last executing test programs: 29m14.679184304s ago: executing program 2 (id=3): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x40, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 29m11.674128025s ago: executing program 2 (id=7): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0xfdff) 29m9.959652783s ago: executing program 2 (id=11): bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x48800) sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 29m5.192371536s ago: executing program 2 (id=14): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0xd8}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x23, 0x0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 29m3.210146853s ago: executing program 2 (id=16): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, 0x0, 0x0, &(0x7f000001e000/0x3000)=nil, 0x3000, 0x5}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, 0x0, 0x0, 0x996, 0xfffffffffffffffa, 0x3fff}) 28m53.306834975s ago: executing program 2 (id=29): socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) 28m37.060577807s ago: executing program 32 (id=29): socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) 28m9.490068093s ago: executing program 0 (id=78): getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r3) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) 28m6.812032887s ago: executing program 0 (id=82): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x24}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x1, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) 28m3.746066283s ago: executing program 0 (id=84): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) r5 = accept$alg(r4, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f00000011c0)=[{0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000003cc0)="d815e2824b383e261b12ce3a276e935d9986635f19c4b0948ee16149f775c7e07f69d10707f39808df56bb79714ecd16b02c599a348b6710a7ace4b076f60b38de91432fc21315ff8424db7d2154f90a5d3905406ec9917ed492ce25009fb1", 0x5f}], 0x1, &(0x7f00000024c0)=ANY=[@ANYBLOB="18000000000000001701000004000000fcffffff00000000180000000000000017010000030000000100000000000000e0"], 0x110, 0x4000}], 0x1, 0x8081) recvmmsg(r5, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000bc0)=""/95, 0x5f}], 0x1}, 0x4}], 0x1, 0x40012001, 0x0) 28m2.172958891s ago: executing program 0 (id=87): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 27m51.705862373s ago: executing program 0 (id=97): keyctl$setperm(0x5, 0x0, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x4008000, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2, 0x7}, 0x30) sendto$inet6(r3, 0x0, 0x0, 0xc001, 0x0, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000080), 0x4) keyctl$unlink(0x9, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$bt_BT_POWER(r4, 0x112, 0x9, 0x0, 0xfffffffffffffffe) 27m49.101160726s ago: executing program 0 (id=98): r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCCONNECT(r0, 0x4004743a, &(0x7f0000000000)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() kcmp(r3, r3, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs$pagemap(r3, &(0x7f00000000c0)) r4 = syz_open_dev$video(&(0x7f0000000040), 0x3ff, 0x0) ioctl$VIDIOC_STREAMOFF(r4, 0x40045613, &(0x7f0000000200)=0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xcf, 0x0, 0x0, @loopback, @multicast1}}}}) r7 = syz_open_dev$video4linux(&(0x7f0000000500), 0x322, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r7, 0xc0585604, &(0x7f0000000540)={0x2572d8929a6d88f2, 0x0, {0x100, 0x7, 0x200a, 0x5, 0x2, 0x1, 0x2, 0x2}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000140)={'erspan0\x00', r6, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x91}, @multicast2}}}}) r8 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r8, &(0x7f0000000400)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1, 0x2e}, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 27m32.523627347s ago: executing program 33 (id=98): r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCCONNECT(r0, 0x4004743a, &(0x7f0000000000)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() kcmp(r3, r3, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_procfs$pagemap(r3, &(0x7f00000000c0)) r4 = syz_open_dev$video(&(0x7f0000000040), 0x3ff, 0x0) ioctl$VIDIOC_STREAMOFF(r4, 0x40045613, &(0x7f0000000200)=0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xcf, 0x0, 0x0, @loopback, @multicast1}}}}) r7 = syz_open_dev$video4linux(&(0x7f0000000500), 0x322, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r7, 0xc0585604, &(0x7f0000000540)={0x2572d8929a6d88f2, 0x0, {0x100, 0x7, 0x200a, 0x5, 0x2, 0x1, 0x2, 0x2}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000140)={'erspan0\x00', r6, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x91}, @multicast2}}}}) r8 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r8, &(0x7f0000000400)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1, 0x2e}, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 13.359383892s ago: executing program 4 (id=3036): socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x66a42, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) syz_open_dev$video4linux(&(0x7f0000000540), 0xf, 0x101002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x103000) syz_io_uring_setup(0x313c, &(0x7f0000000000)={0x0, 0x4ff, 0x3600, 0x1, 0x372}, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000200)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 13.186134892s ago: executing program 4 (id=3038): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c000000246d01f6b0f915cb6315e09f699b4c7619328f98f1807465ebbd00eb998da40fc0bc6ffef15acfbb434943767a370a6f3f1a1cd293a53d2a0487b24685b8f7aee49952250f2ee8031c497e", @ANYRES16, @ANYBLOB="01002cbd7000fedbdf2507000000180001801400020073797a5f74756e000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24000080}, 0x40804) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000000)={0xb}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12.847757883s ago: executing program 3 (id=3042): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x111, 0x6}}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) read$msr(r1, &(0x7f00000000c0)=""/77, 0x4d) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x1c0) r2 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000200)={0x100, r3}, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000280)={0x100, r4}, 0x0) close(r4) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000340)={0x100, r5}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r2, 0x0) r6 = shmget$private(0x0, 0x2000, 0x78000040, &(0x7f0000ffe000/0x2000)=nil) shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0) 10.41145805s ago: executing program 6 (id=3044): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000001c0)={0xffff0000, 0x2, 0x4add}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x18) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x56, &(0x7f00000006c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x1c, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x1ff, {[@fastopen={0x1e, 0x5, "4d1f32"}]}}}}}}}}, 0x0) 10.273685087s ago: executing program 5 (id=3045): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x62) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000020700000a58000000090a010400000000000000000a0000040900010073797a310000000008000a40fffffffc08000540000000020900020073797a3100000000080003400000011c08000640ffffff000c718bb2b3714cefb6000090140000001100010000000000000000000700000af1319192ac653796c8d51b43c3f27b222fd6cacfb1472fcfe2d8e98415191c15ccee8ac6ed008c39364a7c5a3a048054de6ddab97432a84b9e980b50246c5fb21732ffdf1e7b13ae6acd00c7bb4388f066e849af12c402418a0cd21adb726a7635f89a41175bd9f5e799f8497654022118cb7806de34ac6430725edb9b7aa867bb22487f0129"], 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) 8.963234131s ago: executing program 4 (id=3047): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f00000011c0)=[{0x0, 0x0, &(0x7f0000001140), 0x0, &(0x7f00000024c0)=ANY=[@ANYBLOB="18000000000000001701000004000000fcffffff00000000180000000000000017010000030000000100000000000000e0"], 0x110, 0x4000}], 0x1, 0x8081) recvmmsg(r3, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000bc0)=""/95, 0x5f}], 0x1}, 0x4}], 0x1, 0x40012001, 0x0) 8.960233262s ago: executing program 3 (id=3048): socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x66a42, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a0000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) syz_open_dev$video4linux(&(0x7f0000000540), 0xf, 0x101002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x103000) syz_io_uring_setup(0x313c, &(0x7f0000000000)={0x0, 0x4ff, 0x3600, 0x1, 0x372}, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000200)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 8.799324625s ago: executing program 5 (id=3049): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000001140)=ANY=[@ANYBLOB="12010000bdf7130870270c936a8d0102030109021200dfff0000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000004c0)={0x34, &(0x7f0000000280)={0x20, 0x6, 0x17, "779e5ab39744065c96c9537bb9bb6a3fb2b155fea80368"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xfc}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000003c0)={0x20, 0x0, 0x6a, {0x68, "11b40789964d447dd8e430efde2c1de6881cf9952bab8ecbd165dff8218b9105b165d07704f2da274aa8bdc0501515815666454cff012fc49402da40e411e46545c168c4a9ba3a3d4c6dda7f1a796e049f5ad86bafae982d406ba683e46ffaf0d026377a8fa39b14"}}, &(0x7f0000000440)={0x20, 0x1, 0x1, 0x8}, &(0x7f0000000480)={0x20, 0x0, 0x1, 0x10}}) 7.898795134s ago: executing program 6 (id=3050): dup2(0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005000)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x8000, 0x103) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}}) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000001200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x22000100}}, 0x50) 6.791337883s ago: executing program 3 (id=3052): r0 = socket$netlink(0x10, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, 0x0, 0x0) 6.525851059s ago: executing program 6 (id=3053): getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000180)=0x1, 0x4) getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x340) ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0585605, &(0x7f0000000080)={0x0, 0x1, @raw_data=[0x0, 0x0, 0x100b, 0x0, 0x0, 0x0, 0x6]}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000340)=@file={0x1, './cgroup\x00'}, 0x6e) 5.571213633s ago: executing program 3 (id=3054): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4) syz_emit_ethernet(0x86, &(0x7f00000010c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x2, 0x0, @broadcast=0x1000000, {0x17, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x11, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x15}, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x5, [{@rand_addr=0x64010102, 0x4e20ffff}]}, @timestamp_addr={0x44, 0x3c, 0xed, 0x1, 0x0, [{@multicast1, 0x4}, {}, {@loopback}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@rand_addr=0x64010101, 0x800}, {@multicast2}, {@dev, 0x4}]}]}}}}}}}, 0x0) (fail_nth: 4) 5.47047495s ago: executing program 6 (id=3055): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) r1 = socket(0x1e, 0x1, 0x0) listen(r1, 0x7f) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000240)=0x1) ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0x10001) write(r2, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x300, 0x70bd25, 0x25dffbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x823}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004080}, 0x8ae257a062cc3564) getsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) shutdown(r1, 0x2) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x2, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x48) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x894b, &(0x7f0000000180)) 5.411142104s ago: executing program 1 (id=3056): r0 = socket$nl_generic(0x10, 0x3, 0x10) gettid() openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xb0c4, 0x0, 0x2, 0xbedffffc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r1, 0x2b93, 0xe9d0, 0x22, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000380080015"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 5.00159966s ago: executing program 5 (id=3057): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000001c0)={0xffff0000, 0x2, 0x4add}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x18) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x0) syz_emit_ethernet(0x56, &(0x7f00000006c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x1c, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x1ff, {[@fastopen={0x1e, 0x5, "4d1f32"}]}}}}}}}}, 0x0) 5.000601361s ago: executing program 1 (id=3058): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x800000, 0x2ffffffff}, 0xc) syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0x2f) close(r2) 4.91258917s ago: executing program 6 (id=3059): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) connect$inet(r0, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x62) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000020700000a58000000090a010400000000000000000a0000040900010073797a310000000008000a40fffffffc08000540000000020900020073797a3100000000080003400000011c08000640ffffff000c718bb2b3714cefb6000090140000001100010000000000000000000700000af1319192ac653796c8d51b43c3f27b222fd6cacfb1472fcfe2d8e98415191c15ccee8ac6ed008c39364a7c5a3a048054de6ddab97432a84b9e980b50246c5fb21732ffdf1e7b13ae6acd00c7bb4388f066e849af12c402418a0cd21adb726a7635f89a41175bd9f5e799f8497654022118cb7806de34ac6430725edb9b7aa867bb22487f0129"], 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) 4.911792901s ago: executing program 3 (id=3060): r0 = socket$nl_generic(0x10, 0x3, 0x10) gettid() openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xb0c4, 0x0, 0x2, 0xbedffffc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r1, 0x2b93, 0xe9d0, 0x22, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000380080015"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 4.27135737s ago: executing program 4 (id=3061): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000008340)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x130, 0x0, 0x1, {0x2, 0x6, 0x0, '\x00', {0x7ff, 0x6, 0xadd, 0x806, r2, 0x0, 0xc000, '\x00', 0x3, 0x8, 0x4, 0x5, {0x8, 0x4}, {0x4000000000006, 0x8}, {0x1, 0xd}, {0x100001000000003, 0x2}, 0x2, 0xa, 0x3ff, 0x6}}}}) ioprio_set$uid(0x3, r2, 0x2000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008032, 0xffffffffffffffff, 0x0) process_madvise(0xffffffffffffffff, &(0x7f0000000540)=[{0x0}], 0x1, 0x13, 0x0) sendfile(r1, r1, 0x0, 0xfffa83) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc058560f, &(0x7f0000000100)={0x0, 0x9}) r4 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0) write(r4, &(0x7f0000000040)="06", 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r4, 0x0) lsm_get_self_attr(0x66, 0x0, &(0x7f0000000400), 0x0) 1.981583692s ago: executing program 5 (id=3062): socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x66a42, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) syz_open_dev$video4linux(&(0x7f0000000540), 0xf, 0x101002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x103000) syz_io_uring_setup(0x313c, &(0x7f0000000000)={0x0, 0x4ff, 0x3600, 0x1, 0x372}, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000200)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 1.980892422s ago: executing program 1 (id=3063): dup2(0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005000)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x8000, 0x103) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}}) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000001200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x22000100}}, 0x50) 1.761321088s ago: executing program 6 (id=3064): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 769.796665ms ago: executing program 4 (id=3065): getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000180)=0x1, 0x4) getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x340) ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0585605, &(0x7f0000000080)={0x0, 0x1, @raw_data=[0x0, 0x0, 0x100b, 0x0, 0x0, 0x0, 0x6]}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000340)=@file={0x1, './cgroup\x00'}, 0x6e) 754.870979ms ago: executing program 4 (id=3066): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x32d15422}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='net/tcp6\x00') pread64(r4, 0x0, 0x0, 0x4009) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) 677.960202ms ago: executing program 3 (id=3067): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000070000040900010073797a300000000068000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d24001280200001800e000100636f6e6e6c696d69740000000c00028008000140000000080800034000000120140000001000010000000000000000000084000a0740637a801b5025c18481437fb86ad793db2fba3e1b372b8d39951ee834b07a6e6682042f4e8a11b5e7407b498492e0e2cccef8f047c78e731684e22936ef918e24e1339ad37646f9fc7759bb177546aa812a2a87afff65d3749658c03b127bc5d696765cea288e8bc21b8bb50d8602451ff231d4dd77dea90e5c730309db690e0adb4839874cdaa7053d9108439441ab47bad5575d76b859767334d9a1a01bd57128630d001641d983afb4220d3afffc8a8f3ac135120507fa8e4b18ab14fdbcb09c84c27633cdb2b25c3e930b02ccb581906413154fe07aa127d9e2878c42"], 0xb0}}, 0x20050800) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r2, &(0x7f0000000380)={{0x3, @null, 0x1}, [@null={0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @null, @null]}, 0x48) unshare(0x2e020400) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, 0xffffffffffffffff}, 0x0, 0x0}, 0x20) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x200000000000011, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r9 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x3d, 0x2, 0x3}]}, 0x4b) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYRES64=r8, @ANYRES64], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r10, 0x0, 0x4}, 0x18) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r14 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r14, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f000001b2c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000740)="b1c0ca13644ffa8cd8c87e94ea9ce946f91915e11ddd1075a8be7d6b692fc022c3c8ad3d2f48828c7b72e255d5b6e2ece10ca942c1ee563abf17a3724c58b169ee65edd5a564e4be4acd952b1027c459175086126f4f8e6c4c055ea50870e077fbf301faf1b2b09d605ed1839cd47e3ecb8ecb8ab3c12acd1bacab4e896beaed16d15b61bb5544f540772cde6e04aa7bc4b193e17df38c93a6d244a8b2e46d9e86f414eb8e497eaae0e41bc9a197b0cc8495886ef4649f14f9a24b2cb182a9858ba17c47a2a939823bb14564bedd2d6c3e4ccd82c4108afdf9c533f125de66f3c8af3e0ed8d87ce30c0063176f2e626e062cea248a20", 0xf6}], 0x1, 0x0, 0x0, 0x200480c5}}, {{&(0x7f0000000480)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000340)="cf27c522d666f49cf0dab570a0", 0xd}, {&(0x7f0000000840)="bbeb1059d67a895a40bb3475b18f62d3be00f4cb18acad347aafd94550662fadd6866f553bca7008a7d0100b10004fa38f8136f27133eae5733826916a35cedf2958818878d71e391d420192a7872c1712bb20be8a", 0x55}, {&(0x7f00000008c0)="558758e325bd11abfe5475b5270b984dd71b13b0dbdabd0b85be0f7a1fa2b58a7a6c40e23d7ab0d5196843f9287d22020d768ad21c7b6e8e9b09129e47ad51b0ed8c86791867e006dc9c86649bd46ecdb0f82e45", 0x54}, {&(0x7f0000000940)="62b990c04d6a85a89629f88facec35c1535d63aa6c403208097ad7e3d0138cfdc9df788723ac3c27edb3105cef27925ed8f078d47d42e93f315c90a1ad988bcde3b8483e71edf56a81076a22491573b12370e8287473a3b486922337bdd6d8c15d5a46b29dfbe61e45b31182727d28d64da64074e351e7a1f8187f9dbfa4064f5ca487473a68a01a6a9580998f9ffa9d39e9889b4bd38e11fb5a1bf7a3fcd3648f02ec212ec6a720a1c599b4e3e87c3d0e03f3c8c9014cd60f8e159ffb567216c215ecb9628acd6f7d0b22e8a8dcec0181659d0f958c8ef244f6c7719e8746eb904c155b45f31a2fd3a06ed45b55b850edcd66", 0xf3}], 0x4, 0x0, 0x0, 0xc0}}, {{&(0x7f0000000a40)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000ac0)="542fe7793529cfcbd4549e1a2ff1e358bf58cf7c86b35bbbff9ab423ad95630e0f91a0a0c701adb2a71bd814075d7c1a51c4e49278b39841e7115669fa4ff7950c", 0x41}, {&(0x7f0000000b40)="f47e012f56", 0x5}, {&(0x7f0000000b80)="1717399766834c7c31699e249ad5450723cb61729cc186075c4439ff80ac5113350e9fdeeee973985db6dfd78076dafacbdaa31e3416c7df4dd5c165a9fbe2086c60afab71b2c82b01d5108c98b93129207a", 0x52}, {&(0x7f0000000c00)="a95002605cd80f65724a50fb0ef8bee076af8051bf685bef628520ed498441f52dfad5174d1c2ef9a92b8f91039b8f80c97773657d1c58dcd4552515e9ce9dd31c11534d16a1017ce281cf62a8ed2522c6e14ec504d6ec5fefda4dd107000000ed5ea402ced6a14b34e198e25cedf960f6e571f3a26ab1094e0473339734dc813c7bd18afd3e2dd87a0843bfb7a80255bde3508e538827ca0ffcdef1a4e3e0b62533b24371e1dd5e3f05b9238a1044ff919c482eed0dad1b8cfc8db07bc2a5d7998b55f6094d6f3727d20ee69c52841fd9e973bb6ca02926130a2904aee31c21d728a4f5ed588d6f0c43beb21419140c298048e7b8f80a", 0xf7}, {&(0x7f0000000d00)="06795488241f15674fbd240dcd62717b8f84662caf41dec795b571df6c8d8e4998f73c82db10c818a799d15c28fff5b1e1c47490bfaa9547656a98e6accdf44665791a9ee7630fda72ce8174c055af38e427010afd647a3cb219e6ca84e9f8208fd35570b7266f9df1dddaa3d242d1069d62bed9cc33625ddbb024b77f7e383663fd7f6b8386efe92968bb1309394f3a95c049f27ad09b6c4f71f8d19a8290caf611264e872b4f2c5fce978c", 0xac}, {&(0x7f0000000dc0)="e3c7d2e412c5a70d50e77634e13b01eb9ca397a2cc6473e60ad272feb8e102baa62c7e93d381fea616120951c54d0aec4b80a449ab6216bf79b075681f4845ff27128780c834e1066aa1588d2f3f9fc6753d0ea9a92508be2f75c6e9e74f45b470c41eb2ebefa86b9199b95c", 0x6c}, {&(0x7f0000000e40)="a8789f5ae5d8c971c7e623daef715f19dea27fa6961b71c58361765d79a8dd9edaf07dbc6793c4d57175943a2bfd90a7b0fcb3c529c5109a2b3adb48de0d0c7a86d9595e3a4802a6b47c9d0f13f630f734491c9ecc14512ed5f0efb045359234c7f1f3e6e700cff92e377429cc52b028aac8c766990feb4cfd624fa68513efdd8e744f7e8fe7c696e1efba6513fa4d7d03602c9eff4b704e0d9ef163a483eba9c9bab5", 0xa3}, {&(0x7f0000000f00)="a7b205b152b54cd52d70e3837eff859b2c5b5858fe74dcafc130072ddac3b37054be7978a00f477f9dc713300a374c4c001ff9100703fd8fe95842de19b76a617e5a15b9ad123a6b8d7fa47f98c81eeea9b6a4075d63d49603db4242203fe058c38934c188a206cc80ce75b65e3bad6af8a25a3ba1907b1897722308a62d8ab33c48ee285663b50618e9e299a2", 0x8d}, {&(0x7f0000000fc0)="9fee55b95d4c333678ae54b675074e4de525017bf70055ac707df5165dbf8be989e16e4a320eee8083be41cc415921a82419477c89c00d6d3587e6a9b56877a6ab654093a20d107820a46f0f42e1048073fb276f31d01a46689f16739c51898c4b41d39408a12f98e3469d9334820fb771e0ebfe7bcb0776c6bcaf67", 0x7c}], 0x9, &(0x7f000001b5c0)=[@rights={{0x24, 0x1, 0x1, [r15, r13, 0xffffffffffffffff, r13, r9]}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r2, r16]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r14}}}, @rights={{0x34, 0x1, 0x1, [r5, 0xffffffffffffffff, 0xffffffffffffffff, r16, 0xffffffffffffffff, r12, r16, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [r2, r7]}}, @cred={{0x1c, 0x1, 0x2, {r14}}}, @rights={{0x30, 0x1, 0x1, [r13, r11, r3, r4, r5, 0xffffffffffffffff, 0xffffffffffffffff, r15]}}, @cred={{0x1c, 0x1, 0x2, {r14}}}], 0x160, 0xc000}}, {{&(0x7f000001a600)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f000001a240)=[{&(0x7f000001b400)="8c5bb360bb7c7652d0c068eb87268f19eee000e4d838d729f2324ecccd597e281f5c7e98f4f4fdef56179189647fb44ef1ecb0028835541b047afea177f029b47dda4cfae7ccbabadb960e61e784a27d0b2089f9f6a377a9e670e822cdff371692e096f2bf9c113a61353f36d944bab94dc51f4ae216773a59b86c1ebaa462e277667f4f711c775d62ee1e68c9b7a0b9d0e5e31ebf43217a8dd1fce09b93ca294f465891ffd4792ef562ca79c44d9be9323ebbd3f0d225fe06000000000000004e59f21b98cb6517f077a08ae214979f3844b95c198bca8ab7f41f362ebb6edbb193b4f7a6945fe5daa92906636220b0ff3d863575dbc9e812357b07765f9e29fffad8513e67a70468578bcd14ae1cdd5c894d26455389cbf0ec0f8e0bf8e9a3d12c1e56d2550596bc2bddaec4036823ac0ad3470c410af1f38c3d96a8e9c6edb1b9c2a8b268d6725d2cd86094ffb286dfbae73b3032bdd610010000009f7ee6a6034a8187bf11fb36136d16529bf7e2825e7a065e0100bb9ddc88e3ea6394e1bf6f5b08cf0d8c62cc5a82f255f67e6c968a38202cbc78bafbc5a381e465a6f1931dcf12063db59275b9", 0x1aa}, {&(0x7f000001a300)="e952047b2e13c42d9a2f1e5760b5da339c8536c6237f5235e97c830dfbf533be00544f73f5dc26306f3b85e3f7cdba4d5d064b69f18dacb0dc258b330546751e191357130b12c2063ad0bbbcc5185858021cd01f9aea7a8ca4baf7aca7be28b26d312a8a9fcd205374be92f8f8fda8beb841c7d007a9f37e9ab12d901f63a26810c33bfcd2f50288737a0b2593416f55d1527477c61f337261736e0271097c512cb5cf57e92e966acbe65daa4d37951b02d78f8873580d0a194d6f9c6b5efddfde5690368d25e622d4b76ac0f3be573c923f9495cadbd5c5f74856c644fa4896da3e29d5a272ad73f64d0f1e5ec74304aa7b01c0b9b1f608984c1c391a6f7133907f0700a702a0789cf88684706d20e38343306cb6a242e324aa7d9dff43d3d4e5787a143ad3c684752551d3e149e742aa58bcea01b4497bf3e0f31be22a82db58", 0x141}, {&(0x7f000001a680)="275c0d73c4b105bbfa7f79c5b169e6defcb06eee6b5eb3f8f80632ad50618a2a050af1413210226cec6f7beaf37f7a452afbeb964cb2388950fe7540dcaae32d34927512aaa68fed7b4efd4c2b8235810ec6a9c3150a528be963b7c1be5bc2ea57b3a8c4ac889e24e22e8ca7c58fe5c568812d9e8275b72a108a229b4636f6e2154d402fbf937e2b39c9d9ffd3be4e0c43dd361966d5f111f09f3e9328dc0fd5dfd80e0713", 0xa5}, {&(0x7f000001a880)="d786f2cb1555f97074d30a93b35c1283779c6e321fb1212c1183cfdd8f44bd4aeb660ee33e0793cf", 0x28}, {&(0x7f000001a8c0)="316760317689c2c962c548ba945100a46de9091546ee196ce79c5cbddaac8f91b64fac1100ccf9724d9541fddc610a7097c1f099f474154f3e488ab29e1c4e9091670330d426dfcee10652cd7c170c97775271e231a351c377d6b9f529ce17b49dfaf67dbc9f26116c1774734f652acf9bd255b40752b2b350338e5f513a9660d2828a41d441b009e732f1a8b6eff700d28953fda2e50de87ed2f1ad5e4583f03d5d78ba809e3d1184b23b5e0c46ac0fa936f934997bd22acec9a2ec154ac98d", 0xc0}, {&(0x7f000001a980)="cc2ffbb840f18e2b171890b5c618e672f274f612f31ea4dcc5e0daa7eae97ea8391d62313f5ee9d0fa5c53eb398ae2247989e1da8b8d9be8", 0x38}, {&(0x7f000001a9c0)="e16bb2fc4e87dec479380bc3d96a5ef8d94719c36634aba57e2494db8a96567e394432ec41537d7aaa1b010df19d4476a9347b0854273f1391c5dd5373985d923c3e0d1cf8b6bc74c72ccd23a898ade32043c45068577f471cbbf511758d32600fd952c5b0782e9b94df7028b3de815dd35d29bb1309d4d0aa39d47351452f0b2a4228f3d5718526ed9d2edcd74956fde2558884efbc6b5ee17e2a3ba6b03aaee8f5a9914194c572ecb7dbfd6da2dbee64e792a66d3bf67d7133130d26b56931d9ee7fff084ba81041f15d41155a17bcd30ac5b0ed9b38fe12674e9b9fdcc99671c1976037", 0xe5}, {&(0x7f000001aac0)="f0f0ce13cb313f8e9fe3f0b1558a7ef35b4469da122c6c755826f95d0f6d095c20b689877fb5741e6bbbb2728f6489a7a66d9d39ec140487c6c367c0b3602dda00335b844dab60d1c52dcf926a2b046d75315707611117803de7d81ad89fdc81c446bf9fe0a9e16119cd51d943a22382aa893f4e9b22afa351aa2481dee141107f813dcc0adf33047dc35bdaf76747077b7bcce68e8b10ee8aadd5cc14d6cd43f8ce15702ea7397cc104198ccae69a762be6b98f7565a58e73bc8cb5c3e34a2dc2857c0923c846465f471a7373371736648e94f39670f2a301e28923", 0xdc}, {&(0x7f000001abc0)="8fdd4a8881751a930174c0d409009d5bc49124eca07c50f0778f5595", 0x1c}, {&(0x7f000001ac00)="4c42e64459f6528fd4c968fa1495031db1c65bc3e17c7110b52fcbfd5baa32f4c890770e7fc7e758d97c1f8e1f2df7", 0x2f}], 0xa, 0x0, 0x0, 0xc004}}, {{0x0, 0x0, &(0x7f000001b240)=[{&(0x7f000001ad00)="8b1dc9983499b5527dcacba0ad355935a97220f9a40f206527524bba44d609b0cd5c43cc5f025163b4fd510a200c51a4ba79670e5f2f2860c68b4d14161bd9b8071b5c8d6e63aaac94fcf6bc1410592d836066a55a0bd322881978376905af5871116309886c692a0435456a9201fd0c2768f4507682adcec0e37789defdcf493eade6aee6b2513d5885e952c325e3340bff0622d4fa0a3b83d7209825f892a10ecc", 0xa2}, {&(0x7f000001adc0)="417374f4444fccbdf693f7fb855563509bcdb08044d62a68964639368bf8f26efc35f67a32460014445182e310ca6c21ea0a310177c972f93ba95b750968a25930835860749dc2716a97a0af65fba3843434311932c7fb1e966ad608cb30916c156ed0b386520d78a1e11ada893031e7d038911b133b8c380e6dfc13856310c8b7da52a4b5f22fabf52c932fc0", 0x8d}, {&(0x7f000001ae80)="3a147ed02a5677047e1cbead179a1d98e7aeded5e5f709c788ab3d41afc2c92ba850beb11bc2ba24d5c3ba5a5e609900df587f8359", 0x35}, {&(0x7f000001aec0)="fb6fdb5dde87", 0x6}, {&(0x7f000001af00)="ce7b4184722d42adda9ce8a92c3b0f156357b021fd45dab740726dc1586fee344d74ecfcd793774503c5751b7e8760a005e96f8854e4f400eff9e81648727273d0ff84e3cffca1890a69c53e7e2378c0c974e9fd06db43f5602cd4acb7deacfd729a9c09a5038cc90834cc11d250e82b0ed27847d6118d6dafe172ab6ef6374cc7f44a03757f4b949572bd3f43452c06", 0x90}, {&(0x7f000001afc0)="1aa688d0d2a60831cc5d557d0c91bec12b15a8a28f2711661c70748bdd22c766e57b35a1cd118aaedae126f24428eb08d480ef8b5528205cbf37c607fc216d574c49e4963175a6fde04284760d83775dd887e8fd452a365b0b48f663e1facd887dbc70ef7d0a6d2d7b5705a9214580d1cf14227c10ac3d37a0aae697b2f38378928f933a935195164fb88c6a387629e2fd361361b370488dc94ec6d399e1e170e3b9eca4d1728725dcc1d99334c38d03e8bfbee9a358610a4c1fd1dedb9dd434c94d62fe9f", 0xc5}, {&(0x7f000001b0c0)="ba8ef4a6268e89586186e4d8123e9edaba5b9d90fe3bcb20855b692870fd1334d334a74af26691aa99dffb0a1f0ebead6951fb38aac1bb399acf3275de8b90f812a293e1f9b62a939c450e1f160cdd9429bfcb51b2030cf0072b2aecf4110a213189925f950f233f2f5874714a298794167d3a56769d885fa596f15a22f6d7865763bcfa3c2e3b9f1f48687b01087e722d71ae99e4dd36feb0e50089de6005c08b3c2fc79c7315e0c309f47e5c7a1ef2908c1fbc8474ea36c4febf18a9a4dbfdf028e021ac31c3adce0a93115651ffacb0", 0xd1}, {&(0x7f0000001100)="18164c0fd906fd9c0cf1b1f750937a6e235793fd339dddc1688bcde58675c1b8ecb447e7e18ec6b9597fb54091e18061ac57df59a7f68f0fd93b7edbfef59e09097d3fab55a6619c1985ab5f32294ad2de7227c7f719d3ae2b35732fb25a94474fdcd619fe7dd4fcf918f7d4f5dbc46f08a945", 0x73}], 0x8, 0x0, 0x0, 0x4000010}}], 0x5, 0x0) 532.741115ms ago: executing program 5 (id=3068): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f0000000100)='reno\x00', 0x5) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r2, r1, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) write$tcp_congestion(r0, &(0x7f0000000300)='reno\x00', 0xfdef) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r2, r1, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) write$tcp_congestion(r0, &(0x7f0000000380)='reno\x00', 0x5) 521.050441ms ago: executing program 1 (id=3069): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e, 0x2000000}) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140)={0x17e}) 212.629856ms ago: executing program 5 (id=3070): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000036000701fcffffff00008100017c0000080004"], 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000036000701fcffffff00008100017c0000080004"], 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x50) 189.881228ms ago: executing program 1 (id=3071): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$tcp_congestion(r0, &(0x7f0000000100)='reno\x00', 0xfdef) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r2, r1, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) write$tcp_congestion(r0, &(0x7f0000000300)='reno\x00', 0x5) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r2, r1, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) write$tcp_congestion(r0, &(0x7f0000000380)='reno\x00', 0x5) 0s ago: executing program 1 (id=3072): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', 0x0, &(0x7f0000002b40), 0x24, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x62) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000020700000a58000000090a010400000000000000000a0000040900010073797a310000000008000a40fffffffc08000540000000020900020073797a3100000000080003400000011c08000640ffffff000c718bb2b3714cefb6000090140000001100010000000000000000000700000af1319192ac653796c8d51b43c3f27b222fd6cacfb1472fcfe2d8e98415191c15ccee8ac6ed008c39364a7c5a3a048054de6ddab97432a84b9e980b50246c5fb21732ffdf1e7b13ae6acd00c7bb4388f066e849af12c402418a0cd21adb726a7635f89a41175bd9f5e799f8497654022118cb7806de34ac6430725edb9b7a"], 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) syz_emit_ethernet(0x86, &(0x7f00000001c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb0800450000780000000000119078ac1414bbe0000001"], 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r7, 0x3ba0, &(0x7f0000000200)={0x48}) ioctl$IOMMU_IOAS_IOVA_RANGES(r6, 0x3b84, &(0x7f0000000180)={0x20, 0x0, 0x5, 0x0, &(0x7f00000002c0)=[{}, {}, {}, {}, {}]}) kernel console output (not intermixed with test programs): tats+0x4a/0x4d0 [ 1646.195813][T16811] __vmalloc_noprof+0xb1/0xf0 [ 1646.195828][T16811] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.195845][T16811] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.195862][T16811] bpf_prog_alloc+0x3c/0x1a0 [ 1646.195878][T16811] bpf_prog_load+0x735/0x1a10 [ 1646.195902][T16811] ? __pfx_bpf_prog_load+0x10/0x10 [ 1646.195933][T16811] ? bpf_lsm_bpf+0x9/0x20 [ 1646.195949][T16811] ? security_bpf+0x7e/0x300 [ 1646.195969][T16811] __sys_bpf+0x507/0x860 [ 1646.195984][T16811] ? __pfx___sys_bpf+0x10/0x10 [ 1646.195995][T16811] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1646.196021][T16811] ? ksys_write+0x230/0x260 [ 1646.196038][T16811] ? __pfx_ksys_write+0x10/0x10 [ 1646.196057][T16811] __x64_sys_bpf+0x7c/0x90 [ 1646.196070][T16811] do_syscall_64+0xfa/0xf80 [ 1646.196089][T16811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1646.196102][T16811] ? clear_bhb_loop+0x60/0xb0 [ 1646.196117][T16811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1646.196129][T16811] RIP: 0033:0x7f3abe55f749 [ 1646.196144][T16811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1646.196155][T16811] RSP: 002b:00007f3abc7be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1646.196171][T16811] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55f749 [ 1646.196180][T16811] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005 [ 1646.196190][T16811] RBP: 00007f3abc7be090 R08: 0000000000000000 R09: 0000000000000000 [ 1646.196198][T16811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1646.196206][T16811] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1646.196229][T16811] [ 1646.196275][T16811] syz.5.2415: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1646.196339][T16811] CPU: 1 UID: 0 PID: 16811 Comm: syz.5.2415 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1646.196359][T16811] Tainted: [L]=SOFTLOCKUP [ 1646.196365][T16811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1646.196375][T16811] Call Trace: [ 1646.196381][T16811] [ 1646.196388][T16811] dump_stack_lvl+0x189/0x250 [ 1646.196413][T16811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1646.196433][T16811] ? __pfx__printk+0x10/0x10 [ 1646.196451][T16811] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1646.196473][T16811] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1646.196494][T16811] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 1646.196516][T16811] warn_alloc+0x22e/0x3b0 [ 1646.196538][T16811] ? kasan_quarantine_put+0xdd/0x220 [ 1646.196558][T16811] ? lockdep_hardirqs_on+0x98/0x140 [ 1646.196583][T16811] ? __pfx_warn_alloc+0x10/0x10 [ 1646.196604][T16811] ? __get_vm_area_node+0x240/0x350 [ 1646.196621][T16811] ? __get_vm_area_node+0x172/0x350 [ 1646.196640][T16811] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.196660][T16811] ? __get_vm_area_node+0x240/0x350 [ 1646.196686][T16811] __vmalloc_node_range_noprof+0x331/0x12d0 [ 1646.196708][T16811] ? __lock_acquire+0x6b6/0x2cf0 [ 1646.196755][T16811] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1646.196772][T16811] ? __lock_acquire+0x6b6/0x2cf0 [ 1646.196800][T16811] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.196815][T16811] __vmalloc_noprof+0xb1/0xf0 [ 1646.196833][T16811] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.196853][T16811] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1646.196875][T16811] bpf_prog_alloc+0x3c/0x1a0 [ 1646.196895][T16811] bpf_prog_load+0x735/0x1a10 [ 1646.196925][T16811] ? __pfx_bpf_prog_load+0x10/0x10 [ 1646.196966][T16811] ? bpf_lsm_bpf+0x9/0x20 [ 1646.196986][T16811] ? security_bpf+0x7e/0x300 [ 1646.197010][T16811] __sys_bpf+0x507/0x860 [ 1646.197030][T16811] ? __pfx___sys_bpf+0x10/0x10 [ 1646.197045][T16811] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1646.197078][T16811] ? ksys_write+0x230/0x260 [ 1646.197099][T16811] ? __pfx_ksys_write+0x10/0x10 [ 1646.197124][T16811] __x64_sys_bpf+0x7c/0x90 [ 1646.197142][T16811] do_syscall_64+0xfa/0xf80 [ 1646.197164][T16811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1646.197182][T16811] ? clear_bhb_loop+0x60/0xb0 [ 1646.197203][T16811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1646.197219][T16811] RIP: 0033:0x7f3abe55f749 [ 1646.197234][T16811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1646.197249][T16811] RSP: 002b:00007f3abc7be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1646.197267][T16811] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55f749 [ 1646.197281][T16811] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005 [ 1646.197292][T16811] RBP: 00007f3abc7be090 R08: 0000000000000000 R09: 0000000000000000 [ 1646.197303][T16811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1646.197315][T16811] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1646.197365][T16811] [ 1646.199059][T16811] Mem-Info: [ 1646.199070][T16811] active_anon:264 inactive_anon:6240 isolated_anon:0 [ 1646.199070][T16811] active_file:22237 inactive_file:36171 isolated_file:0 [ 1646.199070][T16811] unevictable:768 dirty:108 writeback:0 [ 1646.199070][T16811] slab_reclaimable:12116 slab_unreclaimable:102668 [ 1646.199070][T16811] mapped:30317 shmem:1373 pagetables:1544 [ 1646.199070][T16811] sec_pagetables:0 bounce:0 [ 1646.199070][T16811] kernel_misc_reclaimable:0 [ 1646.199070][T16811] free:1315625 free_pcp:2431 free_cma:0 [ 1646.199111][T16811] Node 0 active_anon:1056kB inactive_anon:24960kB active_file:88748kB inactive_file:144684kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121268kB dirty:428kB writeback:0kB shmem:3956kB kernel_stack:13956kB pagetables:6016kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1646.199146][T16811] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1646.199181][T16811] Node 0 DMA free:15328kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1646.199235][T16811] lowmem_reserve[]: 0 2514 2516 2516 2516 [ 1646.199264][T16811] Node 0 DMA32 free:1346056kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1056kB inactive_anon:24960kB active_file:88748kB inactive_file:144684kB unevictable:1536kB writepending:428kB zspages:0kB present:3129332kB managed:2575332kB mlocked:0kB bounce:0kB free_pcp:9724kB local_pcp:6568kB free_cma:0kB [ 1646.199325][T16811] lowmem_reserve[]: 0 0 1 1 1 [ 1646.199356][T16811] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1646.199406][T16811] lowmem_reserve[]: 0 0 0 0 0 [ 1646.199436][T16811] Node 1 Normal free:3901116kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1646.199485][T16811] lowmem_reserve[]: 0 0 0 0 0 [ 1646.199512][T16811] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB [ 1646.199625][T16811] Node 0 DMA32: 1246*4kB (UM) 1004*8kB (UME) 569*16kB (UME) 377*32kB (UME) 148*64kB (UME) 127*128kB (UME) 214*256kB (UM) 99*512kB (UME) 35*1024kB (UME) 9*2048kB (UME) 275*4096kB (UME) = 1346056kB [ 1646.199757][T16811] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1646.199841][T16811] Node 1 Normal: 189*4kB (UME) 47*8kB (UME) 35*16kB (UME) 219*32kB (UME) 95*64kB (UME) 34*128kB (UME) 14*256kB (UME) 9*512kB (UME) 1*1024kB (M) 1*2048kB (E) 945*4096kB (M) = 3901116kB [ 1646.200001][T16811] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1646.200017][T16811] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1646.200032][T16811] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1646.200045][T16811] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1646.200059][T16811] 59777 total pagecache pages [ 1646.200066][T16811] 0 pages in swap cache [ 1646.200072][T16811] Free swap = 124996kB [ 1646.200079][T16811] Total swap = 124996kB [ 1646.200086][T16811] 2097051 pages RAM [ 1646.200093][T16811] 0 pages HighMem/MovableOnly [ 1646.200099][T16811] 421192 pages reserved [ 1646.200106][T16811] 0 pages cma reserved [ 1647.779596][T16826] netlink: 'syz.6.2421': attribute type 2 has an invalid length. [ 1648.044523][ T6002] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 1648.197130][ T6002] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1648.197156][ T6002] usb 6-1: config 0 has no interfaces? [ 1648.198619][ T6002] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1648.198643][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1648.198660][ T6002] usb 6-1: SerialNumber: syz [ 1648.217947][ T6002] usb 6-1: config 0 descriptor?? [ 1648.379728][T16834] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1648.436433][T10854] usb 6-1: USB disconnect, device number 10 [ 1648.439371][T16832] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1649.005988][T16845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1651.609969][T16864] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1651.863147][T16868] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1654.207567][T11408] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1654.382040][T11408] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1654.382072][T11408] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1654.382110][T11408] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1654.382131][T11408] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1654.434487][T11408] usb 5-1: config 0 descriptor?? [ 1654.514712][ T5137] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 1654.572432][T16896] FAULT_INJECTION: forcing a failure. [ 1654.572432][T16896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1654.572466][T16896] CPU: 1 UID: 0 PID: 16896 Comm: syz.3.2448 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1654.572481][T16896] Tainted: [L]=SOFTLOCKUP [ 1654.572485][T16896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1654.572491][T16896] Call Trace: [ 1654.572496][T16896] [ 1654.572501][T16896] dump_stack_lvl+0x189/0x250 [ 1654.572528][T16896] ? __pfx____ratelimit+0x10/0x10 [ 1654.572552][T16896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1654.572572][T16896] ? __pfx__printk+0x10/0x10 [ 1654.572602][T16896] should_fail_ex+0x46c/0x600 [ 1654.572628][T16896] _copy_from_user+0x2d/0xb0 [ 1654.572655][T16896] snd_rawmidi_kernel_write1+0x395/0x620 [ 1654.572796][T16896] snd_rawmidi_write+0x5ae/0xbd0 [ 1654.572829][T16896] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1654.572847][T16896] ? __asan_memset+0x22/0x50 [ 1654.572865][T16896] ? __import_iovec+0x40e/0x7f0 [ 1654.572898][T16896] ? rw_verify_area+0x25b/0x4e0 [ 1654.572921][T16896] vfs_writev+0x4bf/0x970 [ 1654.572945][T16896] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1654.572967][T16896] ? __pfx_vfs_writev+0x10/0x10 [ 1654.573003][T16896] ? __fget_files+0x2a/0x420 [ 1654.573028][T16896] ? __fget_files+0x3a6/0x420 [ 1654.573048][T16896] ? __fget_files+0x2a/0x420 [ 1654.573078][T16896] do_writev+0x153/0x2d0 [ 1654.573102][T16896] ? __pfx_do_writev+0x10/0x10 [ 1654.573127][T16896] ? do_syscall_64+0xbe/0xf80 [ 1654.573153][T16896] do_syscall_64+0xfa/0xf80 [ 1654.573183][T16896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1654.573200][T16896] ? clear_bhb_loop+0x60/0xb0 [ 1654.573221][T16896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1654.573239][T16896] RIP: 0033:0x7f5c8fe5f749 [ 1654.573255][T16896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1654.573270][T16896] RSP: 002b:00007f5c8e0c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1654.573290][T16896] RAX: ffffffffffffffda RBX: 00007f5c900b5fa0 RCX: 00007f5c8fe5f749 [ 1654.573303][T16896] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000006 [ 1654.573313][T16896] RBP: 00007f5c8e0c6090 R08: 0000000000000000 R09: 0000000000000000 [ 1654.573324][T16896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.573334][T16896] R13: 00007f5c900b6038 R14: 00007f5c900b5fa0 R15: 00007ffc27156b28 [ 1654.573365][T16896] [ 1654.667280][ T5137] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1654.667306][ T5137] usb 2-1: config 0 has no interfaces? [ 1654.668983][ T5137] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1654.669006][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1654.669023][ T5137] usb 2-1: SerialNumber: syz [ 1654.693029][ T5137] usb 2-1: config 0 descriptor?? [ 1654.705617][T16900] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1655.038756][ T5137] usb 2-1: USB disconnect, device number 22 [ 1655.202676][T11408] usbhid 5-1:0.0: can't add hid device: -71 [ 1655.202788][T11408] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1655.243734][T11408] usb 5-1: USB disconnect, device number 31 [ 1655.409674][T16909] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1657.133417][T16931] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1657.664420][T15632] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1658.786833][T15632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1658.786865][T15632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1658.786901][T15632] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1658.786921][T15632] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1658.885891][T15632] usb 2-1: config 0 descriptor?? [ 1660.882445][T15632] usbhid 2-1:0.0: can't add hid device: -71 [ 1660.882575][T15632] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1660.903980][T15632] usb 2-1: USB disconnect, device number 23 [ 1661.335513][T16974] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1661.495842][T16981] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1661.641489][T16985] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1665.023111][T17016] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1665.336602][T17026] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1665.384391][ T9666] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 1665.540831][ T9666] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1665.540864][ T9666] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1665.540905][ T9666] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1665.540925][ T9666] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1665.593904][T17020] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1665.594028][T17020] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1665.623573][ T9666] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1665.985187][T17020] usb usb1: usbfs: process 17020 (syz.4.2488) did not claim interface 8 before use [ 1666.954156][T11408] usb 5-1: USB disconnect, device number 32 [ 1667.888112][T17057] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1668.164465][T11408] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1668.448953][T11408] usb 6-1: Using ep0 maxpacket: 16 [ 1668.453908][T11408] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1668.453938][T11408] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1668.453958][T11408] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1668.453992][T11408] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1668.454003][T11408] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1669.364187][T11408] usb 6-1: config 0 descriptor?? [ 1669.701807][T17083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1669.715981][T15632] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1670.148426][T15632] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1670.148463][T15632] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1670.148592][T15632] usb 7-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1670.148657][T15632] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1670.332641][T15632] usb 7-1: config 0 descriptor?? [ 1672.769013][T11408] usbhid 6-1:0.0: can't add hid device: -71 [ 1672.769121][T11408] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1672.803455][T11408] usb 6-1: USB disconnect, device number 11 [ 1672.919876][T15632] usbhid 7-1:0.0: can't add hid device: -71 [ 1672.919997][T15632] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1672.924228][T15632] usb 7-1: USB disconnect, device number 13 [ 1674.171387][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 1674.171460][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 1675.384197][T17126] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1675.677805][T17132] bpf: Bad value for 'uid' [ 1676.100092][T15632] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1676.305212][T15632] usb 2-1: device descriptor read/64, error -71 [ 1677.936108][T15632] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1678.064396][T15632] usb 2-1: device descriptor read/64, error -71 [ 1678.177592][T15632] usb usb2-port1: attempt power cycle [ 1678.530969][T15632] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1678.547982][T15632] usb 2-1: device descriptor read/8, error -71 [ 1678.548514][T17158] ptrace attach of "./syz-executor exec"[12170] was attempted by "./syz-executor exec"[17158] [ 1679.126841][T17173] overlayfs: failed to resolve './file0': -2 [ 1682.634452][T15632] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1682.784558][T17090] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 1682.936758][T17090] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1682.936788][T17090] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1682.936828][T17090] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1682.936849][T17090] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1683.127232][ T5951] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1683.177361][T15632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1683.177392][T15632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1683.177429][T15632] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1683.177457][T15632] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1683.188912][T15632] usb 2-1: config 0 descriptor?? [ 1683.260803][T17090] usb 7-1: GET_CAPABILITIES returned 0 [ 1683.260853][T17090] usbtmc 7-1:16.0: can't read capabilities [ 1683.314392][ T5951] usb 5-1: Using ep0 maxpacket: 32 [ 1683.316661][ T5951] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1683.316687][ T5951] usb 5-1: config 0 has no interface number 0 [ 1683.316732][ T5951] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1683.316755][ T5951] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1683.316790][ T5951] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1683.316810][ T5951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1683.323208][ T5951] usb 5-1: config 0 descriptor?? [ 1683.354475][ T5817] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 1683.510157][ T5817] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1683.510183][ T5817] usb 4-1: config 0 has no interfaces? [ 1683.512626][ T5817] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1683.512650][ T5817] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1683.512668][ T5817] usb 4-1: SerialNumber: syz [ 1683.585211][ T5817] usb 4-1: config 0 descriptor?? [ 1683.721631][T15632] usbhid 2-1:0.0: can't add hid device: -71 [ 1683.721755][T15632] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1683.763714][T15632] usb 2-1: USB disconnect, device number 28 [ 1683.819641][T17090] usb 4-1: USB disconnect, device number 32 [ 1683.918943][ T5817] usb 7-1: USB disconnect, device number 14 [ 1683.983329][T17199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1683.989939][T17199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1684.000048][T17199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1684.001713][T17199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1684.006279][ T5951] uclogic 0003:28BD:0094.0004: failed retrieving string descriptor #100: -71 [ 1684.006338][ T5951] uclogic 0003:28BD:0094.0004: failed retrieving pen parameters: -71 [ 1684.006354][ T5951] uclogic 0003:28BD:0094.0004: pen probing failed: -71 [ 1684.006369][ T5951] uclogic 0003:28BD:0094.0004: failed probing parameters: -71 [ 1684.006465][ T5951] uclogic 0003:28BD:0094.0004: probe with driver uclogic failed with error -71 [ 1684.066837][ T5951] usb 5-1: USB disconnect, device number 33 [ 1686.486025][T17249] FAULT_INJECTION: forcing a failure. [ 1686.486025][T17249] name failslab, interval 1, probability 0, space 0, times 0 [ 1686.486061][T17249] CPU: 1 UID: 0 PID: 17249 Comm: syz.5.2561 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1686.486084][T17249] Tainted: [L]=SOFTLOCKUP [ 1686.486089][T17249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1686.486099][T17249] Call Trace: [ 1686.486107][T17249] [ 1686.486114][T17249] dump_stack_lvl+0x189/0x250 [ 1686.486139][T17249] ? __pfx____ratelimit+0x10/0x10 [ 1686.486161][T17249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1686.486182][T17249] ? __pfx__printk+0x10/0x10 [ 1686.486206][T17249] ? __pfx___might_resched+0x10/0x10 [ 1686.486229][T17249] should_fail_ex+0x46c/0x600 [ 1686.486256][T17249] should_failslab+0xa8/0x100 [ 1686.486280][T17249] __kmalloc_noprof+0xcc/0x7e0 [ 1686.486298][T17249] ? kfree+0x4d/0x900 [ 1686.486311][T17249] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1686.486338][T17249] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1686.486360][T17249] ? tomoyo_domain+0xd9/0x130 [ 1686.486388][T17249] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1686.486407][T17249] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1686.486430][T17249] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1686.486455][T17249] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1686.486476][T17249] ? lockdep_hardirqs_on+0x98/0x140 [ 1686.486528][T17249] ? __fget_files+0x2a/0x420 [ 1686.486555][T17249] ? __fget_files+0x3a6/0x420 [ 1686.486575][T17249] ? __fget_files+0x2a/0x420 [ 1686.486601][T17249] security_file_ioctl+0xcb/0x2d0 [ 1686.486624][T17249] __se_sys_ioctl+0x47/0x170 [ 1686.486645][T17249] do_syscall_64+0xfa/0xf80 [ 1686.486668][T17249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1686.486685][T17249] ? clear_bhb_loop+0x60/0xb0 [ 1686.486705][T17249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1686.486721][T17249] RIP: 0033:0x7f3abe55f749 [ 1686.486738][T17249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1686.486752][T17249] RSP: 002b:00007f3abc7be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1686.486771][T17249] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55f749 [ 1686.486784][T17249] RDX: 0000200000000180 RSI: 0000000000003b82 RDI: 0000000000000003 [ 1686.486802][T17249] RBP: 00007f3abc7be090 R08: 0000000000000000 R09: 0000000000000000 [ 1686.486813][T17249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1686.486824][T17249] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1686.486855][T17249] [ 1686.486863][T17249] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1687.199304][T17252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2563'. [ 1688.896257][T17273] smk_cipso_doi:679 remove rc = -2 [ 1688.896318][T17273] smk_cipso_doi:692 cipso add rc = -17 [ 1688.925680][T17267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2568'. [ 1688.974945][T17267] 9pnet_fd: Insufficient options for proto=fd [ 1690.421448][T17302] overlayfs: failed to resolve './file0': -2 [ 1692.162595][T17305] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1693.531403][T17316] Bluetooth: hci0: invalid length 0, exp 2 for type 21 [ 1698.844409][ T6002] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1699.004562][ T6002] usb 7-1: Using ep0 maxpacket: 32 [ 1699.006673][ T6002] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 1699.006699][ T6002] usb 7-1: config 0 has no interface number 0 [ 1699.009637][ T6002] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1699.009663][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1699.009689][ T6002] usb 7-1: Product: syz [ 1699.009702][ T6002] usb 7-1: Manufacturer: syz [ 1699.009714][ T6002] usb 7-1: SerialNumber: syz [ 1699.080348][ T6002] usb 7-1: config 0 descriptor?? [ 1699.094688][ T6002] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1700.098960][ T6002] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1700.178274][ T6002] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1700.391747][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1700.392642][ T43] usb 7-1: USB disconnect, device number 15 [ 1700.477132][ T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1700.533806][ T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1700.537619][ T43] quatech2 7-1:0.51: device disconnected [ 1701.035528][T17375] overlayfs: missing 'workdir' [ 1701.086179][T17375] fuse: Bad value for 'fd' [ 1701.484577][ T43] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 1702.558401][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1702.558427][ T43] usb 4-1: config 0 has no interfaces? [ 1702.559931][ T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1702.559957][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1702.559975][ T43] usb 4-1: SerialNumber: syz [ 1702.571796][ T43] usb 4-1: config 0 descriptor?? [ 1702.799349][T10854] usb 4-1: USB disconnect, device number 33 [ 1703.093157][ T37] audit: type=1800 audit(1764901364.448:37): pid=17386 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2606" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 1703.855642][T17397] netlink: 'syz.4.2611': attribute type 83 has an invalid length. [ 1704.123074][T17414] netlink: 'syz.3.2617': attribute type 4 has an invalid length. [ 1704.830235][T10854] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1705.711763][T10854] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1705.711795][T10854] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1705.711832][T10854] usb 7-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1705.711852][T10854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1705.752383][T17439] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2625'. [ 1705.769780][T10854] usb 7-1: config 0 descriptor?? [ 1705.838228][T17439] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1706.197331][T17450] FAULT_INJECTION: forcing a failure. [ 1706.197331][T17450] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1706.197361][T17450] CPU: 1 UID: 0 PID: 17450 Comm: syz.5.2632 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1706.197380][T17450] Tainted: [L]=SOFTLOCKUP [ 1706.197385][T17450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1706.197393][T17450] Call Trace: [ 1706.197399][T17450] [ 1706.197405][T17450] dump_stack_lvl+0x189/0x250 [ 1706.197428][T17450] ? __pfx____ratelimit+0x10/0x10 [ 1706.197446][T17450] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1706.197462][T17450] ? __pfx__printk+0x10/0x10 [ 1706.197486][T17450] should_fail_ex+0x46c/0x600 [ 1706.197508][T17450] _copy_to_user+0x31/0xb0 [ 1706.197529][T17450] simple_read_from_buffer+0xe1/0x170 [ 1706.197550][T17450] proc_fail_nth_read+0x1b6/0x220 [ 1706.197569][T17450] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1706.197587][T17450] ? rw_verify_area+0x2ac/0x4e0 [ 1706.197601][T17450] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1706.197617][T17450] vfs_read+0x206/0xa30 [ 1706.197639][T17450] ? __pfx_vfs_read+0x10/0x10 [ 1706.197651][T17450] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1706.197683][T17450] ? mutex_lock_nested+0x154/0x1d0 [ 1706.197696][T17450] ? fdget_pos+0x253/0x320 [ 1706.197721][T17450] ksys_read+0x14b/0x260 [ 1706.197738][T17450] ? __pfx_ksys_read+0x10/0x10 [ 1706.197755][T17450] ? do_syscall_64+0xbe/0xf80 [ 1706.197776][T17450] do_syscall_64+0xfa/0xf80 [ 1706.197794][T17450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1706.197806][T17450] ? clear_bhb_loop+0x60/0xb0 [ 1706.197822][T17450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1706.197834][T17450] RIP: 0033:0x7f3abe55e15c [ 1706.197847][T17450] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1706.197858][T17450] RSP: 002b:00007f3abc7be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1706.197873][T17450] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55e15c [ 1706.197882][T17450] RDX: 000000000000000f RSI: 00007f3abc7be0a0 RDI: 0000000000000007 [ 1706.197890][T17450] RBP: 00007f3abc7be090 R08: 0000000000000000 R09: 0000000000000000 [ 1706.197898][T17450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1706.197906][T17450] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1706.197929][T17450] [ 1706.305987][T17448] loop8: detected capacity change from 0 to 8 [ 1706.465138][T10854] usbhid 7-1:0.0: can't add hid device: -71 [ 1706.465259][T10854] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1706.497631][T10854] usb 7-1: USB disconnect, device number 16 [ 1706.579465][T17268] Dev loop8: unable to read RDB block 8 [ 1706.579526][T17268] loop8: unable to read partition table [ 1706.579782][T17268] loop8: partition table beyond EOD, truncated [ 1706.648430][T17448] Dev loop8: unable to read RDB block 8 [ 1706.648477][T17448] loop8: unable to read partition table [ 1706.648730][T17448] loop8: partition table beyond EOD, truncated [ 1706.654095][T17448] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 1709.311782][T10854] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 1709.404484][ T5137] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 1709.557065][ T5137] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1709.557096][ T5137] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1709.557136][ T5137] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1709.557157][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.720741][T10854] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1709.720767][T10854] usb 7-1: config 0 has no interfaces? [ 1709.722696][T10854] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1709.722723][T10854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1709.722741][T10854] usb 7-1: SerialNumber: syz [ 1709.736836][T10854] usb 7-1: config 0 descriptor?? [ 1710.103062][T10854] usb 7-1: USB disconnect, device number 17 [ 1710.128167][ T5137] usb 2-1: GET_CAPABILITIES returned 0 [ 1710.128213][ T5137] usbtmc 2-1:16.0: can't read capabilities [ 1710.656252][ T5137] usb 2-1: USB disconnect, device number 29 [ 1711.778013][ T5951] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1711.928034][ T5951] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1711.932432][ T5951] usb 7-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=76.6a [ 1711.932459][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1711.932478][ T5951] usb 7-1: Product: syz [ 1711.932491][ T5951] usb 7-1: Manufacturer: syz [ 1711.932503][ T5951] usb 7-1: SerialNumber: syz [ 1712.882461][T17510] ptrace attach of "./syz-executor exec"[5803] was attempted by "./syz-executor exec"[17510] [ 1712.963204][ T5951] usb 7-1: config 0 descriptor?? [ 1712.964064][T17500] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1713.221580][ T6002] usb 7-1: USB disconnect, device number 18 [ 1714.728964][T11337] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1714.729507][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 1714.934460][T11337] usb 2-1: device descriptor read/64, error -32 [ 1715.554685][T11337] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1715.719530][T11337] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1715.719568][T11337] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1715.719691][T11337] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1715.719749][T11337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1716.187973][T11337] usb 2-1: config 0 descriptor?? [ 1716.308533][T11337] usbhid 2-1:0.0: can't add hid device: -71 [ 1716.308646][T11337] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1716.374613][T11337] usb 2-1: USB disconnect, device number 31 [ 1716.565679][T17533] FAULT_INJECTION: forcing a failure. [ 1716.565679][T17533] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.565714][T17533] CPU: 0 UID: 0 PID: 17533 Comm: syz.4.2660 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1716.565739][T17533] Tainted: [L]=SOFTLOCKUP [ 1716.565745][T17533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1716.565757][T17533] Call Trace: [ 1716.565764][T17533] [ 1716.565773][T17533] dump_stack_lvl+0x189/0x250 [ 1716.565800][T17533] ? __pfx____ratelimit+0x10/0x10 [ 1716.565823][T17533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1716.565844][T17533] ? __pfx__printk+0x10/0x10 [ 1716.565866][T17533] ? __pfx___might_resched+0x10/0x10 [ 1716.565889][T17533] should_fail_ex+0x46c/0x600 [ 1716.565916][T17533] ? getname_flags+0xb8/0x540 [ 1716.565936][T17533] should_failslab+0xa8/0x100 [ 1716.565960][T17533] ? getname_flags+0xb8/0x540 [ 1716.565978][T17533] kmem_cache_alloc_noprof+0x6f/0x6d0 [ 1716.565999][T17533] ? strncpy_from_user+0x150/0x2c0 [ 1716.566023][T17533] getname_flags+0xb8/0x540 [ 1716.566049][T17533] __x64_sys_renameat2+0xba/0xe0 [ 1716.566074][T17533] do_syscall_64+0xfa/0xf80 [ 1716.566098][T17533] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1716.566115][T17533] ? clear_bhb_loop+0x60/0xb0 [ 1716.566136][T17533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1716.566152][T17533] RIP: 0033:0x7fbe265ef749 [ 1716.566170][T17533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1716.566185][T17533] RSP: 002b:00007fbe2484e038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 1716.566205][T17533] RAX: ffffffffffffffda RBX: 00007fbe26845fa0 RCX: 00007fbe265ef749 [ 1716.566218][T17533] RDX: ffffffffffffff9c RSI: 0000200000000580 RDI: ffffffffffffff9c [ 1716.566231][T17533] RBP: 00007fbe2484e090 R08: 0000000000000000 R09: 0000000000000000 [ 1716.566243][T17533] R10: 00002000000005c0 R11: 0000000000000246 R12: 0000000000000001 [ 1716.566254][T17533] R13: 00007fbe26846038 R14: 00007fbe26845fa0 R15: 00007ffc50cd8328 [ 1716.566286][T17533] [ 1717.625196][T17541] ptrace attach of "./syz-executor exec"[12170] was attempted by "./syz-executor exec"[17541] [ 1717.774509][ T191] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 1718.716949][ T191] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1718.716975][ T191] usb 4-1: config 0 has no interfaces? [ 1718.718741][ T191] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1718.718767][ T191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1718.718785][ T191] usb 4-1: SerialNumber: syz [ 1718.779380][ T191] usb 4-1: config 0 descriptor?? [ 1718.918559][T17553] netlink: 'syz.5.2665': attribute type 83 has an invalid length. [ 1718.993288][ T191] usb 4-1: USB disconnect, device number 34 [ 1719.366758][T17560] netlink: 'syz.5.2668': attribute type 83 has an invalid length. [ 1719.374401][ T5817] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1720.547112][ T5817] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1720.547144][ T5817] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1720.547182][ T5817] usb 7-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1720.547202][ T5817] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1720.552855][ T5817] usb 7-1: config 0 descriptor?? [ 1720.877681][ T5817] usbhid 7-1:0.0: can't add hid device: -71 [ 1720.877806][ T5817] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1720.914826][ T5817] usb 7-1: USB disconnect, device number 19 [ 1720.962784][T17570] netlink: 1 bytes leftover after parsing attributes in process `syz.5.2671'. [ 1721.200167][T17583] netlink: 'syz.5.2677': attribute type 83 has an invalid length. [ 1722.378980][T16189] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1722.627828][T16189] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1722.627860][T16189] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1722.627896][T16189] usb 2-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1722.627917][T16189] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1722.679669][T16189] usb 2-1: config 0 descriptor?? [ 1723.154486][T11337] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 1723.238827][T16189] usbhid 2-1:0.0: can't add hid device: -71 [ 1723.238949][T16189] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1723.254531][T16189] usb 2-1: USB disconnect, device number 32 [ 1723.264531][ T5892] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1723.440293][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1723.440326][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1723.440363][ T5892] usb 7-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1723.440384][ T5892] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1723.495736][ T5892] usb 7-1: config 0 descriptor?? [ 1723.666692][T11337] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1723.666718][T11337] usb 4-1: config 0 has no interfaces? [ 1723.668175][T11337] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1723.668206][T11337] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1723.668224][T11337] usb 4-1: SerialNumber: syz [ 1723.673627][T11337] usb 4-1: config 0 descriptor?? [ 1723.889988][T16189] usb 4-1: USB disconnect, device number 35 [ 1724.011121][ T5892] usbhid 7-1:0.0: can't add hid device: -71 [ 1724.011245][ T5892] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1724.035142][ T5892] usb 7-1: USB disconnect, device number 20 [ 1724.122608][T17620] netlink: 'syz.5.2691': attribute type 83 has an invalid length. [ 1725.703430][T17637] ptrace attach of "./syz-executor exec"[13531] was attempted by "./syz-executor exec"[17637] [ 1726.544712][T17090] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 1726.706788][T17090] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1726.706815][T17090] usb 2-1: config 0 has no interfaces? [ 1726.710329][T17090] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1726.710355][T17090] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1726.710372][T17090] usb 2-1: Product: syz [ 1726.710385][T17090] usb 2-1: Manufacturer: syz [ 1726.710398][T17090] usb 2-1: SerialNumber: syz [ 1726.779380][T17090] usb 2-1: config 0 descriptor?? [ 1726.851155][T17649] netlink: 'syz.5.2702': attribute type 83 has an invalid length. [ 1729.519100][ T5951] usb 2-1: USB disconnect, device number 33 [ 1730.558183][T17685] netlink: 'syz.6.2715': attribute type 4 has an invalid length. [ 1732.244475][T11337] usb 7-1: new full-speed USB device number 21 using dummy_hcd [ 1732.333261][T17713] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1732.463375][ T5817] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 1733.026961][T11337] usb 7-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1733.026988][T11337] usb 7-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 1733.027006][T11337] usb 7-1: config 255 has 0 interfaces, different from the descriptor's value: 223 [ 1733.031910][T11337] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1733.031928][T11337] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1733.031938][T11337] usb 7-1: Product: syz [ 1733.031945][T11337] usb 7-1: Manufacturer: syz [ 1733.031952][T11337] usb 7-1: SerialNumber: syz [ 1733.161499][ T5817] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1733.161525][ T5817] usb 5-1: config 0 has no interfaces? [ 1733.182952][ T5817] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1733.182979][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1733.182997][ T5817] usb 5-1: Product: syz [ 1733.183009][ T5817] usb 5-1: Manufacturer: syz [ 1733.183022][ T5817] usb 5-1: SerialNumber: syz [ 1733.260685][ T5817] usb 5-1: config 0 descriptor?? [ 1733.397181][ T37] audit: type=1800 audit(1764901394.758:38): pid=17705 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2721" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 1733.484409][ T10] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 1733.637922][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1733.637947][ T10] usb 6-1: config 0 has no interfaces? [ 1733.642843][ T10] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1733.642872][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1733.642891][ T10] usb 6-1: Product: syz [ 1733.642903][ T10] usb 6-1: Manufacturer: syz [ 1733.642915][ T10] usb 6-1: SerialNumber: syz [ 1733.647596][ T10] usb 6-1: config 0 descriptor?? [ 1733.960526][ T37] audit: type=1800 audit(1764901395.318:39): pid=17723 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2729" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 1734.164652][ T10] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 1734.320127][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1734.320153][ T10] usb 4-1: config 0 has no interfaces? [ 1734.321691][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1734.321717][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1734.321735][ T10] usb 4-1: SerialNumber: syz [ 1734.343397][ T10] usb 4-1: config 0 descriptor?? [ 1734.556388][ T10] usb 4-1: USB disconnect, device number 36 [ 1734.969318][ T10] usb 7-1: USB disconnect, device number 21 [ 1735.144168][ T5817] usb 5-1: USB disconnect, device number 34 [ 1735.488509][T17738] overlayfs: missing 'workdir' [ 1735.510409][T17738] fuse: Bad value for 'fd' [ 1735.611407][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.611475][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.862771][T17747] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1735.970924][ T37] audit: type=1800 audit(1764901397.328:40): pid=17744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2738" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 1736.165371][ T5817] usb 6-1: USB disconnect, device number 12 [ 1738.024420][ T5817] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1738.121525][T17775] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[17775] [ 1738.176923][ T5817] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1738.176955][ T5817] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1738.176990][ T5817] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1738.177012][ T5817] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1738.204421][T11337] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 1738.216104][ T5817] usb 6-1: config 0 descriptor?? [ 1738.267242][ T5877] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 1738.357413][T11337] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1738.357438][T11337] usb 4-1: config 0 has no interfaces? [ 1738.359414][T11337] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1738.359440][T11337] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1738.359458][T11337] usb 4-1: SerialNumber: syz [ 1738.376641][T11337] usb 4-1: config 0 descriptor?? [ 1738.420946][ T5877] usb 7-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1738.420972][ T5877] usb 7-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 1738.420990][ T5877] usb 7-1: config 255 has 0 interfaces, different from the descriptor's value: 223 [ 1738.461250][ T5877] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1738.461660][ T5877] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1738.461680][ T5877] usb 7-1: Product: syz [ 1738.461693][ T5877] usb 7-1: Manufacturer: syz [ 1738.461706][ T5877] usb 7-1: SerialNumber: syz [ 1738.545049][T17777] overlayfs: missing 'workdir' [ 1738.592858][ T5877] usb 4-1: USB disconnect, device number 37 [ 1738.595435][T17778] fuse: Bad value for 'fd' [ 1738.778204][T17762] binder: BINDER_SET_CONTEXT_MGR already set [ 1738.778219][T17762] binder: 17759:17762 ioctl 4018620d 2000000001c0 returned -16 [ 1738.854487][ T5817] usbhid 6-1:0.0: can't add hid device: -71 [ 1738.854609][ T5817] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1738.875238][ T5817] usb 6-1: USB disconnect, device number 13 [ 1739.044387][T17783] FAULT_INJECTION: forcing a failure. [ 1739.044387][T17783] name failslab, interval 1, probability 0, space 0, times 0 [ 1739.044422][T17783] CPU: 0 UID: 0 PID: 17783 Comm: syz.1.2751 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1739.044447][T17783] Tainted: [L]=SOFTLOCKUP [ 1739.044453][T17783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1739.044472][T17783] Call Trace: [ 1739.044479][T17783] [ 1739.044486][T17783] dump_stack_lvl+0x189/0x250 [ 1739.044513][T17783] ? __pfx____ratelimit+0x10/0x10 [ 1739.044536][T17783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1739.044555][T17783] ? __pfx__printk+0x10/0x10 [ 1739.044576][T17783] ? __pfx___might_resched+0x10/0x10 [ 1739.044593][T17783] ? fs_reclaim_acquire+0x7d/0x100 [ 1739.044617][T17783] should_fail_ex+0x46c/0x600 [ 1739.044636][T17783] ? getname_flags+0xb8/0x540 [ 1739.044650][T17783] should_failslab+0xa8/0x100 [ 1739.044664][T17783] ? getname_flags+0xb8/0x540 [ 1739.044676][T17783] kmem_cache_alloc_noprof+0x6f/0x6d0 [ 1739.044692][T17783] getname_flags+0xb8/0x540 [ 1739.044707][T17783] __x64_sys_rmdir+0x3a/0x50 [ 1739.044718][T17783] do_syscall_64+0xfa/0xf80 [ 1739.044734][T17783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1739.044745][T17783] ? clear_bhb_loop+0x60/0xb0 [ 1739.044756][T17783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1739.044766][T17783] RIP: 0033:0x7f11758df749 [ 1739.044776][T17783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1739.044785][T17783] RSP: 002b:00007f1173b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1739.044797][T17783] RAX: ffffffffffffffda RBX: 00007f1175b35fa0 RCX: 00007f11758df749 [ 1739.044805][T17783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 1739.044811][T17783] RBP: 00007f1173b3e090 R08: 0000000000000000 R09: 0000000000000000 [ 1739.044817][T17783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1739.044823][T17783] R13: 00007f1175b36038 R14: 00007f1175b35fa0 R15: 00007ffebf765018 [ 1739.044839][T17783] [ 1739.267743][ T5817] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 1739.414416][ T5817] usb 5-1: Using ep0 maxpacket: 8 [ 1739.418158][ T5817] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 1739.418184][ T5817] usb 5-1: config 179 has no interface number 0 [ 1739.418255][ T5817] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1739.418280][ T5817] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1739.418305][ T5817] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1739.418325][ T5817] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1739.418350][ T5817] usb 5-1: config 179 interface 65 has no altsetting 0 [ 1739.418381][ T5817] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1739.418401][ T5817] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1739.532755][T17792] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1739.817437][ T5817] usb 5-1: USB disconnect, device number 35 [ 1741.759266][ T5817] usb 7-1: USB disconnect, device number 22 [ 1742.005735][T17813] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1742.336526][T17824] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2765'. [ 1743.501013][T17834] ptrace attach of "./syz-executor exec"[5815] was attempted by "./syz-executor exec"[17834] [ 1743.559752][T17836] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1743.597984][ T5951] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 1743.746903][ T5951] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1743.746930][ T5951] usb 6-1: config 0 has no interfaces? [ 1743.748548][ T5951] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1743.748573][ T5951] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1743.748591][ T5951] usb 6-1: SerialNumber: syz [ 1743.757665][ T5951] usb 6-1: config 0 descriptor?? [ 1744.708125][ T5817] usb 6-1: USB disconnect, device number 14 [ 1745.124199][T17856] FAULT_INJECTION: forcing a failure. [ 1745.124199][T17856] name failslab, interval 1, probability 0, space 0, times 0 [ 1745.124234][T17856] CPU: 1 UID: 0 PID: 17856 Comm: syz.6.2773 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1745.124263][T17856] Tainted: [L]=SOFTLOCKUP [ 1745.124269][T17856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1745.124278][T17856] Call Trace: [ 1745.124285][T17856] [ 1745.124293][T17856] dump_stack_lvl+0x189/0x250 [ 1745.124318][T17856] ? __pfx____ratelimit+0x10/0x10 [ 1745.124339][T17856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1745.124358][T17856] ? __pfx__printk+0x10/0x10 [ 1745.124381][T17856] ? __pfx___might_resched+0x10/0x10 [ 1745.124402][T17856] should_fail_ex+0x46c/0x600 [ 1745.124429][T17856] should_failslab+0xa8/0x100 [ 1745.124452][T17856] __kmalloc_cache_noprof+0x6f/0x6d0 [ 1745.124474][T17856] ? bpf_raw_tp_link_attach+0x24e/0x640 [ 1745.124501][T17856] bpf_raw_tp_link_attach+0x24e/0x640 [ 1745.124527][T17856] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 1745.124558][T17856] ? __fget_files+0x2a/0x420 [ 1745.124589][T17856] bpf_raw_tracepoint_open+0x1b8/0x220 [ 1745.124611][T17856] __sys_bpf+0x73e/0x860 [ 1745.124632][T17856] ? __pfx___sys_bpf+0x10/0x10 [ 1745.124646][T17856] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1745.124681][T17856] ? ksys_write+0x230/0x260 [ 1745.124703][T17856] ? __pfx_ksys_write+0x10/0x10 [ 1745.124726][T17856] __x64_sys_bpf+0x7c/0x90 [ 1745.124742][T17856] do_syscall_64+0xfa/0xf80 [ 1745.124764][T17856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1745.124781][T17856] ? clear_bhb_loop+0x60/0xb0 [ 1745.124800][T17856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1745.124824][T17856] RIP: 0033:0x7feeac1af749 [ 1745.124839][T17856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1745.124853][T17856] RSP: 002b:00007feeaa40e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1745.124872][T17856] RAX: ffffffffffffffda RBX: 00007feeac405fa0 RCX: 00007feeac1af749 [ 1745.124884][T17856] RDX: 0000000000000010 RSI: 00002000000002c0 RDI: 0000000000000011 [ 1745.124895][T17856] RBP: 00007feeaa40e090 R08: 0000000000000000 R09: 0000000000000000 [ 1745.124907][T17856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1745.124917][T17856] R13: 00007feeac406038 R14: 00007feeac405fa0 R15: 00007ffeb3804a68 [ 1745.124948][T17856] [ 1745.258794][T17859] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1746.791172][T17872] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1748.685057][ T9666] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 1749.654384][ T9666] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1749.654415][ T9666] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1749.654454][ T9666] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1749.654474][ T9666] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1749.829140][ T9666] usb 6-1: usb_control_msg returned -71 [ 1749.829187][ T9666] usbtmc 6-1:16.0: can't read capabilities [ 1749.864586][ T191] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1749.870918][ T9666] usb 6-1: USB disconnect, device number 15 [ 1750.027489][ T191] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1750.027521][ T191] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1750.027558][ T191] usb 4-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1750.027579][ T191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1750.039476][ T191] usb 4-1: config 0 descriptor?? [ 1750.044451][T16189] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1751.140816][T16189] usb 7-1: device descriptor read/64, error -71 [ 1751.494954][T16189] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 1751.634470][T16189] usb 7-1: device descriptor read/64, error -71 [ 1751.733007][ T9666] usb 6-1: new full-speed USB device number 16 using dummy_hcd [ 1751.744981][T16189] usb usb7-port1: attempt power cycle [ 1751.889172][ T9666] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1751.889200][ T9666] usb 6-1: config 0 has no interfaces? [ 1751.890948][ T9666] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1751.890976][ T9666] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1751.890994][ T9666] usb 6-1: SerialNumber: syz [ 1751.901836][ T9666] usb 6-1: config 0 descriptor?? [ 1751.998030][ T191] usbhid 4-1:0.0: can't add hid device: -71 [ 1751.998161][ T191] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1752.006552][ T191] usb 4-1: USB disconnect, device number 38 [ 1752.326871][T16189] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 1752.852778][ T9666] usb 6-1: USB disconnect, device number 16 [ 1752.860499][T16189] usb 7-1: device descriptor read/8, error -71 [ 1753.298639][T17927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2797'. [ 1753.804229][T17932] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1755.335344][T17940] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1757.785018][ T6002] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1758.494409][T16189] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 1758.517619][T16189] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1758.517650][T16189] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1758.517687][T16189] usb 7-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1758.517708][T16189] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1758.678071][T16189] usb 7-1: config 0 descriptor?? [ 1758.694525][ T6002] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1758.694556][ T6002] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1758.694590][ T6002] usb 4-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1758.694610][ T6002] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1758.862937][T17968] fuse: Bad value for 'fd' [ 1758.863884][T17968] FAULT_INJECTION: forcing a failure. [ 1758.863884][T17968] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.863914][T17968] CPU: 1 UID: 0 PID: 17968 Comm: syz.1.2808 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1758.863945][T17968] Tainted: [L]=SOFTLOCKUP [ 1758.863956][T17968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1758.863967][T17968] Call Trace: [ 1758.863975][T17968] [ 1758.863982][T17968] dump_stack_lvl+0x189/0x250 [ 1758.864008][T17968] ? __pfx____ratelimit+0x10/0x10 [ 1758.864031][T17968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1758.864052][T17968] ? __pfx__printk+0x10/0x10 [ 1758.864075][T17968] ? __pfx___might_resched+0x10/0x10 [ 1758.864094][T17968] ? fs_reclaim_acquire+0x7d/0x100 [ 1758.864120][T17968] should_fail_ex+0x46c/0x600 [ 1758.864145][T17968] ? getname_flags+0xb8/0x540 [ 1758.864174][T17968] should_failslab+0xa8/0x100 [ 1758.864197][T17968] ? getname_flags+0xb8/0x540 [ 1758.864216][T17968] kmem_cache_alloc_noprof+0x6f/0x6d0 [ 1758.864245][T17968] getname_flags+0xb8/0x540 [ 1758.864274][T17968] __x64_sys_rmdir+0x3a/0x50 [ 1758.864291][T17968] do_syscall_64+0xfa/0xf80 [ 1758.864314][T17968] ? rcu_is_watching+0x15/0xb0 [ 1758.864330][T17968] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1758.864347][T17968] ? clear_bhb_loop+0x60/0xb0 [ 1758.864368][T17968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1758.864385][T17968] RIP: 0033:0x7f11758df749 [ 1758.864402][T17968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1758.864417][T17968] RSP: 002b:00007f1173afc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1758.864436][T17968] RAX: ffffffffffffffda RBX: 00007f1175b36180 RCX: 00007f11758df749 [ 1758.864449][T17968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 1758.864461][T17968] RBP: 00007f1173afc090 R08: 0000000000000000 R09: 0000000000000000 [ 1758.864472][T17968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1758.864483][T17968] R13: 00007f1175b36218 R14: 00007f1175b36180 R15: 00007ffebf765018 [ 1758.864514][T17968] [ 1759.487329][ T6002] usb 4-1: config 0 descriptor?? [ 1759.490910][ T6002] usb 4-1: can't set config #0, error -71 [ 1759.654930][ T6002] usb 4-1: USB disconnect, device number 39 [ 1759.774673][T17972] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2811'. [ 1760.457430][T17976] FAULT_INJECTION: forcing a failure. [ 1760.457430][T17976] name failslab, interval 1, probability 0, space 0, times 0 [ 1760.457520][T17976] CPU: 0 UID: 0 PID: 17976 Comm: syz.3.2812 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1760.457546][T17976] Tainted: [L]=SOFTLOCKUP [ 1760.457553][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1760.457564][T17976] Call Trace: [ 1760.457571][T17976] [ 1760.457580][T17976] dump_stack_lvl+0x189/0x250 [ 1760.457607][T17976] ? __pfx____ratelimit+0x10/0x10 [ 1760.457633][T17976] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1760.457654][T17976] ? __pfx__printk+0x10/0x10 [ 1760.457678][T17976] ? __pfx___might_resched+0x10/0x10 [ 1760.457701][T17976] should_fail_ex+0x46c/0x600 [ 1760.457727][T17976] ? __alloc_skb+0x255/0x430 [ 1760.457745][T17976] should_failslab+0xa8/0x100 [ 1760.457769][T17976] ? __alloc_skb+0x255/0x430 [ 1760.457783][T17976] kmem_cache_alloc_node_noprof+0x78/0x700 [ 1760.457813][T17976] __alloc_skb+0x255/0x430 [ 1760.457833][T17976] ? __pfx___alloc_skb+0x10/0x10 [ 1760.457860][T17976] alloc_skb_with_frags+0xca/0x890 [ 1760.457975][T17976] ? __lock_acquire+0x6b6/0x2cf0 [ 1760.458004][T17976] sock_alloc_send_pskb+0x859/0x990 [ 1760.458045][T17976] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1760.458072][T17976] ? dev_get_by_index+0x22/0x2e0 [ 1760.458121][T17976] ? dev_get_by_index+0x22/0x2e0 [ 1760.458148][T17976] packet_sendmsg+0x33a0/0x5080 [ 1760.458230][T17976] ? do_raw_spin_lock+0x121/0x290 [ 1760.458269][T17976] ? __lock_acquire+0x6b6/0x2cf0 [ 1760.458299][T17976] ? smack_socket_sendmsg+0x1fa/0x520 [ 1760.458325][T17976] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 1760.458354][T17976] ? __pfx_packet_sendmsg+0x10/0x10 [ 1760.458383][T17976] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 1760.458418][T17976] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1760.458439][T17976] ? __pfx_packet_sendmsg+0x10/0x10 [ 1760.458460][T17976] __sock_sendmsg+0x21c/0x270 [ 1760.458483][T17976] ____sys_sendmsg+0x534/0x810 [ 1760.458509][T17976] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1760.458555][T17976] ? import_iovec+0x74/0xa0 [ 1760.458583][T17976] ___sys_sendmsg+0x21f/0x2a0 [ 1760.458605][T17976] ? __pfx____sys_sendmsg+0x10/0x10 [ 1760.458661][T17976] ? __fget_files+0x2a/0x420 [ 1760.458682][T17976] ? __fget_files+0x3a6/0x420 [ 1760.458715][T17976] __sys_sendmmsg+0x22d/0x430 [ 1760.458740][T17976] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1760.458770][T17976] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1760.458807][T17976] ? ksys_write+0x230/0x260 [ 1760.458829][T17976] ? __pfx_ksys_write+0x10/0x10 [ 1760.458854][T17976] __x64_sys_sendmmsg+0xa0/0xc0 [ 1760.458876][T17976] do_syscall_64+0xfa/0xf80 [ 1760.458899][T17976] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1760.458916][T17976] ? clear_bhb_loop+0x60/0xb0 [ 1760.458937][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1760.458954][T17976] RIP: 0033:0x7f5c8fe5f749 [ 1760.458972][T17976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1760.458987][T17976] RSP: 002b:00007f5c8e0c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1760.459007][T17976] RAX: ffffffffffffffda RBX: 00007f5c900b5fa0 RCX: 00007f5c8fe5f749 [ 1760.459020][T17976] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000012 [ 1760.459032][T17976] RBP: 00007f5c8e0c6090 R08: 0000000000000000 R09: 0000000000000000 [ 1760.459044][T17976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1760.459055][T17976] R13: 00007f5c900b6038 R14: 00007f5c900b5fa0 R15: 00007ffc27156b28 [ 1760.459086][T17976] [ 1760.682735][T16189] usbhid 7-1:0.0: can't add hid device: -71 [ 1760.682850][T16189] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1760.867074][T16189] usb 7-1: USB disconnect, device number 26 [ 1761.005253][T17984] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2814'. [ 1761.006072][T17984] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2814'. [ 1761.006086][T17984] openvswitch: netlink: Flow key attr not present in new flow. [ 1761.832986][T17999] FAULT_INJECTION: forcing a failure. [ 1761.832986][T17999] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.833021][T17999] CPU: 0 UID: 0 PID: 17999 Comm: syz.4.2816 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1761.833047][T17999] Tainted: [L]=SOFTLOCKUP [ 1761.833053][T17999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1761.833063][T17999] Call Trace: [ 1761.833070][T17999] [ 1761.833078][T17999] dump_stack_lvl+0x189/0x250 [ 1761.833105][T17999] ? __pfx____ratelimit+0x10/0x10 [ 1761.833135][T17999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1761.833156][T17999] ? __pfx__printk+0x10/0x10 [ 1761.833179][T17999] ? __pfx___might_resched+0x10/0x10 [ 1761.833197][T17999] ? fs_reclaim_acquire+0x7d/0x100 [ 1761.833224][T17999] should_fail_ex+0x46c/0x600 [ 1761.833250][T17999] ? getname_flags+0xb8/0x540 [ 1761.833271][T17999] should_failslab+0xa8/0x100 [ 1761.833294][T17999] ? getname_flags+0xb8/0x540 [ 1761.833313][T17999] kmem_cache_alloc_noprof+0x6f/0x6d0 [ 1761.833341][T17999] getname_flags+0xb8/0x540 [ 1761.833361][T17999] ? _copy_from_user+0x94/0xb0 [ 1761.833387][T17999] user_path_at+0x24/0x60 [ 1761.833405][T17999] __se_sys_mount+0x2d4/0x410 [ 1761.833435][T17999] ? __pfx___se_sys_mount+0x10/0x10 [ 1761.833461][T17999] ? do_syscall_64+0xbe/0xf80 [ 1761.833482][T17999] ? __x64_sys_mount+0x20/0xc0 [ 1761.833506][T17999] do_syscall_64+0xfa/0xf80 [ 1761.833529][T17999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1761.833547][T17999] ? clear_bhb_loop+0x60/0xb0 [ 1761.833567][T17999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1761.833584][T17999] RIP: 0033:0x7fbe265ef749 [ 1761.833601][T17999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1761.833616][T17999] RSP: 002b:00007fbe2480c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1761.833636][T17999] RAX: ffffffffffffffda RBX: 00007fbe26846180 RCX: 00007fbe265ef749 [ 1761.833649][T17999] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000000 [ 1761.833661][T17999] RBP: 00007fbe2480c090 R08: 0000000000000000 R09: 0000000000000000 [ 1761.833673][T17999] R10: 0000000000001001 R11: 0000000000000246 R12: 0000000000000001 [ 1761.833684][T17999] R13: 00007fbe26846218 R14: 00007fbe26846180 R15: 00007ffc50cd8328 [ 1761.833716][T17999] [ 1764.973197][T18011] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1765.867590][T18023] netlink: 'syz.3.2825': attribute type 83 has an invalid length. [ 1767.334469][T16189] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1767.504389][T16189] usb 5-1: Using ep0 maxpacket: 32 [ 1767.509068][T16189] usb 5-1: config 1 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 1767.509101][T16189] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1767.512233][T16189] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.40 [ 1767.512259][T16189] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1767.512278][T16189] usb 5-1: Product: ï“¿ [ 1767.512291][T16189] usb 5-1: Manufacturer: á°Š [ 1767.512304][T16189] usb 5-1: SerialNumber: syz [ 1767.568861][ T5877] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1767.714383][ T5877] usb 6-1: Using ep0 maxpacket: 16 [ 1767.716995][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1767.720524][ T5877] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1767.720550][ T5877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1767.720567][ T5877] usb 6-1: Product: syz [ 1767.720580][ T5877] usb 6-1: Manufacturer: syz [ 1767.720592][ T5877] usb 6-1: SerialNumber: syz [ 1767.773202][ T5877] usb 6-1: config 0 descriptor?? [ 1767.786466][ T5877] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1767.786524][ T5877] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 1767.872591][T16189] usbhid 5-1:1.0: can't add hid device: -71 [ 1767.872715][T16189] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 1767.900354][T16189] usb 5-1: USB disconnect, device number 36 [ 1767.926855][T18017] udevd[18017]: setting owner of /dev/bus/usb/005/036 to uid=0, gid=0 failed: No such file or directory [ 1768.606934][ T5877] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 1771.938184][T18065] Bluetooth: hci0: invalid length 0, exp 2 for type 21 [ 1772.088015][T18075] netlink: 'syz.4.2840': attribute type 83 has an invalid length. [ 1772.249848][ T5877] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1772.250046][ T5877] em28xx 6-1:0.0: board has no eeprom [ 1772.314414][ T5817] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 1772.414963][ T5877] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1772.414990][ T5877] em28xx 6-1:0.0: dvb set to bulk mode. [ 1772.415503][T11337] em28xx 6-1:0.0: Binding DVB extension [ 1772.488221][ T5877] usb 6-1: USB disconnect, device number 17 [ 1772.566993][ T5817] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1772.567025][ T5817] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1772.567063][ T5817] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1772.567084][ T5817] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1772.684478][ T5817] usb 7-1: config 0 descriptor?? [ 1772.924525][ T5877] em28xx 6-1:0.0: Disconnecting em28xx [ 1772.932128][T11337] em28xx 6-1:0.0: Registering input extension [ 1772.950949][ T5877] em28xx 6-1:0.0: Closing input extension [ 1773.272679][ T5817] usbhid 7-1:0.0: can't add hid device: -71 [ 1773.272804][ T5817] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1773.290090][ T5817] usb 7-1: USB disconnect, device number 27 [ 1773.422200][T18085] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2843'. [ 1773.493752][ T5877] em28xx 6-1:0.0: Freeing device [ 1774.714541][T11337] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1775.132245][T11337] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1775.132274][T11337] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1775.132291][T11337] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1775.132340][T11337] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1775.132363][T11337] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1775.186577][T11337] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1775.186606][T11337] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1775.186625][T11337] usb 2-1: Product: syz [ 1775.186638][T11337] usb 2-1: Manufacturer: syz [ 1775.230741][T11337] cdc_wdm 2-1:1.0: skipping garbage [ 1775.230761][T11337] cdc_wdm 2-1:1.0: skipping garbage [ 1775.248596][T11337] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 1775.248703][T11337] cdc_wdm 2-1:1.0: Unknown control protocol [ 1775.471024][T18087] cdc_wdm 2-1:1.0: Error submitting int urb - -90 [ 1775.484612][T17090] usb 7-1: new full-speed USB device number 28 using dummy_hcd [ 1775.502714][T11337] usb 2-1: USB disconnect, device number 34 [ 1775.560100][T18104] netlink: 'syz.4.2849': attribute type 83 has an invalid length. [ 1775.646804][T17090] usb 7-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1775.646832][T17090] usb 7-1: config 255 has 1 interface, different from the descriptor's value: 223 [ 1775.649342][T17090] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1775.649362][T17090] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.649372][T17090] usb 7-1: Product: syz [ 1775.649379][T17090] usb 7-1: Manufacturer: syz [ 1775.649386][T17090] usb 7-1: SerialNumber: syz [ 1775.679721][T17090] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1775.865867][T16189] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 1775.895247][T17090] gspca_sq930x: reg_r 001f failed -32 [ 1775.895352][T17090] sq930x 7-1:255.0: probe with driver sq930x failed with error -32 [ 1775.935966][T17090] usb 7-1: USB disconnect, device number 28 [ 1776.060627][T16189] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1776.060659][T16189] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1776.060699][T16189] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1776.060721][T16189] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1776.368096][T16189] usb 5-1: GET_CAPABILITIES returned 0 [ 1776.368144][T16189] usbtmc 5-1:16.0: can't read capabilities [ 1776.590214][T18120] overlayfs: missing 'workdir' [ 1776.685090][T17090] usb 5-1: USB disconnect, device number 37 [ 1776.792721][T18120] fuse: Bad value for 'fd' [ 1777.064398][T14843] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1777.249044][T14843] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1777.249073][T14843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1777.249091][T14843] usb 4-1: Product: syz [ 1777.249103][T14843] usb 4-1: Manufacturer: syz [ 1777.249117][T14843] usb 4-1: SerialNumber: syz [ 1777.263428][T14843] usb 4-1: config 0 descriptor?? [ 1777.303739][T14843] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 1777.359000][T14843] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1777.361262][T14843] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 1777.361363][T14843] usb 4-1: media controller created [ 1777.394472][T11337] usb 7-1: new full-speed USB device number 29 using dummy_hcd [ 1777.404661][T18132] FAULT_INJECTION: forcing a failure. [ 1777.404661][T18132] name failslab, interval 1, probability 0, space 0, times 0 [ 1777.404694][T18132] CPU: 1 UID: 0 PID: 18132 Comm: syz.4.2860 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1777.404721][T18132] Tainted: [L]=SOFTLOCKUP [ 1777.404727][T18132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1777.404738][T18132] Call Trace: [ 1777.404745][T18132] [ 1777.404752][T18132] dump_stack_lvl+0x189/0x250 [ 1777.404779][T18132] ? __pfx____ratelimit+0x10/0x10 [ 1777.404801][T18132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1777.404821][T18132] ? __pfx__printk+0x10/0x10 [ 1777.404843][T18132] ? __pfx___might_resched+0x10/0x10 [ 1777.404866][T18132] should_fail_ex+0x46c/0x600 [ 1777.404891][T18132] should_failslab+0xa8/0x100 [ 1777.404914][T18132] __kmalloc_noprof+0xcc/0x7e0 [ 1777.404935][T18132] ? copy_splice_read+0x143/0xa60 [ 1777.404963][T18132] copy_splice_read+0x143/0xa60 [ 1777.404997][T18132] ? __pfx_copy_splice_read+0x10/0x10 [ 1777.405015][T18132] ? look_up_lock_class+0x74/0x150 [ 1777.405040][T18132] ? register_lock_class+0x51/0x320 [ 1777.405063][T18132] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1777.405087][T18132] ? alloc_pipe_info+0x374/0x4d0 [ 1777.405106][T18132] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 1777.405122][T18132] splice_direct_to_actor+0x4db/0xcd0 [ 1777.405162][T18132] ? __pfx_direct_splice_actor+0x10/0x10 [ 1777.405184][T18132] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1777.405216][T18132] do_splice_direct+0x187/0x270 [ 1777.405239][T18132] ? __pfx_do_splice_direct+0x10/0x10 [ 1777.405269][T18132] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1777.405299][T18132] ? rw_verify_area+0x25b/0x4e0 [ 1777.405322][T18132] do_sendfile+0x4ec/0x7f0 [ 1777.405343][T18132] ? __pfx_vfs_write+0x10/0x10 [ 1777.405367][T18132] ? __pfx_do_sendfile+0x10/0x10 [ 1777.405402][T18132] __se_sys_sendfile64+0x13e/0x190 [ 1777.405426][T18132] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1777.405451][T18132] ? do_syscall_64+0xbe/0xf80 [ 1777.405476][T18132] do_syscall_64+0xfa/0xf80 [ 1777.405497][T18132] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1777.405514][T18132] ? clear_bhb_loop+0x60/0xb0 [ 1777.405534][T18132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1777.405550][T18132] RIP: 0033:0x7fbe265ef749 [ 1777.405566][T18132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1777.405580][T18132] RSP: 002b:00007fbe2484e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1777.405610][T18132] RAX: ffffffffffffffda RBX: 00007fbe26845fa0 RCX: 00007fbe265ef749 [ 1777.405623][T18132] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1777.405633][T18132] RBP: 00007fbe2484e090 R08: 0000000000000000 R09: 0000000000000000 [ 1777.405643][T18132] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001 [ 1777.405654][T18132] R13: 00007fbe26846038 R14: 00007fbe26845fa0 R15: 00007ffc50cd8328 [ 1777.405684][T18132] [ 1777.568741][T11337] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1777.568768][T11337] usb 7-1: config 0 has no interfaces? [ 1777.576629][T11337] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1777.576656][T11337] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1777.576675][T11337] usb 7-1: SerialNumber: syz [ 1777.589185][T14843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1777.606653][T11337] usb 7-1: config 0 descriptor?? [ 1777.673904][T18122] dvb-usb: bulk message failed: -22 (7/0) [ 1778.607910][T18137] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1779.002507][T16189] usb 7-1: USB disconnect, device number 29 [ 1779.197829][T14843] DVB: Unable to find symbol mt352_attach() [ 1779.255162][T14843] DVB: Unable to find symbol nxt6000_attach() [ 1779.255179][T14843] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 1779.260397][T14843] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 1779.383533][T14843] dvb-usb: schedule remote query interval to 1000 msecs. [ 1779.383559][T14843] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 1779.383681][T14843] dvb-usb: bulk message failed: -22 (7/0) [ 1779.383712][T14843] dvb-usb: bulk message failed: -22 (7/0) [ 1779.433758][T14843] usb 4-1: USB disconnect, device number 40 [ 1779.581018][T16189] usb 5-1: new full-speed USB device number 38 using dummy_hcd [ 1779.726598][T16189] usb 5-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1779.726624][T16189] usb 5-1: config 255 has 1 interface, different from the descriptor's value: 223 [ 1779.729013][T16189] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1779.729040][T16189] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.729058][T16189] usb 5-1: Product: syz [ 1779.729070][T16189] usb 5-1: Manufacturer: syz [ 1779.729082][T16189] usb 5-1: SerialNumber: syz [ 1779.796646][T14843] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 1779.836503][T16189] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1780.177340][T16189] gspca_sq930x: reg_r 001f failed -32 [ 1780.177399][T16189] sq930x 5-1:255.0: probe with driver sq930x failed with error -32 [ 1780.273882][T18160] FAULT_INJECTION: forcing a failure. [ 1780.273882][T18160] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1780.273942][T18160] CPU: 0 UID: 0 PID: 18160 Comm: syz.3.2867 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1780.273967][T18160] Tainted: [L]=SOFTLOCKUP [ 1780.273974][T18160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1780.273985][T18160] Call Trace: [ 1780.273993][T18160] [ 1780.274001][T18160] dump_stack_lvl+0x189/0x250 [ 1780.274027][T18160] ? __pfx____ratelimit+0x10/0x10 [ 1780.274051][T18160] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1780.274071][T18160] ? __pfx__printk+0x10/0x10 [ 1780.274090][T18160] ? __might_fault+0xb0/0x130 [ 1780.274130][T18160] should_fail_ex+0x46c/0x600 [ 1780.274157][T18160] _copy_from_user+0x2d/0xb0 [ 1780.274183][T18160] drm_ioctl+0x590/0xb20 [ 1780.274334][T18160] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 1780.274387][T18160] ? __pfx_drm_ioctl+0x10/0x10 [ 1780.274420][T18160] ? __fget_files+0x3a6/0x420 [ 1780.274441][T18160] ? __fget_files+0x2a/0x420 [ 1780.274467][T18160] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1780.274490][T18160] ? __pfx_drm_ioctl+0x10/0x10 [ 1780.274509][T18160] __se_sys_ioctl+0xff/0x170 [ 1780.274531][T18160] do_syscall_64+0xfa/0xf80 [ 1780.274554][T18160] ? rcu_is_watching+0x15/0xb0 [ 1780.274570][T18160] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.274587][T18160] ? clear_bhb_loop+0x60/0xb0 [ 1780.274608][T18160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.274625][T18160] RIP: 0033:0x7f5c8fe5f749 [ 1780.274642][T18160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1780.274657][T18160] RSP: 002b:00007f5c8e084038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1780.274677][T18160] RAX: ffffffffffffffda RBX: 00007f5c900b6180 RCX: 00007f5c8fe5f749 [ 1780.274690][T18160] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000006 [ 1780.274701][T18160] RBP: 00007f5c8e084090 R08: 0000000000000000 R09: 0000000000000000 [ 1780.274736][T18160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1780.274746][T18160] R13: 00007f5c900b6218 R14: 00007f5c900b6180 R15: 00007ffc27156b28 [ 1780.274779][T18160] [ 1780.968605][T17090] usb 5-1: USB disconnect, device number 38 [ 1781.470487][T18169] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1781.577998][T18172] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1784.864438][ T6002] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1785.034398][ T6002] usb 4-1: Using ep0 maxpacket: 32 [ 1785.039241][ T6002] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 1785.086881][ T6002] usb 4-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 1785.086909][ T6002] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1785.086928][ T6002] usb 4-1: Product: syz [ 1785.086941][ T6002] usb 4-1: Manufacturer: syz [ 1785.086954][ T6002] usb 4-1: SerialNumber: syz [ 1785.136261][ T6002] usb 4-1: config 0 descriptor?? [ 1785.138922][T18178] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1785.160031][ T6002] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1785.646154][T18195] FAULT_INJECTION: forcing a failure. [ 1785.646154][T18195] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1785.646191][T18195] CPU: 0 UID: 0 PID: 18195 Comm: syz.6.2880 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1785.646216][T18195] Tainted: [L]=SOFTLOCKUP [ 1785.646223][T18195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1785.646234][T18195] Call Trace: [ 1785.646242][T18195] [ 1785.646249][T18195] dump_stack_lvl+0x189/0x250 [ 1785.646276][T18195] ? __pfx____ratelimit+0x10/0x10 [ 1785.646298][T18195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1785.646318][T18195] ? __pfx__printk+0x10/0x10 [ 1785.646337][T18195] ? __might_fault+0xb0/0x130 [ 1785.646369][T18195] should_fail_ex+0x46c/0x600 [ 1785.646397][T18195] _copy_from_iter+0x1cd/0x1630 [ 1785.646424][T18195] ? __build_skb_around+0x22d/0x3c0 [ 1785.646448][T18195] ? __pfx__copy_from_iter+0x10/0x10 [ 1785.646466][T18195] ? __alloc_skb+0x2f1/0x430 [ 1785.646486][T18195] ? __pfx___alloc_skb+0x10/0x10 [ 1785.646506][T18195] ? netlink_sendmsg+0x642/0xb30 [ 1785.646526][T18195] ? skb_put+0x11b/0x210 [ 1785.646555][T18195] netlink_sendmsg+0x6b2/0xb30 [ 1785.646584][T18195] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1785.646617][T18195] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1785.646639][T18195] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1785.646660][T18195] __sock_sendmsg+0x21c/0x270 [ 1785.646686][T18195] ____sys_sendmsg+0x508/0x810 [ 1785.646711][T18195] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1785.646740][T18195] ? import_iovec+0x74/0xa0 [ 1785.646767][T18195] ___sys_sendmsg+0x21f/0x2a0 [ 1785.646788][T18195] ? __pfx____sys_sendmsg+0x10/0x10 [ 1785.646843][T18195] ? __fget_files+0x2a/0x420 [ 1785.646864][T18195] ? __fget_files+0x3a6/0x420 [ 1785.646897][T18195] __x64_sys_sendmsg+0x1a1/0x260 [ 1785.646919][T18195] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1785.646949][T18195] ? __pfx_ksys_write+0x10/0x10 [ 1785.646972][T18195] ? do_syscall_64+0xbe/0xf80 [ 1785.646998][T18195] do_syscall_64+0xfa/0xf80 [ 1785.647020][T18195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1785.647037][T18195] ? clear_bhb_loop+0x60/0xb0 [ 1785.647057][T18195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1785.647074][T18195] RIP: 0033:0x7feeac1af749 [ 1785.647088][T18195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1785.647102][T18195] RSP: 002b:00007feeaa40e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1785.647120][T18195] RAX: ffffffffffffffda RBX: 00007feeac405fa0 RCX: 00007feeac1af749 [ 1785.647133][T18195] RDX: 0000000000004040 RSI: 0000200000000000 RDI: 0000000000000003 [ 1785.647144][T18195] RBP: 00007feeaa40e090 R08: 0000000000000000 R09: 0000000000000000 [ 1785.647154][T18195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1785.647164][T18195] R13: 00007feeac406038 R14: 00007feeac405fa0 R15: 00007ffeb3804a68 [ 1785.647194][T18195] [ 1788.023377][T18207] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2883'. [ 1788.973122][ T6002] usb 4-1: USB disconnect, device number 41 [ 1789.154429][T18209] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1790.562595][T18220] netlink: 'syz.3.2889': attribute type 83 has an invalid length. [ 1790.584525][ T5892] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1790.758159][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1790.758192][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1790.758219][ T5892] usb 5-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1790.758231][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1790.762350][ T5892] usb 5-1: config 0 descriptor?? [ 1792.917871][T18245] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2894'. [ 1793.296647][ T5892] usbhid 5-1:0.0: can't add hid device: -71 [ 1793.296755][ T5892] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1793.335637][ T5892] usb 5-1: USB disconnect, device number 39 [ 1793.608484][T18251] FAULT_INJECTION: forcing a failure. [ 1793.608484][T18251] name failslab, interval 1, probability 0, space 0, times 0 [ 1793.608517][T18251] CPU: 0 UID: 0 PID: 18251 Comm: syz.5.2897 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1793.608541][T18251] Tainted: [L]=SOFTLOCKUP [ 1793.608547][T18251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1793.608556][T18251] Call Trace: [ 1793.608564][T18251] [ 1793.608572][T18251] dump_stack_lvl+0x189/0x250 [ 1793.608598][T18251] ? __pfx____ratelimit+0x10/0x10 [ 1793.608620][T18251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1793.608640][T18251] ? __pfx__printk+0x10/0x10 [ 1793.608663][T18251] ? __pfx___might_resched+0x10/0x10 [ 1793.608684][T18251] should_fail_ex+0x46c/0x600 [ 1793.608719][T18251] should_failslab+0xa8/0x100 [ 1793.608745][T18251] __kmalloc_noprof+0xcc/0x7e0 [ 1793.608763][T18251] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1793.608783][T18251] ? __se_sys_futex_waitv+0x17b/0x280 [ 1793.608844][T18251] __se_sys_futex_waitv+0x17b/0x280 [ 1793.608870][T18251] ? __pfx___se_sys_futex_waitv+0x10/0x10 [ 1793.608895][T18251] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1793.608916][T18251] ? __pfx_ksys_write+0x10/0x10 [ 1793.608937][T18251] ? do_syscall_64+0xbe/0xf80 [ 1793.608956][T18251] ? __x64_sys_futex_waitv+0x20/0xc0 [ 1793.608980][T18251] do_syscall_64+0xfa/0xf80 [ 1793.609001][T18251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1793.609018][T18251] ? clear_bhb_loop+0x60/0xb0 [ 1793.609039][T18251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1793.609056][T18251] RIP: 0033:0x7f3abe55f749 [ 1793.609073][T18251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1793.609088][T18251] RSP: 002b:00007f3abc7be038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1 [ 1793.609108][T18251] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55f749 [ 1793.609122][T18251] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001080 [ 1793.609133][T18251] RBP: 00007f3abc7be090 R08: 0000000000000000 R09: 0000000000000000 [ 1793.609144][T18251] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1793.609155][T18251] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1793.609187][T18251] [ 1793.625098][T18249] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1794.873731][T18262] FAULT_INJECTION: forcing a failure. [ 1794.873731][T18262] name failslab, interval 1, probability 0, space 0, times 0 [ 1794.873766][T18262] CPU: 0 UID: 0 PID: 18262 Comm: syz.6.2902 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1794.873792][T18262] Tainted: [L]=SOFTLOCKUP [ 1794.873799][T18262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1794.873809][T18262] Call Trace: [ 1794.873817][T18262] [ 1794.873825][T18262] dump_stack_lvl+0x189/0x250 [ 1794.873852][T18262] ? __pfx____ratelimit+0x10/0x10 [ 1794.873875][T18262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1794.873895][T18262] ? __pfx__printk+0x10/0x10 [ 1794.873918][T18262] ? __pfx___might_resched+0x10/0x10 [ 1794.873941][T18262] should_fail_ex+0x46c/0x600 [ 1794.873966][T18262] ? preload_this_cpu_lock+0x49/0xc0 [ 1794.873989][T18262] should_failslab+0xa8/0x100 [ 1794.874012][T18262] ? preload_this_cpu_lock+0x49/0xc0 [ 1794.874032][T18262] kmem_cache_alloc_node_noprof+0x78/0x700 [ 1794.874052][T18262] ? alloc_vmap_area+0x271/0x1470 [ 1794.874069][T18262] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 1794.874087][T18262] ? alloc_vmap_area+0x271/0x1470 [ 1794.874110][T18262] preload_this_cpu_lock+0x49/0xc0 [ 1794.874133][T18262] alloc_vmap_area+0x3fd/0x1470 [ 1794.874168][T18262] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1794.874190][T18262] ? __kmalloc_cache_node_noprof+0x2ac/0x720 [ 1794.874211][T18262] ? __get_vm_area_node+0x172/0x350 [ 1794.874229][T18262] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1794.874250][T18262] __get_vm_area_node+0x227/0x350 [ 1794.874279][T18262] __vmalloc_node_range_noprof+0x30c/0x12d0 [ 1794.874297][T18262] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1794.874315][T18262] ? __lock_acquire+0x6b6/0x2cf0 [ 1794.874355][T18262] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1794.874375][T18262] ? __lock_acquire+0x6b6/0x2cf0 [ 1794.874405][T18262] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1794.874422][T18262] __vmalloc_noprof+0xb1/0xf0 [ 1794.874441][T18262] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1794.874462][T18262] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 1794.874486][T18262] bpf_prog_alloc+0x3c/0x1a0 [ 1794.874506][T18262] bpf_prog_load+0x735/0x1a10 [ 1794.874538][T18262] ? __pfx_bpf_prog_load+0x10/0x10 [ 1794.874587][T18262] ? bpf_lsm_bpf+0x9/0x20 [ 1794.874608][T18262] ? security_bpf+0x7e/0x300 [ 1794.874632][T18262] __sys_bpf+0x507/0x860 [ 1794.874653][T18262] ? __pfx___sys_bpf+0x10/0x10 [ 1794.874668][T18262] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1794.874704][T18262] ? ksys_write+0x230/0x260 [ 1794.874726][T18262] ? __pfx_ksys_write+0x10/0x10 [ 1794.874752][T18262] __x64_sys_bpf+0x7c/0x90 [ 1794.874770][T18262] do_syscall_64+0xfa/0xf80 [ 1794.874793][T18262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.874810][T18262] ? clear_bhb_loop+0x60/0xb0 [ 1794.874832][T18262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.874849][T18262] RIP: 0033:0x7feeac1af749 [ 1794.874865][T18262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1794.874880][T18262] RSP: 002b:00007feeaa40e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1794.874900][T18262] RAX: ffffffffffffffda RBX: 00007feeac405fa0 RCX: 00007feeac1af749 [ 1794.874912][T18262] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 1794.874924][T18262] RBP: 00007feeaa40e090 R08: 0000000000000000 R09: 0000000000000000 [ 1794.874935][T18262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1794.874946][T18262] R13: 00007feeac406038 R14: 00007feeac405fa0 R15: 00007ffeb3804a68 [ 1794.874977][T18262] [ 1797.483997][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 1797.484078][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 1797.570885][T11767] block nbd4: Receive control failed (result -32) [ 1797.943737][T18282] block nbd4: shutting down sockets [ 1798.295618][T18292] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2909'. [ 1800.336323][T18297] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2912'. [ 1800.599359][T18300] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2913'. [ 1800.854498][T18310] netlink: 'syz.3.2916': attribute type 4 has an invalid length. [ 1801.227447][ T191] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1801.385957][ T191] usb 2-1: Using ep0 maxpacket: 16 [ 1801.397772][ T191] usb 2-1: config 2 has an invalid interface number: 123 but max is 0 [ 1801.397800][ T191] usb 2-1: config 2 has no interface number 0 [ 1801.397834][ T191] usb 2-1: config 2 interface 123 has no altsetting 0 [ 1801.402216][ T191] usb 2-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 1801.402246][ T191] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1801.402265][ T191] usb 2-1: Product: syz [ 1801.402278][ T191] usb 2-1: Manufacturer: syz [ 1801.402292][ T191] usb 2-1: SerialNumber: syz [ 1801.721128][ T191] (null): radio-mr800 - initialization failed [ 1801.721381][ T191] radio-mr800 2-1:2.123: probe with driver radio-mr800 failed with error -22 [ 1801.721970][ T191] usbhid 2-1:2.123: couldn't find an input interrupt endpoint [ 1801.755163][ T191] usb 2-1: USB disconnect, device number 35 [ 1801.779442][T18326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1802.305141][T18331] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1803.208594][T18344] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2925'. [ 1803.239108][ T6002] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1804.173280][ T6002] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1804.173313][ T6002] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1804.173350][ T6002] usb 5-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1804.173371][ T6002] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1804.242561][ T6002] usb 5-1: config 0 descriptor?? [ 1804.448005][ T6189] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 1804.722416][ T6189] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 1804.722444][ T6189] usb 7-1: config 0 has no interface number 0 [ 1804.722472][ T6189] usb 7-1: config 0 interface 85 altsetting 151 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1804.722523][ T6189] usb 7-1: config 0 interface 85 altsetting 151 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1804.722536][ T6189] usb 7-1: config 0 interface 85 has no altsetting 0 [ 1804.722555][ T6189] usb 7-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 1804.722566][ T6189] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1805.542122][ T6002] usbhid 5-1:0.0: can't add hid device: -71 [ 1805.542231][ T6002] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1805.545083][ T6002] usb 5-1: USB disconnect, device number 40 [ 1805.556126][ T6189] usb 7-1: config 0 descriptor?? [ 1807.535401][T10854] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 1807.716794][T10854] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1807.716871][T10854] usb 2-1: config 0 has no interfaces? [ 1807.718990][T10854] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1807.719006][T10854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1807.719017][T10854] usb 2-1: SerialNumber: syz [ 1807.806810][T10854] usb 2-1: config 0 descriptor?? [ 1807.967496][ T6189] usbhid 7-1:0.85: can't add hid device: -71 [ 1807.967616][ T6189] usbhid 7-1:0.85: probe with driver usbhid failed with error -71 [ 1808.195569][ T6189] usb 7-1: USB disconnect, device number 30 [ 1808.231183][T10854] usb 2-1: USB disconnect, device number 36 [ 1809.993528][T18389] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2936'. [ 1811.089533][T18393] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1811.455595][T18403] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2942'. [ 1811.526989][T10854] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 1811.590313][T18405] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1811.590393][T18405] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1811.590429][T18405] overlayfs: missing 'lowerdir' [ 1812.764490][T10854] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1812.764510][T10854] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1812.764568][T10854] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1812.764581][T10854] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1813.324549][T10854] usb 6-1: GET_CAPABILITIES returned 0 [ 1813.324598][T10854] usbtmc 6-1:16.0: can't read capabilities [ 1813.430870][T18427] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2949'. [ 1814.330948][ T5817] usb 6-1: USB disconnect, device number 18 [ 1815.801989][T18449] netlink: 'syz.6.2956': attribute type 83 has an invalid length. [ 1816.147583][T18456] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1816.147733][T18456] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1816.147778][T18456] overlayfs: missing 'lowerdir' [ 1819.255807][T18476] netlink: 'syz.3.2963': attribute type 83 has an invalid length. [ 1819.404418][ T5817] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1819.545330][T18486] ptrace attach of "./syz-executor exec"[5811] was attempted by "./syz-executor exec"[18486] [ 1819.556640][ T5817] usb 2-1: Using ep0 maxpacket: 16 [ 1819.559438][ T5817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1819.587818][ T5817] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1819.587847][ T5817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1819.587866][ T5817] usb 2-1: Product: syz [ 1819.587880][ T5817] usb 2-1: Manufacturer: syz [ 1819.587894][ T5817] usb 2-1: SerialNumber: syz [ 1819.639110][ T5817] usb 2-1: config 0 descriptor?? [ 1819.687105][ T5817] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1820.000713][T14843] usb 2-1: USB disconnect, device number 37 [ 1820.015234][ T3467] usb 2-1: Failed to submit usb control message: -71 [ 1820.015268][ T3467] usb 2-1: unable to send the bmi data to the device: -71 [ 1820.015284][ T3467] usb 2-1: unable to get target info from device [ 1820.015298][ T3467] usb 2-1: could not get target info (-71) [ 1820.015534][ T3467] usb 2-1: could not probe fw (-71) [ 1821.021667][T18494] netlink: 'syz.3.2969': attribute type 83 has an invalid length. [ 1821.708042][T18515] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1821.708196][T18515] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1821.708232][T18515] overlayfs: missing 'lowerdir' [ 1822.441682][T18518] ptrace attach of "./syz-executor exec"[12170] was attempted by "./syz-executor exec"[18518] [ 1822.642380][T18523] netlink: 'syz.4.2977': attribute type 4 has an invalid length. [ 1822.728670][T18529] ptrace attach of "./syz-executor exec"[5811] was attempted by "./syz-executor exec"[18529] [ 1822.804515][T14843] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 1824.576177][T14843] usb 6-1: device descriptor read/64, error -71 [ 1825.976881][T14843] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 1826.204069][T18547] netlink: 'syz.5.2983': attribute type 83 has an invalid length. [ 1826.462431][T18557] FAULT_INJECTION: forcing a failure. [ 1826.462431][T18557] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.462461][T18557] CPU: 1 UID: 0 PID: 18557 Comm: syz.1.2988 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1826.462481][T18557] Tainted: [L]=SOFTLOCKUP [ 1826.462486][T18557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1826.462494][T18557] Call Trace: [ 1826.462500][T18557] [ 1826.462507][T18557] dump_stack_lvl+0x189/0x250 [ 1826.462530][T18557] ? __pfx____ratelimit+0x10/0x10 [ 1826.462549][T18557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1826.462566][T18557] ? __pfx__printk+0x10/0x10 [ 1826.462584][T18557] ? __pfx___might_resched+0x10/0x10 [ 1826.462597][T18557] ? fs_reclaim_acquire+0x7d/0x100 [ 1826.462618][T18557] should_fail_ex+0x46c/0x600 [ 1826.462640][T18557] should_failslab+0xa8/0x100 [ 1826.462659][T18557] __kmalloc_noprof+0xcc/0x7e0 [ 1826.462675][T18557] ? tomoyo_encode+0x28b/0x550 [ 1826.462698][T18557] tomoyo_encode+0x28b/0x550 [ 1826.462720][T18557] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1826.462746][T18557] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1826.462763][T18557] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1826.462780][T18557] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1826.462827][T18557] ? __fget_files+0x2a/0x420 [ 1826.462849][T18557] ? __fget_files+0x3a6/0x420 [ 1826.462865][T18557] ? __fget_files+0x2a/0x420 [ 1826.462885][T18557] security_file_ioctl+0xcb/0x2d0 [ 1826.462904][T18557] __se_sys_ioctl+0x47/0x170 [ 1826.462921][T18557] do_syscall_64+0xfa/0xf80 [ 1826.462940][T18557] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.462954][T18557] ? clear_bhb_loop+0x60/0xb0 [ 1826.462971][T18557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.462983][T18557] RIP: 0033:0x7f11758df749 [ 1826.462996][T18557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.463008][T18557] RSP: 002b:00007f1173b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1826.463023][T18557] RAX: ffffffffffffffda RBX: 00007f1175b35fa0 RCX: 00007f11758df749 [ 1826.463034][T18557] RDX: 0000000100000001 RSI: 000000000000540e RDI: 0000000000000003 [ 1826.463043][T18557] RBP: 00007f1173b3e090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.463051][T18557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.463060][T18557] R13: 00007f1175b36038 R14: 00007f1175b35fa0 R15: 00007ffebf765018 [ 1826.463084][T18557] [ 1826.463102][T18557] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1826.544415][ T43] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 1826.694367][ T43] usb 7-1: Using ep0 maxpacket: 16 [ 1826.697687][ T43] usb 7-1: config 2 has an invalid interface number: 123 but max is 0 [ 1826.697712][ T43] usb 7-1: config 2 has no interface number 0 [ 1826.697747][ T43] usb 7-1: config 2 interface 123 has no altsetting 0 [ 1826.700501][ T43] usb 7-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 1826.700526][ T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1826.700545][ T43] usb 7-1: Product: syz [ 1826.700558][ T43] usb 7-1: Manufacturer: syz [ 1826.700571][ T43] usb 7-1: SerialNumber: syz [ 1826.811397][T14843] usb usb6-port1: attempt power cycle [ 1826.997373][T18567] FAULT_INJECTION: forcing a failure. [ 1826.997373][T18567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1826.997409][T18567] CPU: 1 UID: 0 PID: 18567 Comm: syz.4.2990 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1826.997434][T18567] Tainted: [L]=SOFTLOCKUP [ 1826.997440][T18567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1826.997450][T18567] Call Trace: [ 1826.997458][T18567] [ 1826.997466][T18567] dump_stack_lvl+0x189/0x250 [ 1826.997493][T18567] ? __pfx____ratelimit+0x10/0x10 [ 1826.997515][T18567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1826.997535][T18567] ? __pfx__printk+0x10/0x10 [ 1826.997566][T18567] should_fail_ex+0x46c/0x600 [ 1826.997595][T18567] _copy_to_user+0x31/0xb0 [ 1826.997621][T18567] simple_read_from_buffer+0xe1/0x170 [ 1826.997648][T18567] proc_fail_nth_read+0x1b6/0x220 [ 1826.997672][T18567] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1826.997695][T18567] ? rw_verify_area+0x2ac/0x4e0 [ 1826.997713][T18567] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1826.997733][T18567] vfs_read+0x206/0xa30 [ 1826.997760][T18567] ? __pfx_vfs_read+0x10/0x10 [ 1826.997776][T18567] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1826.997805][T18567] ? mutex_lock_nested+0x154/0x1d0 [ 1826.997822][T18567] ? fdget_pos+0x253/0x320 [ 1826.997853][T18567] ksys_read+0x14b/0x260 [ 1826.997876][T18567] ? __pfx_ksys_read+0x10/0x10 [ 1826.997906][T18567] do_syscall_64+0xfa/0xf80 [ 1826.997929][T18567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.997947][T18567] ? clear_bhb_loop+0x60/0xb0 [ 1826.997977][T18567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.997994][T18567] RIP: 0033:0x7fbe265ee15c [ 1826.998011][T18567] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1826.998027][T18567] RSP: 002b:00007fbe2484e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1826.998047][T18567] RAX: ffffffffffffffda RBX: 00007fbe26845fa0 RCX: 00007fbe265ee15c [ 1826.998061][T18567] RDX: 000000000000000f RSI: 00007fbe2484e0a0 RDI: 0000000000000006 [ 1826.998073][T18567] RBP: 00007fbe2484e090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.998085][T18567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.998096][T18567] R13: 00007fbe26846038 R14: 00007fbe26845fa0 R15: 00007ffc50cd8328 [ 1826.998131][T18567] [ 1827.042791][T18569] ptrace attach of "./syz-executor exec"[5803] was attempted by "./syz-executor exec"[18569] [ 1827.056134][ T5892] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1827.144390][T14843] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1827.207049][ T5892] usb 4-1: Using ep0 maxpacket: 16 [ 1827.289950][ T5892] usb 4-1: config 2 has an invalid interface number: 123 but max is 0 [ 1827.289977][ T5892] usb 4-1: config 2 has no interface number 0 [ 1827.290008][ T5892] usb 4-1: config 2 interface 123 has no altsetting 0 [ 1827.321723][T14843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1827.321754][T14843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1827.321791][T14843] usb 6-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00 [ 1827.321812][T14843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1827.333505][ T5892] usb 4-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 1827.333533][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1827.333551][ T5892] usb 4-1: Product: syz [ 1827.333564][ T5892] usb 4-1: Manufacturer: syz [ 1827.333577][ T5892] usb 4-1: SerialNumber: syz [ 1827.396797][ T43] (null): radio-mr800 - initialization failed [ 1827.397025][ T43] radio-mr800 7-1:2.123: probe with driver radio-mr800 failed with error -22 [ 1827.397573][ T43] usbhid 7-1:2.123: couldn't find an input interrupt endpoint [ 1827.402732][T14843] usb 6-1: config 0 descriptor?? [ 1827.403055][ T43] usb 7-1: USB disconnect, device number 31 [ 1827.556098][T16189] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 1827.659492][ T5892] (null): radio-mr800 - initialization failed [ 1827.659705][ T5892] radio-mr800 4-1:2.123: probe with driver radio-mr800 failed with error -22 [ 1827.660220][ T5892] usbhid 4-1:2.123: couldn't find an input interrupt endpoint [ 1827.677834][ T5892] usb 4-1: USB disconnect, device number 42 [ 1827.691228][T16189] usb 2-1: device descriptor read/64, error -71 [ 1828.656241][T18579] netlink: 'syz.6.2995': attribute type 83 has an invalid length. [ 1828.814630][T16189] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 1828.833516][T14843] usbhid 6-1:0.0: can't add hid device: -71 [ 1828.833640][T14843] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1828.861657][T14843] usb 6-1: USB disconnect, device number 21 [ 1828.944460][T16189] usb 2-1: device descriptor read/64, error -71 [ 1829.055055][T16189] usb usb2-port1: attempt power cycle [ 1829.394434][T16189] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 1829.416025][T16189] usb 2-1: device descriptor read/8, error -71 [ 1829.654489][T16189] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 1829.677787][T16189] usb 2-1: device descriptor read/8, error -71 [ 1829.794412][T14843] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1829.833818][T16189] usb usb2-port1: unable to enumerate USB device [ 1829.968291][T18598] netlink: 'syz.6.3002': attribute type 83 has an invalid length. [ 1829.994705][T14843] usb 4-1: Using ep0 maxpacket: 16 [ 1829.996532][T14843] usb 4-1: config 2 has an invalid interface number: 123 but max is 0 [ 1829.996558][T14843] usb 4-1: config 2 has no interface number 0 [ 1829.996579][T14843] usb 4-1: config 2 interface 123 has no altsetting 0 [ 1830.002941][T14843] usb 4-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 1830.002958][T14843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1830.002969][T14843] usb 4-1: Product: syz [ 1830.002976][T14843] usb 4-1: Manufacturer: syz [ 1830.002983][T14843] usb 4-1: SerialNumber: syz [ 1830.338630][T14843] (null): radio-mr800 - initialization failed [ 1830.338854][T14843] radio-mr800 4-1:2.123: probe with driver radio-mr800 failed with error -22 [ 1830.339415][T14843] usbhid 4-1:2.123: couldn't find an input interrupt endpoint [ 1830.353205][T14843] usb 4-1: USB disconnect, device number 43 [ 1830.981705][T18606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3004'. [ 1832.028229][T18617] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1832.848067][T18627] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1834.030382][T18634] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1834.249335][T18642] overlayfs: missing 'lowerdir' [ 1834.444448][T11337] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 1834.674566][T11337] usb 6-1: device descriptor read/64, error -71 [ 1834.812039][T18649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3019'. [ 1835.909713][T11337] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 1836.125632][T11337] usb 6-1: device descriptor read/64, error -71 [ 1836.126059][ T5817] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 1836.339748][T11337] usb usb6-port1: attempt power cycle [ 1836.946585][ T5817] usb 5-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1836.946614][ T5817] usb 5-1: config 255 has 1 interface, different from the descriptor's value: 223 [ 1836.949435][ T5817] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1836.949462][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1836.949479][ T5817] usb 5-1: Product: syz [ 1836.949492][ T5817] usb 5-1: Manufacturer: syz [ 1836.949505][ T5817] usb 5-1: SerialNumber: syz [ 1836.993519][ T5817] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1837.265568][T11337] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 1837.374195][T18670] Bluetooth: hci0: invalid length 0, exp 2 for type 20 [ 1837.474507][T11337] usb 6-1: device not accepting address 24, error -71 [ 1837.874416][ T5817] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 1838.094486][ T5817] gspca_sq930x: Sensor ov9630 not yet treated [ 1838.094590][ T5817] sq930x 5-1:255.0: probe with driver sq930x failed with error -22 [ 1838.102918][ T5817] usb 5-1: USB disconnect, device number 41 [ 1838.118974][T18561] udevd[18561]: setting mode of /dev/bus/usb/005/041 to 020664 failed: No such file or directory [ 1838.119182][T18561] udevd[18561]: setting owner of /dev/bus/usb/005/041 to uid=0, gid=0 failed: No such file or directory [ 1838.343486][T18691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3032'. [ 1839.137238][T16189] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 1839.305474][T16189] usb 7-1: Using ep0 maxpacket: 16 [ 1839.310104][T16189] usb 7-1: config 2 has an invalid interface number: 123 but max is 0 [ 1839.310132][T16189] usb 7-1: config 2 has no interface number 0 [ 1839.310164][T16189] usb 7-1: config 2 interface 123 has no altsetting 0 [ 1839.324296][T16189] usb 7-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=17.2e [ 1839.324324][T16189] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1839.324342][T16189] usb 7-1: Product: syz [ 1839.324354][T16189] usb 7-1: Manufacturer: syz [ 1839.324366][T16189] usb 7-1: SerialNumber: syz [ 1839.574644][ T5892] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 1839.610486][T16189] (null): radio-mr800 - initialization failed [ 1839.610714][T16189] radio-mr800 7-1:2.123: probe with driver radio-mr800 failed with error -22 [ 1839.611231][T16189] usbhid 7-1:2.123: couldn't find an input interrupt endpoint [ 1839.646908][T16189] usb 7-1: USB disconnect, device number 32 [ 1839.779658][ T5892] usb 2-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1839.779687][ T5892] usb 2-1: config 255 has 1 interface, different from the descriptor's value: 223 [ 1839.782437][ T5892] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1839.782466][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1839.782483][ T5892] usb 2-1: Product: syz [ 1839.782496][ T5892] usb 2-1: Manufacturer: syz [ 1839.782509][ T5892] usb 2-1: SerialNumber: syz [ 1839.822530][ T5892] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1839.938618][T18707] netlink: 'syz.3.3039': attribute type 4 has an invalid length. [ 1840.134428][T11337] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1840.284426][T11337] usb 5-1: Using ep0 maxpacket: 16 [ 1840.287030][T11337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1840.320461][T11337] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1840.320492][T11337] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1840.320512][T11337] usb 5-1: Product: syz [ 1840.320526][T11337] usb 5-1: Manufacturer: syz [ 1840.320540][T11337] usb 5-1: SerialNumber: syz [ 1840.599988][T11337] usb 5-1: config 0 descriptor?? [ 1841.688584][T11337] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1841.708475][T11337] usb 5-1: USB disconnect, device number 42 [ 1842.459711][ T6083] usb 5-1: Failed to submit usb control message: -71 [ 1842.460958][ T6083] usb 5-1: unable to send the bmi data to the device: -71 [ 1842.460980][ T6083] usb 5-1: unable to get target info from device [ 1842.460994][ T6083] usb 5-1: could not get target info (-71) [ 1842.461240][ T6083] usb 5-1: could not probe fw (-71) [ 1842.568204][ T37] audit: type=1800 audit(1764901503.928:41): pid=18713 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3042" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 1842.775665][ T5892] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 1842.907516][T18724] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3045'. [ 1843.784394][ T5892] gspca_sq930x: Sensor ov9630 not yet treated [ 1843.784482][ T5892] sq930x 2-1:255.0: probe with driver sq930x failed with error -22 [ 1843.830649][ T5892] usb 2-1: USB disconnect, device number 42 [ 1844.814451][ T5892] usb 6-1: new full-speed USB device number 26 using dummy_hcd [ 1844.814726][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 1844.965423][ T5892] usb 6-1: device descriptor read/64, error -32 [ 1845.204458][ T5892] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 1845.366714][ T5892] usb 6-1: config 255 has too many interfaces: 223, using maximum allowed: 32 [ 1845.366743][ T5892] usb 6-1: config 255 has 1 interface, different from the descriptor's value: 223 [ 1845.370152][ T5892] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1845.370180][ T5892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1845.370199][ T5892] usb 6-1: Product: syz [ 1845.370212][ T5892] usb 6-1: Manufacturer: syz [ 1845.370225][ T5892] usb 6-1: SerialNumber: syz [ 1845.527655][T18743] overlayfs: missing 'workdir' [ 1845.667201][T18744] fuse: Bad value for 'fd' [ 1846.135573][ T5892] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1846.896145][ T5892] gspca_sq930x: ucbus_write failed -110 [ 1847.155167][ T5892] gspca_sq930x: Sensor ov9630 not yet treated [ 1847.155281][ T5892] sq930x 6-1:255.0: probe with driver sq930x failed with error -22 [ 1847.166016][ T5892] usb 6-1: USB disconnect, device number 27 [ 1847.396516][T18756] FAULT_INJECTION: forcing a failure. [ 1847.396516][T18756] name failslab, interval 1, probability 0, space 0, times 0 [ 1847.396559][T18756] CPU: 0 UID: 0 PID: 18756 Comm: syz.3.3054 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1847.396584][T18756] Tainted: [L]=SOFTLOCKUP [ 1847.396592][T18756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1847.396604][T18756] Call Trace: [ 1847.396613][T18756] [ 1847.396622][T18756] dump_stack_lvl+0x189/0x250 [ 1847.396653][T18756] ? __pfx____ratelimit+0x10/0x10 [ 1847.396678][T18756] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1847.396700][T18756] ? __pfx__printk+0x10/0x10 [ 1847.396722][T18756] ? __pfx_fib_validate_source+0x10/0x10 [ 1847.396850][T18756] ? trace_fib_table_lookup+0x85/0x1e0 [ 1847.396907][T18756] should_fail_ex+0x46c/0x600 [ 1847.396936][T18756] ? dst_alloc+0x105/0x170 [ 1847.397009][T18756] should_failslab+0xa8/0x100 [ 1847.397042][T18756] ? dst_alloc+0x105/0x170 [ 1847.397060][T18756] kmem_cache_alloc_noprof+0x6f/0x6d0 [ 1847.397084][T18756] ? fib_lookup+0x76/0x440 [ 1847.397160][T18756] dst_alloc+0x105/0x170 [ 1847.397185][T18756] ip_route_input_rcu+0x1ec2/0x30d0 [ 1847.397225][T18756] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 1847.397287][T18756] ? ip_route_input_noref+0x98/0x250 [ 1847.397313][T18756] ip_route_input_noref+0x167/0x250 [ 1847.397342][T18756] ? __pfx_ip_route_input_noref+0x10/0x10 [ 1847.397387][T18756] ip_rcv_finish_core+0x5af/0x1c00 [ 1847.397423][T18756] ip_rcv_finish+0x14c/0x2f0 [ 1847.397447][T18756] NF_HOOK+0x30c/0x3a0 [ 1847.397470][T18756] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1847.397489][T18756] ? NF_HOOK+0x9a/0x3a0 [ 1847.397507][T18756] ? __pfx_NF_HOOK+0x10/0x10 [ 1847.397525][T18756] ? ip_rcv_core+0x7f7/0xd00 [ 1847.397547][T18756] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1847.397579][T18756] ? __pfx_ip_rcv+0x10/0x10 [ 1847.397596][T18756] __netif_receive_skb+0x143/0x380 [ 1847.397645][T18756] ? insn_get_prefixes+0x1878/0x1ca0 [ 1847.397666][T18756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1847.397689][T18756] ? netif_receive_skb+0x105/0x750 [ 1847.397712][T18756] netif_receive_skb+0x1bb/0x750 [ 1847.397739][T18756] ? __pfx_netif_receive_skb+0x10/0x10 [ 1847.397766][T18756] ? __lock_acquire+0x6b6/0x2cf0 [ 1847.397790][T18756] ? tun_rx_batched+0x166/0x730 [ 1847.397864][T18756] tun_rx_batched+0x1bf/0x730 [ 1847.397890][T18756] ? __pfx_tun_rx_batched+0x10/0x10 [ 1847.397906][T18756] ? __local_bh_enable_ip+0x1c0/0x2e0 [ 1847.397927][T18756] ? lockdep_hardirqs_on+0x98/0x140 [ 1847.397962][T18756] ? tun_get_user+0x266d/0x3de0 [ 1847.397993][T18756] ? tun_get_user+0x266d/0x3de0 [ 1847.398010][T18756] tun_get_user+0x2abd/0x3de0 [ 1847.398039][T18756] ? tun_get_user+0x6fc/0x3de0 [ 1847.398074][T18756] ? __pfx_tun_get_user+0x10/0x10 [ 1847.398095][T18756] ? __lock_acquire+0x6b6/0x2cf0 [ 1847.398121][T18756] ? kstrtoull+0x12f/0x1d0 [ 1847.398152][T18756] ? ref_tracker_alloc+0x2fe/0x450 [ 1847.398206][T18756] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1847.398235][T18756] ? tun_get+0x1c/0x2f0 [ 1847.398261][T18756] ? tun_get+0x1c/0x2f0 [ 1847.398278][T18756] ? tun_get+0x1c/0x2f0 [ 1847.398302][T18756] tun_chr_write_iter+0x119/0x200 [ 1847.398358][T18756] vfs_write+0x5d5/0xb40 [ 1847.398385][T18756] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1847.398412][T18756] ? __pfx_vfs_write+0x10/0x10 [ 1847.398444][T18756] ? __fget_files+0x2a/0x420 [ 1847.398478][T18756] ksys_write+0x14b/0x260 [ 1847.398502][T18756] ? __pfx_ksys_write+0x10/0x10 [ 1847.398526][T18756] ? do_syscall_64+0xbe/0xf80 [ 1847.398553][T18756] do_syscall_64+0xfa/0xf80 [ 1847.398576][T18756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1847.398594][T18756] ? clear_bhb_loop+0x60/0xb0 [ 1847.398618][T18756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1847.398635][T18756] RIP: 0033:0x7f5c8fe5e1ff [ 1847.398653][T18756] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1847.398669][T18756] RSP: 002b:00007f5c8e0c6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1847.398690][T18756] RAX: ffffffffffffffda RBX: 00007f5c900b5fa0 RCX: 00007f5c8fe5e1ff [ 1847.398704][T18756] RDX: 0000000000000086 RSI: 00002000000010c0 RDI: 00000000000000c8 [ 1847.398716][T18756] RBP: 00007f5c8e0c6090 R08: 0000000000000000 R09: 0000000000000000 [ 1847.398728][T18756] R10: 0000000000000086 R11: 0000000000000293 R12: 0000000000000001 [ 1847.398740][T18756] R13: 00007f5c900b6038 R14: 00007f5c900b5fa0 R15: 00007ffc27156b28 [ 1847.398776][T18756] [ 1847.621920][T18762] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1850.339447][T18779] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3059'. [ 1850.805040][T18781] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1850.879216][ T5174] udevd[5174]: worker [18561] terminated by signal 33 (Unknown signal 33) [ 1850.879616][ T5174] udevd[5174]: worker [18687] terminated by signal 33 (Unknown signal 33) [ 1850.880645][ T5174] udevd[5174]: worker [18481] terminated by signal 33 (Unknown signal 33) [ 1850.881003][ T5174] udevd[5174]: worker [18478] terminated by signal 33 (Unknown signal 33) [ 1850.913833][ T5174] udevd[5174]: worker [18497] terminated by signal 33 (Unknown signal 33) [ 1851.428986][T18791] overlayfs: missing 'workdir' [ 1851.563034][T18792] fuse: Bad value for 'fd' [ 1852.311914][T11337] usb 7-1: new full-speed USB device number 33 using dummy_hcd [ 1852.474423][T11337] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1852.474456][T11337] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1852.474508][T11337] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1852.474529][T11337] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1852.746618][T11337] usb 7-1: GET_CAPABILITIES returned 0 [ 1852.746667][T11337] usbtmc 7-1:16.0: can't read capabilities [ 1852.872738][T18807] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 1852.872762][T18807] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1852.872782][T18807] CPU: 0 UID: 0 PID: 18807 Comm: syz.5.3070 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1852.872808][T18807] Tainted: [L]=SOFTLOCKUP [ 1852.872814][T18807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1852.872826][T18807] RIP: 0010:bq_flush_to_queue+0x46f/0x580 [ 1852.872854][T18807] Code: 35 00 4d 8b 26 4d 8d 74 24 08 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 0b f2 35 00 49 89 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 f2 f1 35 00 4c 89 23 48 8b 04 24 [ 1852.872868][T18807] RSP: 0018:ffffc9001db7f650 EFLAGS: 00010246 [ 1852.872886][T18807] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1852.872898][T18807] RDX: 0000000000000003 RSI: ffffffff8cdf8ac7 RDI: 00000000ffffffff [ 1852.872910][T18807] RBP: ffff888032117000 R08: ffffffff8eda2977 R09: 1ffffffff1db452e [ 1852.872924][T18807] R10: dffffc0000000000 R11: fffffbfff1db452f R12: ffffc9001dce79e0 [ 1852.872939][T18807] R13: 0000000000000000 R14: ffffc9001dce79e8 R15: dffffc0000000000 [ 1852.872952][T18807] FS: 00007f3abc7be6c0(0000) GS:ffff888126d5e000(0000) knlGS:0000000000000000 [ 1852.872967][T18807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1852.872978][T18807] CR2: 0000555582aea808 CR3: 000000005a4bc000 CR4: 00000000003526f0 [ 1852.872996][T18807] Call Trace: [ 1852.873003][T18807] [ 1852.873014][T18807] ? trace_xdp_redirect+0x90/0x220 [ 1852.873113][T18807] __cpu_map_flush+0x5d/0xd0 [ 1852.873132][T18807] xdp_do_flush+0x13c/0x1d0 [ 1852.873150][T18807] bpf_test_run_xdp_live+0x154f/0x1b20 [ 1852.873219][T18807] ? bpf_test_run_xdp_live+0x393/0x1b20 [ 1852.873244][T18807] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 1852.873282][T18807] ? __might_fault+0xb0/0x130 [ 1852.873302][T18807] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 1852.873327][T18807] ? _copy_from_user+0x94/0xb0 [ 1852.873351][T18807] ? bpf_test_init+0x113/0x150 [ 1852.873367][T18807] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1852.873388][T18807] bpf_prog_test_run_xdp+0x7c0/0x10e0 [ 1852.873413][T18807] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1852.873433][T18807] ? __fget_files+0x2a/0x420 [ 1852.873457][T18807] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1852.873476][T18807] bpf_prog_test_run+0x2cd/0x340 [ 1852.873498][T18807] __sys_bpf+0x562/0x860 [ 1852.873515][T18807] ? __pfx___sys_bpf+0x10/0x10 [ 1852.873539][T18807] ? rcu_is_watching+0x15/0xb0 [ 1852.873565][T18807] __x64_sys_bpf+0x7c/0x90 [ 1852.873580][T18807] do_syscall_64+0xfa/0xf80 [ 1852.873602][T18807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1852.873618][T18807] ? clear_bhb_loop+0x60/0xb0 [ 1852.873637][T18807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1852.873654][T18807] RIP: 0033:0x7f3abe55f749 [ 1852.873670][T18807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1852.873685][T18807] RSP: 002b:00007f3abc7be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1852.873702][T18807] RAX: ffffffffffffffda RBX: 00007f3abe7b5fa0 RCX: 00007f3abe55f749 [ 1852.873714][T18807] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 1852.873725][T18807] RBP: 00007f3abe5e3f91 R08: 0000000000000000 R09: 0000000000000000 [ 1852.873735][T18807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1852.873745][T18807] R13: 00007f3abe7b6038 R14: 00007f3abe7b5fa0 R15: 00007ffece54c3a8 [ 1852.873767][T18807] [ 1852.873779][T18807] Modules linked in: [ 1852.873801][T18807] ---[ end trace 0000000000000000 ]--- [ 1852.873814][T18807] RIP: 0010:bq_flush_to_queue+0x46f/0x580 [ 1852.873836][T18807] Code: 35 00 4d 8b 26 4d 8d 74 24 08 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 0b f2 35 00 49 89 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 f2 f1 35 00 4c 89 23 48 8b 04 24 [ 1852.873851][T18807] RSP: 0018:ffffc9001db7f650 EFLAGS: 00010246 [ 1852.873867][T18807] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1852.873878][T18807] RDX: 0000000000000003 RSI: ffffffff8cdf8ac7 RDI: 00000000ffffffff [ 1852.873892][T18807] RBP: ffff888032117000 R08: ffffffff8eda2977 R09: 1ffffffff1db452e [ 1852.873906][T18807] R10: dffffc0000000000 R11: fffffbfff1db452f R12: ffffc9001dce79e0 [ 1852.873920][T18807] R13: 0000000000000000 R14: ffffc9001dce79e8 R15: dffffc0000000000 [ 1852.873933][T18807] FS: 00007f3abc7be6c0(0000) GS:ffff888126d5e000(0000) knlGS:0000000000000000 [ 1852.873950][T18807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1852.873963][T18807] CR2: 0000555582aea808 CR3: 000000005a4bc000 CR4: 00000000003526f0 [ 1852.873985][T18807] Kernel panic - not syncing: Fatal exception in interrupt [ 1852.874443][T18807] Kernel Offset: disabled