670.710027][ T31] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 670.710054][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.710072][ T31] usb 3-1: Product: syz [ 670.710084][ T31] usb 3-1: Manufacturer: syz [ 670.711337][ T31] usb 3-1: SerialNumber: syz [ 670.718571][ T31] usb 3-1: config 0 descriptor?? [ 670.734157][ T31] CoreChips 3-1:0.0: probe with driver CoreChips failed with error -22 [ 671.226916][ T9400] FAULT_INJECTION: forcing a failure. [ 671.226916][ T9400] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 671.226975][ T9400] CPU: 1 UID: 0 PID: 9400 Comm: syz.0.1060 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 671.227002][ T9400] Tainted: [L]=SOFTLOCKUP [ 671.227009][ T9400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 671.227021][ T9400] Call Trace: [ 671.227028][ T9400] [ 671.227036][ T9400] dump_stack_lvl+0xe8/0x150 [ 671.227071][ T9400] should_fail_ex+0x46b/0x600 [ 671.227107][ T9400] _copy_from_user+0x2d/0xb0 [ 671.227131][ T9400] do_ipv6_setsockopt+0x25c/0x3150 [ 671.227169][ T9400] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 671.227208][ T9400] ? rcu_is_watching+0x15/0xb0 [ 671.227233][ T9400] ? __pfx___schedule+0x10/0x10 [ 671.227261][ T9400] ? __schedule+0x1697/0x54c0 [ 671.227288][ T9400] ? lockdep_hardirqs_on+0x7a/0x110 [ 671.227324][ T9400] ? irqentry_exit+0x218/0x730 [ 671.227349][ T9400] ? lockdep_hardirqs_on+0x7a/0x110 [ 671.227378][ T9400] ? irqentry_exit+0x218/0x730 [ 671.227394][ T9400] ? rcu_is_watching+0x15/0xb0 [ 671.227431][ T9400] ? rawv6_setsockopt+0x8f/0x5f0 [ 671.227462][ T9400] ipv6_setsockopt+0x59/0x170 [ 671.227493][ T9400] rawv6_setsockopt+0x276/0x5f0 [ 671.227523][ T9400] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 671.227552][ T9400] ? sock_common_setsockopt+0x36/0xc0 [ 671.227574][ T9400] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 671.227597][ T9400] do_sock_setsockopt+0x17c/0x1b0 [ 671.227627][ T9400] __x64_sys_setsockopt+0x143/0x1b0 [ 671.227655][ T9400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.227676][ T9400] do_syscall_64+0x15f/0xf80 [ 671.227696][ T9400] ? clear_bhb_loop+0x40/0x90 [ 671.227719][ T9400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.227739][ T9400] RIP: 0033:0x7fd30558c819 [ 671.227757][ T9400] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 671.227773][ T9400] RSP: 002b:00007fd30379c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 671.227794][ T9400] RAX: ffffffffffffffda RBX: 00007fd305806180 RCX: 00007fd30558c819 [ 671.227808][ T9400] RDX: 0000000000000036 RSI: 0000000000000029 RDI: 0000000000000005 [ 671.227820][ T9400] RBP: 00007fd30379c090 R08: 0000000000000008 R09: 0000000000000000 [ 671.227832][ T9400] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 671.227844][ T9400] R13: 00007fd305806218 R14: 00007fd305806180 R15: 00007ffedd3c9cb8 [ 671.227874][ T9400] [ 673.492037][ T10] usb 3-1: USB disconnect, device number 44 [ 673.732189][ T36] kauditd_printk_skb: 113 callbacks suppressed [ 673.732201][ T36] audit: type=1326 audit(1777004605.327:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.732455][ T36] audit: type=1326 audit(1777004605.327:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.733391][ T36] audit: type=1326 audit(1777004605.327:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.734543][ T36] audit: type=1326 audit(1777004605.327:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.734587][ T36] audit: type=1326 audit(1777004605.327:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.734725][ T36] audit: type=1326 audit(1777004605.327:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.735231][ T36] audit: type=1326 audit(1777004605.327:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.735270][ T36] audit: type=1326 audit(1777004605.327:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 673.735308][ T36] audit: type=1326 audit(1777004605.327:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6805b8d04e code=0x7ffc0000 [ 673.735344][ T36] audit: type=1326 audit(1777004605.327:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9418 comm="syz.3.1066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6805bcc819 code=0x7ffc0000 [ 674.146282][ T10] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 674.232955][ T9420] overlayfs: failed to clone upperpath [ 674.381519][ T10] usb 3-1: device descriptor read/64, error -71 [ 674.699796][ T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 674.889825][ T9428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1069'. [ 675.821809][ T10] usb 3-1: device descriptor read/64, error -71 [ 675.906991][ T9433] fuse: fd is not a fuse device [ 675.953367][ T10] usb usb3-port1: attempt power cycle [ 677.019729][ T10] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 677.061792][ T10] usb 3-1: device descriptor read/8, error -71 [ 677.419676][ T50] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 677.570511][ T50] usb 5-1: Using ep0 maxpacket: 8 [ 677.589665][ T50] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 677.589683][ T50] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.589693][ T50] usb 5-1: Product: syz [ 677.589700][ T50] usb 5-1: Manufacturer: syz [ 677.589710][ T50] usb 5-1: SerialNumber: syz [ 677.596885][ T50] usb 5-1: config 0 descriptor?? [ 677.860190][ T50] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 678.065812][ T50] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 678.960132][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1080'. [ 680.246230][ T5851] usb 5-1: USB disconnect, device number 42 [ 680.941549][ T9513] netlink: 'syz.4.1089': attribute type 10 has an invalid length. [ 682.021947][ T9513] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.022369][ T9513] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.028337][ T9513] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.028481][ T9513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 682.028802][ T9513] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.028954][ T9513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 682.033270][ T9513] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 682.217674][ T9520] netlink: 'syz.1.1093': attribute type 3 has an invalid length. [ 682.217695][ T9520] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1093'. [ 682.600204][ T31] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 683.320100][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1097'. [ 684.811222][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 684.813053][ T31] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 684.813069][ T31] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 684.813081][ T31] usb 5-1: config 0 interface 0 has no altsetting 0 [ 684.815197][ T31] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 684.815224][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.815242][ T31] usb 5-1: Product: syz [ 684.815255][ T31] usb 5-1: Manufacturer: syz [ 684.815269][ T31] usb 5-1: SerialNumber: syz [ 684.835350][ T31] usb 5-1: config 0 descriptor?? [ 685.073516][ T9526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 685.074381][ T9526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 685.132562][ T9526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 685.133029][ T9526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 685.472306][ T31] gs_usb 5-1:0.0: Couldn't get device config: (err=-71) [ 685.472345][ T31] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71 [ 685.521756][ T31] usb 5-1: USB disconnect, device number 43 [ 685.804566][ T9553] tipc: Started in network mode [ 685.804584][ T9553] tipc: Node identity , cluster identity 4711 [ 686.215174][ T1330] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.215239][ T1330] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.882137][ T814] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 687.039121][ T814] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 687.039140][ T814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.039150][ T814] usb 1-1: Product: syz [ 687.039157][ T814] usb 1-1: Manufacturer: syz [ 687.039164][ T814] usb 1-1: SerialNumber: syz [ 687.095011][ T814] usb 1-1: config 0 descriptor?? [ 688.515309][ T9590] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 688.515812][ T9590] netlink: 'syz.3.1114': attribute type 10 has an invalid length. [ 688.516901][ T9590] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.518054][ T9590] bridge0: port 2(bridge_slave_1) entered listening state [ 688.518234][ T9590] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.518316][ T9590] bridge0: port 1(bridge_slave_0) entered listening state [ 688.521035][ T9590] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 688.711234][ T9591] FAULT_INJECTION: forcing a failure. [ 688.711234][ T9591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 688.711271][ T9591] CPU: 0 UID: 0 PID: 9591 Comm: syz.4.1115 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 688.711298][ T9591] Tainted: [L]=SOFTLOCKUP [ 688.711305][ T9591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 688.711317][ T9591] Call Trace: [ 688.711324][ T9591] [ 688.711333][ T9591] dump_stack_lvl+0xe8/0x150 [ 688.711368][ T9591] should_fail_ex+0x46b/0x600 [ 688.711404][ T9591] _copy_from_user+0x2d/0xb0 [ 688.711427][ T9591] __sys_bpf+0x229/0x950 [ 688.711450][ T9591] ? __pfx___sys_bpf+0x10/0x10 [ 688.711465][ T9591] ? rt_mutex_slowunlock+0x1cb/0x300 [ 688.711511][ T9591] ? ksys_write+0x248/0x270 [ 688.711541][ T9591] ? __pfx_ksys_write+0x10/0x10 [ 688.711578][ T9591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.711599][ T9591] __x64_sys_bpf+0x7c/0x90 [ 688.711627][ T9591] do_syscall_64+0x15f/0xf80 [ 688.711644][ T9591] ? trace_irq_disable+0x3b/0x140 [ 688.711672][ T9591] ? clear_bhb_loop+0x40/0x90 [ 688.711696][ T9591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.711715][ T9591] RIP: 0033:0x7f4fc992c819 [ 688.711734][ T9591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 688.711749][ T9591] RSP: 002b:00007f4fc7b86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 688.711770][ T9591] RAX: ffffffffffffffda RBX: 00007f4fc9ba5fa0 RCX: 00007f4fc992c819 [ 688.711784][ T9591] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 688.711796][ T9591] RBP: 00007f4fc7b86090 R08: 0000000000000000 R09: 0000000000000000 [ 688.711807][ T9591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 688.711818][ T9591] R13: 00007f4fc9ba6038 R14: 00007f4fc9ba5fa0 R15: 00007ffe35c24268 [ 688.711847][ T9591] [ 689.044922][ T814] usb 1-1: non-Atmel transceiver xxxx001b [ 689.404882][ T9601] comedi comedi3: comedi_config --init_data is deprecated [ 689.854503][ T814] usb 1-1: Firmware version (0.0) predates our first public release. [ 689.854528][ T814] usb 1-1: Please update to version 0.2 or newer [ 689.879806][ T814] usb 1-1: atusb_probe: initialization failed, error = -19 [ 689.926459][ T814] usb 1-1: USB disconnect, device number 33 [ 690.538667][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 690.548759][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 691.219743][ T9618] netlink: 'syz.4.1121': attribute type 1 has an invalid length. [ 691.219779][ T9618] nbd: couldn't find a device at index 1048596 [ 691.719453][ T9627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1123'. [ 692.609659][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 692.609684][ C1] bridge0: topology change detected, propagating [ 692.610261][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.610278][ C1] bridge0: topology change detected, propagating [ 693.699688][ T5851] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 693.849687][ T5851] usb 1-1: Using ep0 maxpacket: 32 [ 693.852405][ T5851] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 693.852429][ T5851] usb 1-1: config 0 has no interface number 0 [ 693.852471][ T5851] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 693.852492][ T5851] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 693.852517][ T5851] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 693.852542][ T5851] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 693.852565][ T5851] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 693.852589][ T5851] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 693.852609][ T5851] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 693.852632][ T5851] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 693.852652][ T5851] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 693.856466][ T5851] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 693.856493][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.856511][ T5851] usb 1-1: Product: syz [ 693.856526][ T5851] usb 1-1: Manufacturer: syz [ 693.856539][ T5851] usb 1-1: SerialNumber: syz [ 693.871257][ T5851] usb 1-1: config 0 descriptor?? [ 693.874794][ T9658] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 693.889673][ T5851] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk. [ 693.889690][ T5851] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out. [ 694.214180][ T9667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.234736][ T9667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.619672][ T5932] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 695.341091][ T5932] usb 3-1: Using ep0 maxpacket: 16 [ 695.347900][ T5932] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 695.347925][ T5932] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 695.381044][ T5932] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 695.381074][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.381093][ T5932] usb 3-1: Product: syz [ 695.381107][ T5932] usb 3-1: Manufacturer: syz [ 695.381120][ T5932] usb 3-1: SerialNumber: syz [ 695.533006][ T5932] usb 3-1: 0:2 : does not exist [ 695.602331][ T9684] netlink: 'syz.1.1141': attribute type 3 has an invalid length. [ 695.602353][ T9684] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1141'. [ 695.699282][ T5932] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 695.801585][ T5932] usb 3-1: USB disconnect, device number 49 [ 695.836866][ T9688] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1142'. [ 695.925989][ T9504] udevd[9504]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 696.106012][ T5932] usb 1-1: USB disconnect, device number 34 [ 696.117725][ T9688] bond1: entered promiscuous mode [ 696.121550][ T9688] 8021q: adding VLAN 0 to HW filter on device bond1 [ 696.405558][ T9688] bond1 (unregistering): Released all slaves [ 696.966904][ T9702] FAULT_INJECTION: forcing a failure. [ 696.966904][ T9702] name failslab, interval 1, probability 0, space 0, times 0 [ 696.966939][ T9702] CPU: 1 UID: 0 PID: 9702 Comm: syz.2.1148 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 696.966966][ T9702] Tainted: [L]=SOFTLOCKUP [ 696.966972][ T9702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 696.966984][ T9702] Call Trace: [ 696.966992][ T9702] [ 696.966999][ T9702] dump_stack_lvl+0xe8/0x150 [ 696.967035][ T9702] should_fail_ex+0x46b/0x600 [ 696.967071][ T9702] should_failslab+0xa8/0x100 [ 696.967102][ T9702] kmem_cache_alloc_noprof+0x87/0x680 [ 696.967128][ T9702] ? dst_alloc+0x105/0x170 [ 696.967161][ T9702] dst_alloc+0x105/0x170 [ 696.967186][ T9702] ? ip_check_mc_rcu+0x64f/0x690 [ 696.967209][ T9702] ip_route_output_key_hash_rcu+0x14d0/0x25d0 [ 696.967241][ T9702] ? ip_route_output_key_hash+0xd8/0x2a0 [ 696.967266][ T9702] ip_route_output_key_hash+0x18d/0x2a0 [ 696.967292][ T9702] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 696.967331][ T9702] ip_route_output_flow+0x2a/0x150 [ 696.967351][ T9702] ? security_sk_classify_flow+0x6d/0x150 [ 696.967379][ T9702] raw_sendmsg+0x1199/0x1a50 [ 696.967416][ T9702] ? __pfx_raw_sendmsg+0x10/0x10 [ 696.967442][ T9702] ? __pfx_smack_log+0x10/0x10 [ 696.967460][ T9702] ? tomoyo_check_open_permission+0x1d3/0x470 [ 696.967497][ T9702] ? __lock_acquire+0x6b5/0x2cf0 [ 696.967524][ T9702] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 696.967557][ T9702] ? sock_rps_record_flow+0x19/0x350 [ 696.967579][ T9702] ? __pfx_inet_sendmsg+0x10/0x10 [ 696.967603][ T9702] ? inet_sendmsg+0x2f4/0x370 [ 696.967625][ T9702] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 696.967650][ T9702] ? __pfx_inet_sendmsg+0x10/0x10 [ 696.967671][ T9702] sock_sendmsg+0x379/0x450 [ 696.967693][ T9702] ? unwind_next_frame+0xa6/0x2550 [ 696.967718][ T9702] ? __pfx_sock_sendmsg+0x10/0x10 [ 696.967752][ T9702] ? __asan_memset+0x22/0x50 [ 696.967769][ T9702] ? iov_iter_bvec+0xb8/0x180 [ 696.967787][ T9702] splice_to_socket+0xae5/0x11f0 [ 696.967821][ T9702] ? __pfx_splice_to_socket+0x10/0x10 [ 696.967873][ T9702] ? rw_verify_area+0x25b/0x4e0 [ 696.967892][ T9702] ? __pfx_splice_to_socket+0x10/0x10 [ 696.967909][ T9702] do_splice+0xef8/0x1940 [ 696.967944][ T9702] ? __pfx_do_splice+0x10/0x10 [ 696.967968][ T9702] __se_sys_splice+0x353/0x490 [ 696.967992][ T9702] ? __pfx___se_sys_splice+0x10/0x10 [ 696.968015][ T9702] ? __x64_sys_splice+0x21/0xf0 [ 696.968033][ T9702] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.968050][ T9702] do_syscall_64+0x15f/0xf80 [ 696.968065][ T9702] ? trace_irq_disable+0x3b/0x140 [ 696.968088][ T9702] ? clear_bhb_loop+0x40/0x90 [ 696.968107][ T9702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.968122][ T9702] RIP: 0033:0x7f7d5872c819 [ 696.968137][ T9702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 696.968151][ T9702] RSP: 002b:00007f7d56986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 696.968166][ T9702] RAX: ffffffffffffffda RBX: 00007f7d589a5fa0 RCX: 00007f7d5872c819 [ 696.968176][ T9702] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 696.968184][ T9702] RBP: 00007f7d56986090 R08: 0000000000008000 R09: 0000000000000000 [ 696.968194][ T9702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 696.968203][ T9702] R13: 00007f7d589a6038 R14: 00007f7d589a5fa0 R15: 00007ffc6937e598 [ 696.968227][ T9702] [ 697.308597][ T9712] netlink: 'syz.2.1152': attribute type 3 has an invalid length. [ 697.308618][ T9712] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1152'. [ 697.685883][ T50] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 697.842723][ T50] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 697.842751][ T50] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 697.848927][ T50] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 697.848956][ T50] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.848974][ T50] usb 5-1: Product: syz [ 697.848982][ T50] usb 5-1: Manufacturer: syz [ 697.848988][ T50] usb 5-1: SerialNumber: syz [ 697.888467][ T50] usb 5-1: config 0 descriptor?? [ 697.907012][ T5851] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 697.924896][ T50] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 698.259708][ T5851] usb 1-1: Using ep0 maxpacket: 16 [ 698.261908][ T5851] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 698.261960][ T5851] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 698.261984][ T5851] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 698.262005][ T5851] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 698.262044][ T5851] usb 1-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 698.262066][ T5851] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.347850][ T5851] usb 1-1: config 0 descriptor?? [ 698.413311][ T9727] tmpfs: Bad value for 'mpol' [ 698.649191][ T50] gspca_sunplus: reg_r err -110 [ 698.649280][ T50] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 698.677913][ T50] usb 5-1: USB disconnect, device number 44 [ 698.813150][ T9733] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 698.826109][ T9733] netlink: 'syz.1.1159': attribute type 10 has an invalid length. [ 698.828447][ T9733] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.832712][ T9733] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.754086][ T9709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 699.771034][ T9709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 699.793867][ T5851] usbhid 1-1:0.0: can't add hid device: -71 [ 699.793979][ T5851] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 699.861986][ T5851] usb 1-1: USB disconnect, device number 35 [ 701.687333][ T36] kauditd_printk_skb: 230 callbacks suppressed [ 701.687350][ T36] audit: type=1326 audit(1777004633.277:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.687399][ T36] audit: type=1326 audit(1777004633.277:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.688679][ T36] audit: type=1326 audit(1777004633.277:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.689295][ T36] audit: type=1326 audit(1777004633.277:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.733995][ T9760] overlayfs: conflicting options: userxattr,metacopy=on [ 701.780807][ T5855] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 701.805306][ T36] audit: type=1326 audit(1777004633.317:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4964f3d04e code=0x7ffc0000 [ 701.834775][ T36] audit: type=1326 audit(1777004633.427:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.834896][ T36] audit: type=1326 audit(1777004633.427:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9756 comm="syz.1.1168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4964f7c819 code=0x7ffc0000 [ 701.918516][ T9762] SQUASHFS error: Failed to read block 0x0: -5 [ 701.929643][ T5855] usb 5-1: Using ep0 maxpacket: 32 [ 701.931881][ T5855] usb 5-1: config 0 has an invalid interface number: 146 but max is 0 [ 701.931905][ T5855] usb 5-1: config 0 has no interface number 0 [ 701.931945][ T5855] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 701.931967][ T5855] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 701.931990][ T5855] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 701.932015][ T5855] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 701.932036][ T5855] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 701.932049][ T5855] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 701.932059][ T5855] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 701.932070][ T5855] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 701.932080][ T5855] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 701.934189][ T5855] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 701.934215][ T5855] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.934233][ T5855] usb 5-1: Product: syz [ 701.934245][ T5855] usb 5-1: Manufacturer: syz [ 701.934259][ T5855] usb 5-1: SerialNumber: syz [ 701.973391][ T5855] usb 5-1: config 0 descriptor?? [ 702.150162][ T9746] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 702.896535][ T9772] FAULT_INJECTION: forcing a failure. [ 702.896535][ T9772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 702.896571][ T9772] CPU: 1 UID: 0 PID: 9772 Comm: syz.0.1172 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 702.896598][ T9772] Tainted: [L]=SOFTLOCKUP [ 702.896605][ T9772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 702.896617][ T9772] Call Trace: [ 702.896624][ T9772] [ 702.896632][ T9772] dump_stack_lvl+0xe8/0x150 [ 702.896667][ T9772] should_fail_ex+0x46b/0x600 [ 702.896702][ T9772] _copy_from_user+0x2d/0xb0 [ 702.896726][ T9772] ___sys_sendmsg+0x1c6/0x360 [ 702.896752][ T9772] ? __lock_acquire+0x6b5/0x2cf0 [ 702.896778][ T9772] ? __pfx____sys_sendmsg+0x10/0x10 [ 702.896810][ T9772] ? kstrtouint+0x6e/0xe0 [ 702.896861][ T9772] ? __fget_files+0x2a/0x420 [ 702.896883][ T9772] ? __fget_files+0x3a6/0x420 [ 702.896914][ T9772] __sys_sendmmsg+0x282/0x4e0 [ 702.896946][ T9772] ? __pfx___sys_sendmmsg+0x10/0x10 [ 702.896982][ T9772] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 702.897021][ T9772] ? ksys_write+0x248/0x270 [ 702.897050][ T9772] ? __pfx_ksys_write+0x10/0x10 [ 702.897073][ T9772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.897100][ T9772] __x64_sys_sendmmsg+0xa0/0xc0 [ 702.897126][ T9772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.897146][ T9772] do_syscall_64+0x15f/0xf80 [ 702.897163][ T9772] ? trace_irq_disable+0x3b/0x140 [ 702.897192][ T9772] ? clear_bhb_loop+0x40/0x90 [ 702.897216][ T9772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.897236][ T9772] RIP: 0033:0x7fd30558c819 [ 702.897253][ T9772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 702.897269][ T9772] RSP: 002b:00007fd3037de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 702.897291][ T9772] RAX: ffffffffffffffda RBX: 00007fd305805fa0 RCX: 00007fd30558c819 [ 702.897305][ T9772] RDX: 0000000000000002 RSI: 0000200000004140 RDI: 0000000000000004 [ 702.897318][ T9772] RBP: 00007fd3037de090 R08: 0000000000000000 R09: 0000000000000000 [ 702.897330][ T9772] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 702.897341][ T9772] R13: 00007fd305806038 R14: 00007fd305805fa0 R15: 00007ffedd3c9cb8 [ 702.897380][ T9772] [ 702.927140][ T5855] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk. [ 702.927158][ T5855] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out. [ 703.188093][ T9746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 703.191675][ T5861] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 703.196789][ T9746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 703.372574][ T5861] usb 3-1: config 2 has an invalid interface number: 178 but max is 0 [ 703.372604][ T5861] usb 3-1: config 2 has no interface number 0 [ 703.372647][ T5861] usb 3-1: config 2 interface 178 altsetting 13 bulk endpoint 0x9 has invalid maxpacket 64 [ 703.372671][ T5861] usb 3-1: config 2 interface 178 altsetting 13 bulk endpoint 0x82 has invalid maxpacket 1023 [ 703.372695][ T5861] usb 3-1: config 2 interface 178 has no altsetting 0 [ 703.377855][ T5861] usb 3-1: New USB device found, idVendor=0f0d, idProduct=6e42, bcdDevice=3b.c0 [ 703.377883][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.377903][ T5861] usb 3-1: Product: syz [ 703.377917][ T5861] usb 3-1: Manufacturer: syz [ 703.377931][ T5861] usb 3-1: SerialNumber: syz [ 703.399470][ T9765] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 703.399876][ T9765] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 703.604771][ T9765] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1171'. [ 703.735744][ T5861] usb 3-1: USB disconnect, device number 50 [ 703.924905][ T36] audit: type=1326 audit(1777004635.517:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9786 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd30558c819 code=0x7ffc0000 [ 703.924950][ T36] audit: type=1326 audit(1777004635.517:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9786 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd30558c819 code=0x7ffc0000 [ 705.058906][ T5932] usb 5-1: USB disconnect, device number 45 [ 705.539619][ T31] usb 3-1: new low-speed USB device number 51 using dummy_hcd [ 705.696066][ T31] usb 3-1: unable to get BOS descriptor or descriptor too short [ 705.697363][ T31] usb 3-1: too many endpoints for config 1 interface 0 altsetting 128: 253, using maximum allowed: 30 [ 705.697405][ T31] usb 3-1: config 1 interface 0 altsetting 128 endpoint 0x82 is Bulk; changing to Interrupt [ 705.697418][ T31] usb 3-1: config 1 interface 0 altsetting 128 endpoint 0x3 is Bulk; changing to Interrupt [ 705.697428][ T31] usb 3-1: config 1 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 253 [ 705.697442][ T31] usb 3-1: config 1 interface 0 has no altsetting 0 [ 707.171283][ T9818] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 708.037045][ T6236] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.136374][ T36] audit: type=1800 audit(1777004639.687:622): pid=9822 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1188" name="bus" dev="ramfs" ino=20738 res=0 errno=0 [ 708.448460][ T31] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 708.448489][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.468654][ T31] usb 3-1: can't set config #1, error -71 [ 708.477637][ T31] usb 3-1: USB disconnect, device number 51 [ 709.052758][ T5865] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 709.292880][ T9844] netlink: 'syz.3.1193': attribute type 10 has an invalid length. [ 709.292903][ T9844] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1193'. [ 709.439986][ T5865] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 709.449874][ T5865] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 709.470836][ T5865] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 709.477164][ T5865] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 709.864060][ T6236] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.915394][ T9844] dummy0: entered promiscuous mode [ 709.950368][ T9844] bond0: (slave dummy0): Releasing backup interface [ 710.005729][ T9844] bridge0: port 3(dummy0) entered blocking state [ 710.005931][ T9844] bridge0: port 3(dummy0) entered disabled state [ 710.006093][ T9844] dummy0: entered allmulticast mode [ 710.159724][ T5948] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 710.323033][ T5948] usb 3-1: unable to get BOS descriptor or descriptor too short [ 710.324867][ T5948] usb 3-1: config 6 has an invalid interface number: 238 but max is 0 [ 710.324891][ T5948] usb 3-1: config 6 has no interface number 0 [ 710.324921][ T5948] usb 3-1: config 6 interface 238 has no altsetting 0 [ 710.328890][ T5948] usb 3-1: New USB device found, idVendor=0557, idProduct=7820, bcdDevice= 7.92 [ 710.328916][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.328927][ T5948] usb 3-1: Product: syz [ 710.328935][ T5948] usb 3-1: Manufacturer: syz [ 710.328942][ T5948] usb 3-1: SerialNumber: syz [ 710.369254][ T6236] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.381345][ T9861] tmpfs: Bad value for 'mpol' [ 710.723384][ T9851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 710.725482][ T9851] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 710.775445][ T5948] mos7840 3-1:6.238: required endpoints missing [ 710.794795][ T5948] usb 3-1: USB disconnect, device number 52 [ 710.994876][ T6236] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.089874][ T5857] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 711.730792][ T5121] Bluetooth: hci5: command tx timeout [ 712.017037][ T9875] FAULT_INJECTION: forcing a failure. [ 712.017037][ T9875] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 712.017072][ T9875] CPU: 1 UID: 0 PID: 9875 Comm: syz.0.1202 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 712.017099][ T9875] Tainted: [L]=SOFTLOCKUP [ 712.017106][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 712.017118][ T9875] Call Trace: [ 712.017124][ T9875] [ 712.017132][ T9875] dump_stack_lvl+0xe8/0x150 [ 712.017168][ T9875] should_fail_ex+0x46b/0x600 [ 712.017212][ T9875] prepare_alloc_pages+0x22a/0x6b0 [ 712.017250][ T9875] __alloc_frozen_pages_noprof+0x12f/0x380 [ 712.017274][ T9875] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 712.017297][ T9875] ? __pfx_policy_nodemask+0x10/0x10 [ 712.017326][ T9875] ? __kernel_text_address+0xd/0x30 [ 712.017350][ T9875] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 712.017386][ T9875] alloc_pages_mpol+0xd1/0x380 [ 712.017418][ T9875] ___kmalloc_large_node+0x4e/0x120 [ 712.017448][ T9875] __kmalloc_large_node_noprof+0x18/0x90 [ 712.017478][ T9875] __kmalloc_noprof+0x4a3/0x7b0 [ 712.017502][ T9875] ? iovec_from_user+0x87/0x250 [ 712.017526][ T9875] iovec_from_user+0x87/0x250 [ 712.017549][ T9875] __import_iovec+0x163/0x7e0 [ 712.017566][ T9875] ? __lock_acquire+0x6b5/0x2cf0 [ 712.017593][ T9875] import_iovec+0x73/0xa0 [ 712.017618][ T9875] vfs_readv+0x1cc/0x850 [ 712.017648][ T9875] ? __pfx_vfs_readv+0x10/0x10 [ 712.017681][ T9875] ? __fget_files+0x2a/0x420 [ 712.017708][ T9875] ? __fget_files+0x3a6/0x420 [ 712.017728][ T9875] ? __fget_files+0x2a/0x420 [ 712.017758][ T9875] __x64_sys_preadv+0x1a2/0x2b0 [ 712.017788][ T9875] ? __pfx___x64_sys_preadv+0x10/0x10 [ 712.017824][ T9875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.017845][ T9875] do_syscall_64+0x15f/0xf80 [ 712.017863][ T9875] ? trace_irq_disable+0x3b/0x140 [ 712.017895][ T9875] ? clear_bhb_loop+0x40/0x90 [ 712.017919][ T9875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.017937][ T9875] RIP: 0033:0x7fd30558c819 [ 712.017954][ T9875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 712.017971][ T9875] RSP: 002b:00007fd30379c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 712.017993][ T9875] RAX: ffffffffffffffda RBX: 00007fd305806180 RCX: 00007fd30558c819 [ 712.018014][ T9875] RDX: 00000000000003e8 RSI: 0000200000000300 RDI: 0000000000000003 [ 712.018028][ T9875] RBP: 00007fd30379c090 R08: 0000000000000006 R09: 0000000000000000 [ 712.018039][ T9875] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001 [ 712.018050][ T9875] R13: 00007fd305806218 R14: 00007fd305806180 R15: 00007ffedd3c9cb8 [ 712.018081][ T9875] [ 712.288611][ T9878] Driver unsupported XDP return value 0 on prog (id 158) dev N/A, expect packet loss! [ 713.809656][ T5121] Bluetooth: hci5: command tx timeout [ 713.899903][ T5932] 1024-page vmalloc region starting at 0xffffc90004d4a000 allocated at kcov_ioctl+0x58/0x640 [ 713.899953][ T5932] list_del corruption. next->prev should be ffffc9001b05f000, but was 0000000000000000. (next=ffffc90004d4a000) [ 713.900543][ T5932] ------------[ cut here ]------------ [ 713.900552][ T5932] kernel BUG at lib/list_debug.c:67! [ 713.900587][ T5932] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 713.900612][ T5932] CPU: 1 UID: 0 PID: 5932 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 713.900638][ T5932] Tainted: [L]=SOFTLOCKUP [ 713.900645][ T5932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 713.900658][ T5932] Workqueue: usb_hub_wq hub_event [ 713.900686][ T5932] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 713.900714][ T5932] Code: ec f9 60 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 1d c8 80 fd 49 8b 56 08 48 c7 c7 a0 11 a7 8b 48 89 de 4c 89 f1 e8 47 cc 7d fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 713.900727][ T5932] RSP: 0018:ffffc90005c17798 EFLAGS: 00010246 [ 713.900742][ T5932] RAX: 000000000000006d RBX: ffffc9001b05f000 RCX: 444087ccecccb700 [ 713.900755][ T5932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 713.900765][ T5932] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 713.900776][ T5932] R10: dffffc0000000000 R11: ffffed101712491b R12: 1ffff920009a9401 [ 713.900788][ T5932] R13: dffffc0000000000 R14: ffffc90004d4a000 R15: ffffc90004d4a008 [ 713.900799][ T5932] FS: 0000000000000000(0000) GS:ffff88812620f000(0000) knlGS:0000000000000000 [ 713.900813][ T5932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 713.900824][ T5932] CR2: 0000001b32120ff8 CR3: 0000000027674000 CR4: 00000000003526f0 [ 713.900839][ T5932] Call Trace: [ 713.900846][ T5932] [ 713.900853][ T5932] kcov_remote_start+0x2af/0x710 [ 713.900881][ T5932] hub_event+0x150/0x4f60 [ 713.900905][ T5932] ? __lock_acquire+0x6b5/0x2cf0 [ 713.900925][ T5932] ? look_up_lock_class+0x57/0x110 [ 713.900943][ T5932] ? __lock_acquire+0x6b5/0x2cf0 [ 713.900966][ T5932] ? lock_acquire+0x106/0x350 [ 713.900985][ T5932] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 713.901011][ T5932] ? __pfx_hub_event+0x10/0x10 [ 713.901031][ T5932] ? process_scheduled_works+0xa70/0x1860 [ 713.901059][ T5932] ? process_scheduled_works+0xa70/0x1860 [ 713.901082][ T5932] ? process_scheduled_works+0xa70/0x1860 [ 713.901106][ T5932] process_scheduled_works+0xb5d/0x1860 [ 713.901146][ T5932] ? __pfx_process_scheduled_works+0x10/0x10 [ 713.901175][ T5932] ? assign_work+0x3d5/0x5e0 [ 713.901201][ T5932] worker_thread+0xa53/0xfc0 [ 713.901238][ T5932] kthread+0x388/0x470 [ 713.901259][ T5932] ? __pfx_worker_thread+0x10/0x10 [ 713.901284][ T5932] ? __pfx_kthread+0x10/0x10 [ 713.901304][ T5932] ret_from_fork+0x514/0xb70 [ 713.901342][ T5932] ? __pfx_ret_from_fork+0x10/0x10 [ 713.901369][ T5932] ? __switch_to+0xc79/0x1410 [ 713.901395][ T5932] ? __pfx_kthread+0x10/0x10 [ 713.901415][ T5932] ret_from_fork_asm+0x1a/0x30 [ 713.901441][ T5932] [ 713.901455][ T5932] Modules linked in: [ 713.901488][ T5932] ---[ end trace 0000000000000000 ]--- [ 713.901802][ T5932] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 713.901836][ T5932] Code: ec f9 60 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 1d c8 80 fd 49 8b 56 08 48 c7 c7 a0 11 a7 8b 48 89 de 4c 89 f1 e8 47 cc 7d fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 713.901851][ T5932] RSP: 0018:ffffc90005c17798 EFLAGS: 00010246 [ 713.901867][ T5932] RAX: 000000000000006d RBX: ffffc9001b05f000 RCX: 444087ccecccb700 [ 713.901881][ T5932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 713.901892][ T5932] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 713.901902][ T5932] R10: dffffc0000000000 R11: ffffed101712491b R12: 1ffff920009a9401 [ 713.901916][ T5932] R13: dffffc0000000000 R14: ffffc90004d4a000 R15: ffffc90004d4a008 [ 713.901930][ T5932] FS: 0000000000000000(0000) GS:ffff88812620f000(0000) knlGS:0000000000000000 [ 713.901946][ T5932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 713.901959][ T5932] CR2: 0000001b32120ff8 CR3: 0000000061c58000 CR4: 00000000003526f0 [ 713.901976][ T5932] Kernel panic - not syncing: Fatal exception [ 713.902423][ T5932] Kernel Offset: disabled