last executing test programs: 6m33.661619892s ago: executing program 1 (id=1064): socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6m33.480262946s ago: executing program 1 (id=1067): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x8014) connect$llc(r0, &(0x7f00000003c0)={0x1a, 0x20, 0x80, 0x5, 0x7, 0x3}, 0x10) r1 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) timer_create(0x3, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x83, 0xffffffff, 0x40}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = syz_open_pts(r2, 0x40) ioctl$TIOCGSOFTCAR(r3, 0x5419, &(0x7f0000000d80)) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r4, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x8, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", 0x0, 0x0, 0x10, 0x0, 0x0}) 6m32.161799497s ago: executing program 1 (id=1072): socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000010190400060000000000010902"], 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) socket$inet6(0xa, 0x3, 0x7) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000003080102000000074441980000000000050003"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r4, r3, 0x0, 0x100000002) 6m28.702925579s ago: executing program 1 (id=1077): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, 0x0, 0x0) dup3(r1, r0, 0x0) 6m28.170705809s ago: executing program 1 (id=1079): r0 = syz_io_uring_setup(0x2304, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, 0x0, &(0x7f0000000180)=0x0) r2 = socket(0x2, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000001040)='bond0\x00', 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000040)=0xd8be, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x17, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000000)='./file0\x00'}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000780)='\xe3]ne', &(0x7f0000000300)='\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00^a&\xcd\x8c.\xda|\x9ex\x00\x1d\x1cL\t\\\x15Dk\xb7\x04\xd5\x7fj\xf4H\x9d\xb2\x8b\xf7\x8a3[\xc3\x99\x14\nc\xdfV\x1bR?\xaf\xe67\xa6\x99\xcc>p8\x8f\xd4t\xf6;~\x0f\xe4\xf0\xef\xbc\xdd\xde\x89m=\xf5{{\x99\xb6K&\xbfN@\\\xa3J\x81\xb0\xdf/\xf8\xc9\x18\xb8\xaf\x8e|\xe9\n\xbe\xd2\xc7\xfcQjR},\xb8\xd8', 0x0) socket$inet(0x2, 0x3, 0x2) vmsplice(r0, &(0x7f00000004c0)=[{&(0x7f00000003c0)="3b4d78238a17486926926aedd3ee73d921ccfcdafc8ef96a7e3149fcfc43ccfe9a14142bbe3d724d6758dfbb99c3498fb4c839cbd3e458e491cff74105b17df18809a93d83c51fbe4ac7493c6336448498a2cace5df2927d880a48b2bc8972821966960ab8ccb670172b51b5f2acc448a9320426f9e3e8fbf1c90cd148aeca91b8080552e103b23a8fa221fcae9521c7ec83d25f738bbbef48387e4c1da223af3aac68aee8ded9606d848f51af7afefc9cba9ea6e5f617a1ef07ab183168f14a1d20f644f0607efa18e543a612727a6d16d02b6c458b3cc3", 0xd8}, {&(0x7f0000001080)="5b9de1ebbfa17184e167922cf5bea2dd97221ace3d1cff4ae944f87ea60703208392dc6e873617fcae38c59125451900287fe016065eb52629f1c1da966840dadfacdc9e31974cbc01a12ae7c6053621f27eed4dd55352c4adaadd3cccd6f717d32e7fa48516a95c5195d90d4b91f851d73c40c8654c880575feed429162f412c5c16ea3609d955944fcd00637008b7f7739fc692d16761e0aa6412ad7e92e3fa6d0a2106e229d03b0fdc25859a8e012a308003ec467fbb183d0fdc8712dda7d81ca257c5e46eebe21db4fbee58cecf813deb228f182ef72098334517c17f2248eb913dae5025c9b7589e11b31de9665b7d85cde7790fbd13e7b9bc8ffa782d7be3c87fdd51a8fd3526106693e8df813dd64486dc4458671097bc4e52f1ca318d63e4f584e14d6e3533436c0f939dd266d69a7fb266c37d40e23a72e184bb6da8fe83b18e671bf4a5acefbb57b76000c164978a029007c0dcf2a5e944247b8120abd4841dd71edc4bdd34d134792e230c2c466b1886a77a0d38e6099b786214a2c128ab8ebf063d16f9b915730655068ece68d6a7e5c2c8fc3c32e19023443587e124d1095ec54e86b71fe21e670ad78cf5b99dcdb4206f6e842cdba9a5e595d042b11aa7c482c1b6fce974704d4641f021a6cf04abb39803baae69771a2165f7b2d454833aa4fa6e321af86076ec4b66d38eb1800dee545976753edec798c60f76fe161315994ae0bcd1dbcc4ad3ca49eaabf5a5d48a64ac39a9a85b55c301bc21710b11bac235fd176ff5437de97a11473f8eefe330bed84423ce1d92ba1cf708b8a9d3f16cdb5cf2608ead52bbe3147a5b866852bfcfb0e27cc40888bfb5ba9f73438429b855d7461565452e5255035248c865edcbbd708b552f41b4bb366c29f32eee8a06726d8981f85dfd0864aca0c289017a0168dc2307627c0703f3015c884bf02cb182e31eeaaf41e395535d66b5f2364e8b1019348adcaf7de8880a64eff1ef3859f578cc24f194b92af319a44f377f6044ea1195c1129a9f9e629e070becc8ee0157e7d0bb01d97fd228e987797725fa9c8594c244c866f36ae6a870f485a3a9ee2964259bfac96cc8c2f68f7aea5c82c0a187e09958eea9f2bbe6fc4271da14b06c82612597f12a25444f9744002340b1f2de305c77c6b2903265b284ddef05bcf8077655d6dbf6f9059a7cc69022e3be80b306aee089158027c6dcfa38d8114ff4f5d14910bce809ed9bff265f87dc80c8ed939468671f5fdfc8e847cda9a34c00e0c3f764c2df87121cf6a9b585a1f75754a7fc738d196aa153206250f01d7eb715bbee6f19dc07d56798e68aec07ed8e7589082ed3cd64b60f31ead3c9452ac6ed5e05cf55dda0e4b440d0087896a2573e6ec5c079f6ddddc4424fddf685ad5bd3dabb4418efa61d20f6edb3c29ba70d841ab25b352db55a0a0e5882d5fb39234cb4a4532f71cae7ec520eb239d4094cbd91013590bef2a905b7aa12beef4477ae616509a624ebe2ed8dbb471d9dacb41720caaca212801cf713ebc74ac83b1024f938bcfeb2fe0705e47404ebcd5a066e7ca534ae74ccf88c8882e9b5bc3e9f3d84d27b3b5cefda1272c2900d5275fc2e9f79a4667fe9b61f0d0a380a5a128de04d88d7e640997127087727b0da521445148204f77cfc7e2ac5a08db6f27d5449c52699d648fc7f1bbea6daa3afed2f99928ff6e7d991c274eaec6ab4945dc4d49afe5d5d2622780847fa40b194f29b52428d577401041d1eb77fbe827f091fd0b05723cd725b7a7e96db414807fe798edb3d274b2ce2a769b942dde0842e9a2c7eca043eca7112c0cff08ec1510b5257c79153d117f9d55ccc53fdea93c98218d29295febba20c5d44ef2982f3c9661d7f73ffa9448779f9f97a84352ee59494d222a42c744b79a4709b11b1d75dcfe269b19fb059a9a6880a7a27aed9f6ce3c0a676e917737b387f772ef6c766db67fd6edc1153e18c6c654e4aca4bdbef85d54277ace9bb4295d531d2d88cc4cf0ce4cc55f8a8682ff33abd6562d6dc2698aaafb6e0be08286faf165c3716573306af8b5afaf6660c34c05f78eebf394d300d2a33cdef1b72dc19b3a7447356d4b5868f3556cbcf5eb50501593f3fd95e35f49a740270b232113c86d056089c66db7dd33e44d2813beaad0e7cb6eb6bf04357d4a470352f24a4040443ee5ce02941324ad9dc1a3808044bb93c9d3ec17f8a06d86e721820cbe262cd4cc949ceb07e0eea30c8cdc89764e9d12e5af205fad30d8b39cdf4f51b870d7ad3d2fec3c79af472d57d1d1de4577fd03610cfb0a9a7486bce1118b41860896ccb3fbb826a45f3d40081d94103d7b321a21deb0fe0c17d4d093e5f120f65481ac023a5171d62927f0d99d5eb8bb4d492a57f5b3dc61e9f709b402888d98e3a7a0c223877430d63fdf99e2c8e90f1f7deb1b8faff4b0c54d63f10c8f3073361e95f4d161efc3727a8719acc8a7c63adbd344ce59c34d88e130e9a6063e2ce3c777c67e5611db07e15eaecd13794df6b4461407edde0022ee670a2d39a73f6d51ab9b6b5be648a6b5643220952567352cbaf8d33392d72f1181fac3e41b98c83f0c555ec6877a3b2db50ae8359f2b65a5db674badbccbb84812707ee847080d29ee6aedada9ee886df00eb9c1f6cb61c3b58db14e7658e8795b6c2242e49f05788bd4b2184d526205da8df90b609e525c84a747c53a3f86e1c33eb3cfa06d826a5b9d25a8271b8b9bc489d87d7b1aefcf05d1312fe606a84bdc1d5dd8c85d3bd85aec3f4383becbab86ba1dbc2f05935dcf5fac1a55a03b4d9e71012a8c6106825d4791fd567487a30e792f1555f6c81acb4ab2906a4d17a9f545a560e1f52947f95c010b5a818a5e40cb6038f561c8ca2da52440cf9c85f34f5a9f5faa644f6c87b7898b1e4908e88e16608e0cf33554d0978f003ee72b49e23323e7b2e7026f90f22e307efb302276eea7b9df7be8edd2f052e4b9d6b3d27ddc060b56a2e3c2ab4bf1020b6498fc3c5f988296f1d8f4e54d119cb1df5bc2b50351bc0c371ba5f29b5bc3d2998d86071d0fa2d3394aa9325fc0da00fdbfe8fcfc0ff5b986bb2719294422cd2b1e39fe500b4d45ff0a95400acd754557e43f28a3d93a25ebe28d0c25cd6d99955dd5a3adff2c1e405a4f3967d739de0845888ca8455f32279c5001cb07c2cea4dd7b55bc052168079320b42c0890097e596846e47a500baa78642d059c24668375187382a45e2c3f3e43afff1fed7d447884125343fdc1d919799c412c987195dc559d3223785eb9e22a8807578e4bd3866cd98aa5a1013311db59b1f97ec3a161a2638efbcbadedb2d5b46f5bf18e07ec711c1ce4d5e6c33360a4415664cfc1b802813aff8f595d5729e6b329cf123e43000659894fc20443849040a907d55884bff4d59877234163c6aec5defe9b01ab0f70cb012b4b9b68470e812648443c1b74f3e531af112f2c969e64c6f0fe856320aa6d3852454318e9002da86753cdc5e44de265cff597bfa81acd6433b6720ea931c5f0e3bb23b8e613fb70249c301e201675a3a5fd84742107498041f24596a0ba097bb59eea61febdd9c42fbb851a2de21f61e56aeb798e455e25823b1ecf4125c15b7cbb6817993fef3293ac48e00f4e200f62f35536e8d9385b8248bce36ad6ae5cbfe9653c3f7229f4be02c38684e608a00b97c95ddd160c5253bbeb4b56f818ffedc0d735bc31b57aa68318662d4c7c45ea47bf8d5105d882160145c5076d108a99e3a8b9dee1703e38181b16d12676e79632f769241c2f50d7eef0a276f328bd5b6e25a104b8dcf65de9db3411fe2884d09734894b475175e01ef81e9950f9e0884204e1c7d28f66d26587719f7042ffcf542e47fe3621ba5a46af808ae7af9e7207014da233768146cd43f805c64178c41d05dcfb35d4c581125c290b1c167b6d2ca8bb9d4a4b7c5d6d107f84f0c556b1a4998fa1f98b5f1987afc442c1bb5997d15d7875b402bbbf1788f472ff24fd79bd05a750f11729109be1c16ca7938f319a9fb538a3d0fb1a2726283916dbcfb4b77c85f06b7ac9fe3c5c3bcd795058abb6103d7ad2b230c8d720f3ced99c771c2d0f2ae5ab41a2e7eafb9c7870906a07c3513929a2327103bbddab52398088e953d5d341e648fe7a1b9e77f06bdc17e8c944d2b2e6159e147950930605fee46b49110b556404ce8465c65c403ee30e7b93da952d8c9db635b1d70a9fc4407949e5992ed88afc5e8900a88787f90982b1c3a7a2d84edf299fb2db6f85508026b1b36ac7ec6812652c58784378d0c76cb46f755cdb8c6c1d19cd3dc11ce05db59c9c593f49f2114c6ae2d04129f22917ac04bd828fdfa1f2a2d74d940225378b4f2f810583431846722116322638e008b8ad75ebbb4c713bb540aa11d7e25b397cb60ec0bc823422fd6fcdc6d24292915e9f197b43ca3faa7573467a1decdb35c3972fae82d8f8347be7a67229803509227434a85ad4ede54f20db0aeaa870036d6cfa3a0251fdb4b9b0af3871f08630625e9005556bdaf6f14d92236df90bd7bfb22721f8cf48695a0fc4a78b1ef5ecb5428edd4d1adebb419ccbf398bc84cd462b213bab061eb3b77b76ee67a05eea6cf2af781048b93466942789bdfed09fc5b93ccbcf079fa71880554262ae1deb84e7646f70b96e605ef79c9a31a165a803e8e8b0943cf25c3c11dbc71206d0d607917e2111c968e3a1f2546fc16ce1f87bca5cbbc8a18a0c395267c87ba1c3b982507d233909c46f13c6292bf877b1b415be7a71219012024e1179a53dfe6dc8662561ac0b080e91900def52c797a95435f82ecb74df1949222547994bd9367317210fa5529594a74c04dc19614e8daec6281b85a961fdfe8130f237b27e37a19dfd1222edd35d17ebdfe8d85f5dc04af7eed48070c025d9334d796facbe41b78dcfffa1f4ab0001408af3838127960209c46d64788ecdc6a64d39446439268c8097544added77226f9516c927f839383e32d5e15e5947234ff51c17e58a06c9691a8befb1d495b42069236b4851928924a5f2c9d38587f2d61553dcc924afd14bde8e164d31e3280e131c7b8b62702acb90c056ac0e17e1f45a89ec58daffa3cc136d34faa7db19bf04c1fd290bd8857cfd18699b5b6ef0c78c09a1fccfd466239b0b55fd9dad2bcf7bd286958bb40a54bf64abae2c547974605f0944f0bf4568f37aae9b16c1cc207fb949be836485a2982692e87adc06d8523702525157364c4c03d6d22a9db33f2b42ca2a1da7b467accdceb512064a77b9a6cb2af1ef1eea015a285ab07a9b4c79c7975c77f4154ead6e727afcef7be8e6fd2d13b630b8864e6cb83966740cf7715813ece43c83f98ad156acdb9230e31edd88c9be389b86ce482b4d39503870e2287a00f151b68b803c74befa3dffb3e510be7a4e4e57cba3833fe4b230c98f9218fc994de1e5fc7d0a291c6be5aa9384f1841bda5ced1d6b18d0af55428e861bd437db396ab55cf8ef2c3c9a4ee3aa045724ab46e76d7cd16c991309cbbdf854164b435277e85f0c5baf82efe9e94d9b32f49d6661bb9bd2d07675070ff66bc8d0107636e92b0fb5af335015130b2e884824fb823cf6d61fcb6f9cbcd9efcd017e3f7a04056cf4c6cd3566e42cebc4a8d070b887e61dd9d948d8d6c3a39658670c6e52c446151708cccef763f9acc09403137092fb0b365e52c1080fa42b80c5006e6b9164f6d0a1d4062a3754f54de9b91a922495ca810bbdbf39f9e38e00cbe72ce689f9207a6b5eb", 0x1000}], 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket(0x8, 0x800, 0x10) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd050007008800000006000540"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) socket$nl_route(0x10, 0x3, 0x0) 6m25.567158996s ago: executing program 1 (id=1085): sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) capset(0x0, &(0x7f0000000140)) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r3, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043) dup(0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) 6m9.796307817s ago: executing program 32 (id=1085): sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) capset(0x0, &(0x7f0000000140)) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r3, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043) dup(0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) 1m34.893047057s ago: executing program 5 (id=2433): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x1, 0x0, 0x1000, 0x0, 0x1}, 0x50) mmap(&(0x7f00006b1000/0x1000)=nil, 0x1000, 0x2000009, 0x11, r1, 0x5a143000) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) clock_gettime(0x0, &(0x7f00000002c0)) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000040), 0x10000, &(0x7f0000000200)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 1m34.710867868s ago: executing program 5 (id=2436): r0 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0xdd68, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x2b, 0x2000, @fd_index=0x1, 0x1000000000000008, 0x0, 0x0, 0x1e, 0x1, {0x0, r3}}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 1m34.496205395s ago: executing program 5 (id=2439): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc, r1}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002"]) 1m34.277314577s ago: executing program 5 (id=2442): r0 = syz_open_procfs(0x0, &(0x7f0000000300)='uid_map\x00') preadv(r0, 0x0, 0x0, 0x2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x7, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) socket(0x1d, 0x2, 0x6) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) ftruncate(r4, 0x8800000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) sendfile(r5, r4, 0x0, 0x558410e9) 1m34.055119702s ago: executing program 5 (id=2443): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xb}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xa}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x94}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_META={0x10, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x54}}, 0x800) 1m33.968511339s ago: executing program 5 (id=2444): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB="93b65995266c36e9384fefae0c6f1f18f3434ca44ec9555ef1bb11184d01e24897e23bbf184772dd577c1f38a6eab117f091eec42e6ef3fb2247fb7f2e713166fe0e0d95b8d4bb2cc5b2ba883af0004fd71dfb497190cb81cd80ae648e1973687358ab572e93ead294711bfb451a2bc927bebf1e1dcb01a426c768816da026a80cb194c84d432998c7e006f5fa2705fb847337eb1324940b00ae33a60be0f0081d59850054c9870833a1fd03b487a2f7626c098e261b9636899d11a7a1ffca9b33bfb74fbb9f375203996e35ec563652bd85aed45bfae43bf222269c1bcb3ba8b196e0b5536a35f134d31a6594a5a1e5b3c225c05a07bcafba7c1799484cdbb4eb57fe711e6f120b3c50f6407705c4aebbf43f92bac99c8819c6d1b3a2cc07f769f85a960203fde8c17a621f83f32ffc09c5a64057249499c46bf603f7132dcb59fb1bcdc5a9c2e8041e2290e6fc7c0d3817433abb680f384d04cc593a5fb06cae5faf3117355b610b090d6ad326", @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a000000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 1m12.309300741s ago: executing program 2 (id=2496): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f00006b1000/0x1000)=nil, 0x1000, 0x2000009, 0x11, r4, 0x5a143000) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) clock_gettime(0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000040), 0x10000, &(0x7f0000000200)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 1m11.085658941s ago: executing program 2 (id=2497): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0x0, 0xffbe, 0x7, 0x1040, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc}, 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) (async) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001100)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', r0}, 0x18) 1m10.799612277s ago: executing program 2 (id=2499): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4000000) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f00000009c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB], 0x4c}}, 0x4000804) 1m10.561927994s ago: executing program 2 (id=2501): socket$xdp(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @empty, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) (fail_nth: 2) 1m9.870518618s ago: executing program 2 (id=2503): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040}}, {{0x0, 0x0, 0x0}}], 0x2, 0x1000) 1m9.781565225s ago: executing program 2 (id=2504): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000880), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$PROG_LOAD(0x2, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socket$kcm(0x29, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r3, 0x0, 0x7}, 0x18) openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x41da}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}, {0x7, 0x1, 0xb, 0x9, 0x0, 0xffff}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x480}}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xae}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0xffe, &(0x7f0000000cc0)=""/4094, 0x41100, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffeffff}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r7}, &(0x7f0000000240), &(0x7f00000003c0)=r10}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @empty, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 54.592475518s ago: executing program 33 (id=2504): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000880), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$PROG_LOAD(0x2, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socket$kcm(0x29, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r3, 0x0, 0x7}, 0x18) openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x41da}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}, {0x7, 0x1, 0xb, 0x9, 0x0, 0xffff}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x480}}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xae}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0xffe, &(0x7f0000000cc0)=""/4094, 0x41100, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffeffff}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r7}, &(0x7f0000000240), &(0x7f00000003c0)=r10}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @empty, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 14.859797103s ago: executing program 3 (id=2620): r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000001340), &(0x7f0000001380)={'syz', 0x1}, 0x0, 0x0, r0) add_key$keyring(&(0x7f00000012c0), 0x0, 0x0, 0x0, r1) 14.745378888s ago: executing program 3 (id=2621): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004280)={0x2020}, 0x2020) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a30000000006c000000060a010400000000000000000100000008000b40000000000900010073797a30000000064400048014000180090001006c61737400000000040002802c0001800e000100696d6d6564696174650000001800028008000140000000010c000280050001004c00000014000000110001"], 0xf4}}, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = syz_io_uring_setup(0x114, &(0x7f0000000440)={0x0, 0x4000000, 0x0, 0x7, 0x48}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000300)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x48, 0x0, r6, 0x0, 0x0}) io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0) r10 = syz_open_dev$usbfs(&(0x7f0000000000), 0x8, 0x220000) ioctl$USBDEVFS_DISCARDURB(r10, 0x550b, &(0x7f0000000240)=0x4) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0xb, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x40, 0x0, 0xe7}}}}}}, 0x0) sync() r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01020000000000000000010000000900030073797a32000000000900010073797a3100000000080007006e617400140004800800014000000003080002"], 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 13.431620523s ago: executing program 3 (id=2622): socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(0x0, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = syz_clone(0x100, &(0x7f0000000100)="dee1280711a61e0a774b2c", 0xb, &(0x7f00000001c0), &(0x7f00000002c0), &(0x7f0000000300)="761e60f3bd73ca8743665c39e6cf698f4632379cfc4be0dc9fd712d250638d5b2718e747f99d3f4bb6552282a77514582a2d21ebcfbb46342f8e9b9183ef3f03e0854eab361c94e61e3d19f38dca53f667007f2d333260c66063f54fc2ec46c22992079af6f2bf46278484dcf47a3d5800c12fc6c727e67cac46dfc6c78db8d84f3c539ff0b1dd817d7ccecb8da4f288b7a94b600304d73c49779c3abb4c703767ceedf6a094a4f10f1b9e13f4bcaa4cb437b2b4a3f9cad42133ef59b470efe26dc1f7c82c2e42be81d2ecfcc950f08dc70073e75d33c218ac674449f001") fcntl$getownex(r1, 0x10, &(0x7f0000000400)={0x0, 0x0}) tgkill(r4, r5, 0x3) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, 0x0) r9 = gettid() r10 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r10, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8002, 0x0, 0x0, 0x80000000}, 0x38) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, 0x0) r11 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2) fcntl$setlease(r11, 0x400, 0x0) acct(&(0x7f0000000040)='./file0\x00') close_range(r3, 0xffffffffffffffff, 0x0) 11.972230116s ago: executing program 3 (id=2623): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @bcast]}) 11.73940521s ago: executing program 4 (id=2624): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$media(&(0x7f0000000000), 0x1, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20008886) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x4000000000000, 0x0, 0x7, 0x0, 0x8, 0x0, 0x1, 0x4, 0x3, 0x0, 0x0, 0x7, 0x6, 0x3], 0xeeee0000, 0x2632d4}) connect$l2tp6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 10.278849288s ago: executing program 3 (id=2627): socket$alg(0x26, 0x5, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x42701, 0x192) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000840)={0x2d, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x8, 0x56f6, {"b2c40f03a5fd88f643fd134c488c0798"}, 0x5, 0x6, 0xfffffffffffffffc}}}, 0xa0) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="cd9b45bf31b898b6bb11efb4942c5706f8f450a0042f90bc9001c449997d8d995a96ff3f5cf6f3824cc509e6b5b235ea0603a3c9ae64743888cb7dd7fcd1b1300a88c3fae201452dc552f75e8ab8ac0fdaf2db8e8f54e856cc6f0b4a2b0fe9cdd26047025c409a99de8bc65abb2d3b6583c5", 0x72, 0x4000000, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r8, 0xc048aeca, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, r5, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sigaltstack(0x0, 0x0) mount(&(0x7f0000000000)=@sr0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x100080f, 0x0) 10.19568425s ago: executing program 4 (id=2629): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x30, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10001}}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000500)={0x2, 0x10, 0x6, 0x96}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000540)=[r1], &(0x7f00000007c0)=[{0x0, 0x1, 0xf}, {0x5, 0x1, 0x3, 0x5}, {0x0, 0x3, 0xf, 0xc}], 0x10, 0x1}, 0x94) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x400000, 0x22) getdents64(r8, &(0x7f0000000580)=""/174, 0xae) 6.807444727s ago: executing program 4 (id=2631): r0 = syz_io_uring_setup(0x49a, 0x0, 0x0, &(0x7f0000000040)) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r2, 0x0, 0xffff}, 0x18) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x108) fallocate(r3, 0x20, 0x0, 0x8000) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x18) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000940), 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000180)={'wpan1\x00', 0x0}) r8 = getpid() sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7000000000001400000008000300", @ANYRES32=r7, @ANYBLOB="08001c00", @ANYRES32=r8], 0x24}}, 0x0) (fail_nth: 1) 6.568725608s ago: executing program 4 (id=2632): syz_emit_vhci(&(0x7f0000000540)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "cbe492", 0x2}}}, 0xd) r0 = socket(0x10, 0x3, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000001c0)={0x5, &(0x7f00000004c0)=[{}, {}, {}, {}, {}]}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000010000004200000040"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) setreuid(0xee01, 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_UIE_ON(r5, 0x7003) ioctl$RTC_AIE_ON(r5, 0x7001) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x13, 0xfa00, {0x3, &(0x7f00000014c0)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000f80)={0x1, 0x10, 0xfa00, {&(0x7f00000001c0), r6}}, 0x18) recvmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000003c0)=""/217, 0xd9}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/124, 0x7c}, {&(0x7f0000000200)=""/23, 0x17}, {&(0x7f0000001540)=""/186, 0xba}], 0x5}}], 0x1, 0x10, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 4.864347082s ago: executing program 0 (id=2633): openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) fsopen(&(0x7f0000000040)='9p\x00', 0x1) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f00000000c0)={0x10, 0xc3, {0x54, 0x7f, 0x4, {0x5, 0x9}, {0x200}, @ramp={0x8, 0xfffd, {0x40, 0x0, 0x0, 0x7}}}, {0x56, 0xe5, 0xe, {0x0, 0xac}, {0xfe, 0x7}, @const={0x3baf, {0xe581, 0x1, 0xd, 0x1f0}}}}) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r0) sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r1, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c000}, 0x4000010) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, '\x00', [{0x6, 0x401, 0xa8, 0x5, 0x0, 0x8001}, {0x6, 0x400, 0x5, 0xb23, 0x3, 0x305}]}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000380), 0x80300, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@delnexthop={0x28, 0x69, 0x400, 0x70bd28, 0x25dfdbfb, {}, [{0x8}, {0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x20008040) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000540)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000005c0)={0x28, 0x3, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000580)}) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFQA_CFG_CMD={0x8, 0x1, {0x4, 0x0, 0x2c}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000740), r0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r6, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [""]}, 0x1c}}, 0x20048000) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000840)={@local, @dev={0xac, 0x14, 0x14, 0x43}, 0x1, "a7f53755cc93a1fa7cebf140d25e36df891cc4e05114d64289cdf23d9cfff33a", 0xd, 0x5, 0x2, 0x8}, 0x3c) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000880)={0x10}) pipe2$watch_queue(&(0x7f00000008c0), 0x80) r7 = syz_clone(0x200000, &(0x7f0000000900)="ac70d3aff552433bf2c3d28f9e7d314dcf5281b2faa368f3c3674450b1ad33141d313f0346db23d8535b289c15280bcb381305cff7e8e8f774de71a01ef30378d9c49d200005edcf0236f5df700ba5526ad76758100b4e1451b828689af4aac95e62e2a0ea0209ee44fdfd9638904950d3249e2b3dba8d596c5147d991daf1de42694f0a9e5f79460b5dda336dee63b40c1f546ee98c04984bd575db86040f06004e8f00387317d0060228eb3feb1e0e61fc68f842b59ac5dcb94178cf1a6581db308003dbda4e4835faea007eb3322d63134c6cdab077896d86d29efc8c15c4f7c5be3253b0307251207de1caafcf1f3f3fe5", 0xf3, &(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)="bc246c0348d000373a65c8c3be175091953a6bf6d2515141b72a4501a17516f9f7ca9af4656c49e47968914932463fb37392d95a5a7d93b9e331753dd7877e5514e26fcbdcf7b98f55b15d7b00a9d48ad0f1312ecf7a56c64d8c3701443aa5ba79d45ecb314fbc2b14ebd375f5ff9549eaa6dcf727d149583214558db92d90fed92881c994b23769114a57c3796ff56908e14d780bfd951c1f6dd62da1516581a7048df5d25c3b46c15913b70d00ed7f1a2b38ecbefaef589b078146234c463decb7cbe614563f888f5e0e") kcmp(0x0, r7, 0x5, r2, 0xffffffffffffffff) 4.680883597s ago: executing program 0 (id=2634): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) r1 = socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000d0b71ca900ed132106000000000000000008000100000000000800030002000000"], 0x20}, 0x1, 0x0, 0x0, 0xf0fff7bf}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = epoll_create1(0x80000) io_setup(0x2dd8, &(0x7f00000000c0)=0x0) io_submit(r6, 0x1, &(0x7f0000000280)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x82, r5, 0x0, 0x0, 0x0, 0x0, 0x2}]) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000140)={0x2016}) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000040601"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000880) setgroups(0x0, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) 3.58738458s ago: executing program 0 (id=2635): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @bcast]}) 1.709484661s ago: executing program 0 (id=2636): sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4000000) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x3, &(0x7f00000009c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804) 1.606210214s ago: executing program 0 (id=2637): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$media(&(0x7f0000000000), 0x1, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20008886) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x4000000000000, 0x0, 0x7, 0x0, 0x8, 0x0, 0x1, 0x4, 0x3, 0x0, 0x0, 0x7, 0x6, 0x3], 0xeeee0000, 0x2632d4}) connect$l2tp6(0xffffffffffffffff, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.55134474s ago: executing program 4 (id=2638): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000002840)=[{}]}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000280)={0x0, 0xc898, 0x30, 0x4, 0x9}, &(0x7f00000000c0)=0x18) 1.410224508s ago: executing program 3 (id=2639): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x15) ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300) 1.224170753s ago: executing program 4 (id=2640): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00'}) (async, rerun: 64) syz_emit_ethernet(0x5a, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x2, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x14, 0x6, 0x1, 0x0, [{@broadcast, 0xffffaa7e}, {@multicast2, 0x8001}]}, @generic={0x7, 0xd, "09904b30ad2bb75f7e1e5d"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x8}}}}}}, 0x0) (async, rerun: 64) syz_usb_connect(0x5, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000810087406d040e0a759400000001090212000100000000090400200003"], 0x0) 0s ago: executing program 0 (id=2641): prlimit64(0x0, 0xb, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) epoll_create1(0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) gettid() r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x2001, 0x8, 0x3, 0x6, 0x2, 0x1, 0x49, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x7, 0x2, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000002100)={0x18, {"a2e3ad2119c752f91b5e09091bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838721a0890e0878f0e1ac6e7049b3d63959b509a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32320d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70d998ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5af098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000108000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b2fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f794c9eee1198751adaa13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d8872fe174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f980000000203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) pidfd_getfd(0xffffffffffffffff, r0, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r8, 0x4068aea3, &(0x7f0000000300)={0x8f, 0x0, 0xb}) socket$kcm(0x2, 0xa, 0x2) socket$kcm(0x10, 0x2, 0x10) r9 = syz_open_procfs(0x0, &(0x7f0000000180)='net/igmp\x00') preadv(r9, &(0x7f0000003380)=[{&(0x7f00000020c0)=""/168, 0xa8}], 0x1, 0xffffffc0, 0x10000) kernel console output (not intermixed with test programs): 9][ T5951] DVB: Unable to find symbol mt352_attach() [ 780.717705][ T6288] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 780.717734][ T6288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.721223][ T6288] usb 3-1: config 0 descriptor?? [ 780.735280][ T5951] DVB: Unable to find symbol nxt6000_attach() [ 780.735297][ T5951] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 780.783856][ T5951] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input27 [ 780.816484][ T5951] dvb-usb: schedule remote query interval to 1000 msecs. [ 780.816500][ T5951] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 780.816510][ T5951] dvb-usb: bulk message failed: -22 (7/0) [ 780.816520][ T5951] dvb-usb: bulk message failed: -22 (7/0) [ 780.835378][ T5951] usb 6-1: USB disconnect, device number 6 [ 780.977767][ T5947] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 781.143250][ T5947] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 781.143285][ T5947] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 781.143374][ T5947] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 781.143396][ T5947] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 781.187457][T12374] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 781.220871][ T5947] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 781.328902][ T5951] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 781.431029][ T5819] Bluetooth: hci3: connection err: -111 [ 781.517807][ T37] kauditd_printk_skb: 23 callbacks suppressed [ 781.517826][ T37] audit: type=1326 audit(1765075225.426:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12373 comm="syz.4.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11c665f749 code=0x7fc00000 [ 782.985964][ T5947] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 783.135688][ T5947] usb 1-1: Using ep0 maxpacket: 16 [ 783.137654][ T5947] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 783.137678][ T5947] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 783.137696][ T5947] usb 1-1: config 0 has no interface number 0 [ 783.144221][ T5947] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 783.144238][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.144248][ T5947] usb 1-1: Product: syz [ 783.144256][ T5947] usb 1-1: Manufacturer: syz [ 783.144264][ T5947] usb 1-1: SerialNumber: syz [ 783.181082][ T5947] usb 1-1: config 0 descriptor?? [ 783.212304][ T5947] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 783.212335][ T5947] uvcvideo 1-1:0.105: No valid video chain found. [ 783.230715][ T6288] usb 3-1: Cannot set autoneg [ 783.230969][ T6288] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 783.250139][ T6288] usb 3-1: USB disconnect, device number 51 [ 783.448584][ T6288] usb 1-1: USB disconnect, device number 43 [ 783.682840][T12421] tipc: Enabling of bearer rejected, failed to enable media [ 783.683213][ T37] audit: type=1326 audit(1765075227.586:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12373 comm="syz.4.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f11c665f749 code=0x7fc00000 [ 783.810542][ T5792] usb 5-1: USB disconnect, device number 55 [ 784.081582][T12436] loop2: detected capacity change from 0 to 7 [ 784.095398][T12436] loop2: [ 784.095428][T12436] loop2: partition table partially beyond EOD, truncated [ 784.924232][ T5172] loop2: [ 784.924271][ T5172] loop2: partition table partially beyond EOD, truncated [ 786.620314][T10038] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 786.907874][T10038] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 786.907941][T10038] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 786.907962][T10038] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.916373][T10038] usb 4-1: config 0 descriptor?? [ 786.927960][T10038] pwc: Askey VC010 type 2 USB webcam detected. [ 787.184842][T12473] FAULT_INJECTION: forcing a failure. [ 787.184842][T12473] name failslab, interval 1, probability 0, space 0, times 0 [ 787.184878][T12473] CPU: 1 UID: 0 PID: 12473 Comm: syz.2.1984 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 787.184903][T12473] Tainted: [L]=SOFTLOCKUP [ 787.184909][T12473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 787.184920][T12473] Call Trace: [ 787.184928][T12473] [ 787.184936][T12473] dump_stack_lvl+0x189/0x250 [ 787.184966][T12473] ? __pfx____ratelimit+0x10/0x10 [ 787.184986][T12473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 787.185014][T12473] ? __pfx__printk+0x10/0x10 [ 787.185039][T12473] ? __pfx___might_resched+0x10/0x10 [ 787.185063][T12473] should_fail_ex+0x46c/0x600 [ 787.185093][T12473] should_failslab+0xa8/0x100 [ 787.185119][T12473] __kmalloc_noprof+0xe0/0x7e0 [ 787.185142][T12473] ? kfree+0x4d/0x900 [ 787.185159][T12473] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 787.185186][T12473] tomoyo_realpath_from_path+0xe3/0x5d0 [ 787.185207][T12473] ? tomoyo_domain+0xd9/0x130 [ 787.185232][T12473] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 787.185256][T12473] tomoyo_path_number_perm+0x1e8/0x5a0 [ 787.185283][T12473] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 787.185311][T12473] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 787.185332][T12473] ? lockdep_hardirqs_on+0x98/0x140 [ 787.185387][T12473] ? __fget_files+0x2a/0x420 [ 787.185410][T12473] ? __fget_files+0x3a6/0x420 [ 787.185427][T12473] ? __fget_files+0x2a/0x420 [ 787.185448][T12473] security_file_ioctl+0xcb/0x2d0 [ 787.185475][T12473] __se_sys_ioctl+0x47/0x170 [ 787.185497][T12473] do_syscall_64+0xfa/0xf80 [ 787.185520][T12473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.185538][T12473] ? clear_bhb_loop+0x60/0xb0 [ 787.185560][T12473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.185577][T12473] RIP: 0033:0x7f4a6815f749 [ 787.185594][T12473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.185609][T12473] RSP: 002b:00007f4a663c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 787.185629][T12473] RAX: ffffffffffffffda RBX: 00007f4a683b5fa0 RCX: 00007f4a6815f749 [ 787.185643][T12473] RDX: 0000200000000040 RSI: 0000000000002285 RDI: 0000000000000004 [ 787.185655][T12473] RBP: 00007f4a663c6090 R08: 0000000000000000 R09: 0000000000000000 [ 787.185667][T12473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 787.185679][T12473] R13: 00007f4a683b6038 R14: 00007f4a683b5fa0 R15: 00007ffe231dfd98 [ 787.185711][T12473] [ 787.190987][T12473] ERROR: Out of memory at tomoyo_realpath_from_path. [ 787.341602][T10038] pwc: recv_control_msg error -32 req 02 val 2b00 [ 787.738978][T10038] pwc: recv_control_msg error -32 req 02 val 2c00 [ 787.979203][T10038] pwc: recv_control_msg error -71 req 04 val 1300 [ 787.985770][T10038] pwc: recv_control_msg error -71 req 04 val 1400 [ 787.986536][T10038] pwc: recv_control_msg error -71 req 02 val 2000 [ 787.995625][T10038] pwc: recv_control_msg error -71 req 02 val 2100 [ 787.996144][T10038] pwc: recv_control_msg error -71 req 04 val 1500 [ 787.996896][T10038] pwc: recv_control_msg error -71 req 02 val 2500 [ 787.997368][T10038] pwc: recv_control_msg error -71 req 02 val 2400 [ 787.997831][T10038] pwc: recv_control_msg error -71 req 02 val 2600 [ 787.998273][T10038] pwc: recv_control_msg error -71 req 02 val 2900 [ 788.002087][T10038] pwc: recv_control_msg error -71 req 02 val 2800 [ 788.007537][T10038] pwc: recv_control_msg error -71 req 04 val 1100 [ 788.008002][T10038] pwc: recv_control_msg error -71 req 04 val 1200 [ 788.026506][T10038] pwc: Registered as video103. [ 788.037165][T10038] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input28 [ 788.074936][T10038] usb 4-1: USB disconnect, device number 50 [ 788.415739][ T5792] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 789.355650][ T5792] usb 3-1: device descriptor read/64, error -71 [ 789.596332][ T5792] usb 3-1: new full-speed USB device number 53 using dummy_hcd [ 789.682422][T12514] FAULT_INJECTION: forcing a failure. [ 789.682422][T12514] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 789.682457][T12514] CPU: 0 UID: 0 PID: 12514 Comm: syz.5.1999 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 789.682483][T12514] Tainted: [L]=SOFTLOCKUP [ 789.682490][T12514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 789.682502][T12514] Call Trace: [ 789.682510][T12514] [ 789.682519][T12514] dump_stack_lvl+0x189/0x250 [ 789.682545][T12514] ? __pfx____ratelimit+0x10/0x10 [ 789.682567][T12514] ? __pfx_dump_stack_lvl+0x10/0x10 [ 789.682589][T12514] ? __pfx__printk+0x10/0x10 [ 789.682608][T12514] ? __might_fault+0xb0/0x130 [ 789.682640][T12514] should_fail_ex+0x46c/0x600 [ 789.682678][T12514] _copy_from_user+0x2d/0xb0 [ 789.682700][T12514] ___sys_sendmsg+0x158/0x2a0 [ 789.682721][T12514] ? __pfx____sys_sendmsg+0x10/0x10 [ 789.682772][T12514] ? __fget_files+0x2a/0x420 [ 789.682790][T12514] ? __fget_files+0x3a6/0x420 [ 789.682817][T12514] __x64_sys_sendmsg+0x1a1/0x260 [ 789.682837][T12514] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 789.682864][T12514] ? __pfx_ksys_write+0x10/0x10 [ 789.682890][T12514] ? do_syscall_64+0xbe/0xf80 [ 789.682915][T12514] do_syscall_64+0xfa/0xf80 [ 789.682935][T12514] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.682952][T12514] ? clear_bhb_loop+0x60/0xb0 [ 789.682974][T12514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.682991][T12514] RIP: 0033:0x7f3fd784f749 [ 789.683008][T12514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.683024][T12514] RSP: 002b:00007f3fd5ab6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 789.683045][T12514] RAX: ffffffffffffffda RBX: 00007f3fd7aa5fa0 RCX: 00007f3fd784f749 [ 789.683059][T12514] RDX: 0000000000000040 RSI: 00002000000002c0 RDI: 0000000000000004 [ 789.683071][T12514] RBP: 00007f3fd5ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 789.683082][T12514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 789.683094][T12514] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 789.683124][T12514] [ 789.716280][T12513] netlink: 296 bytes leftover after parsing attributes in process `syz.3.1997'. [ 789.725574][ T5792] usb 3-1: device descriptor read/64, error -71 [ 789.742724][T12513] overlayfs: overlapping lowerdir path [ 789.840944][ T5792] usb usb3-port1: attempt power cycle [ 790.035659][ T5951] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 790.186837][ T5951] usb 4-1: Using ep0 maxpacket: 32 [ 790.188568][ T5951] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 790.188591][ T5951] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 790.188609][ T5951] usb 4-1: config 0 has no interface number 0 [ 790.188646][ T5951] usb 4-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 790.190769][ T5951] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 790.190788][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.190798][ T5951] usb 4-1: Product: syz [ 790.190806][ T5951] usb 4-1: Manufacturer: syz [ 790.190813][ T5951] usb 4-1: SerialNumber: syz [ 790.194617][ T5951] usb 4-1: config 0 descriptor?? [ 790.209352][ T5792] usb 3-1: new full-speed USB device number 54 using dummy_hcd [ 790.212344][ T5951] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 790.235657][T10038] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 790.284930][ T5792] usb 3-1: device descriptor read/8, error -71 [ 790.393241][T10038] usb 6-1: config 0 has an invalid interface number: 167 but max is 0 [ 790.393268][T10038] usb 6-1: config 0 has no interface number 0 [ 790.395622][T10038] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0104, bcdDevice=f1.04 [ 790.395695][T10038] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.395713][T10038] usb 6-1: Product: syz [ 790.395726][T10038] usb 6-1: Manufacturer: syz [ 790.395740][T10038] usb 6-1: SerialNumber: syz [ 790.416370][T10038] usb 6-1: config 0 descriptor?? [ 790.426134][ T5951] usb 4-1: qt2_setup_urbs - submit read urb failed -8 [ 790.426465][ T5951] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8 [ 790.489873][T10038] kvaser_usb 6-1:0.167: error -ENODEV: Cannot get usb endpoint(s) [ 790.525668][ T5792] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 790.546293][ T5792] usb 3-1: device descriptor read/8, error -71 [ 790.656078][ T5792] usb usb3-port1: unable to enumerate USB device [ 790.666472][T12530] FAULT_INJECTION: forcing a failure. [ 790.666472][T12530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 790.666505][T12530] CPU: 1 UID: 0 PID: 12530 Comm: syz.0.2006 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 790.666530][T12530] Tainted: [L]=SOFTLOCKUP [ 790.666536][T12530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 790.666547][T12530] Call Trace: [ 790.666555][T12530] [ 790.666564][T12530] dump_stack_lvl+0x189/0x250 [ 790.666590][T12530] ? __pfx____ratelimit+0x10/0x10 [ 790.666611][T12530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 790.666639][T12530] ? __pfx__printk+0x10/0x10 [ 790.666671][T12530] should_fail_ex+0x46c/0x600 [ 790.666701][T12530] _copy_to_user+0x31/0xb0 [ 790.666726][T12530] simple_read_from_buffer+0xe1/0x170 [ 790.666757][T12530] proc_fail_nth_read+0x1b6/0x220 [ 790.666783][T12530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 790.666807][T12530] ? rw_verify_area+0x2ac/0x4e0 [ 790.666829][T12530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 790.666852][T12530] vfs_read+0x206/0xa30 [ 790.666881][T12530] ? __pfx_vfs_read+0x10/0x10 [ 790.666899][T12530] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 790.666933][T12530] ? mutex_lock_nested+0x154/0x1d0 [ 790.666949][T12530] ? fdget_pos+0x253/0x320 [ 790.666975][T12530] ksys_read+0x14b/0x260 [ 790.666998][T12530] ? __pfx_ksys_read+0x10/0x10 [ 790.667022][T12530] ? do_syscall_64+0xbe/0xf80 [ 790.667046][T12530] do_syscall_64+0xfa/0xf80 [ 790.667067][T12530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.667084][T12530] ? clear_bhb_loop+0x60/0xb0 [ 790.667105][T12530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.667121][T12530] RIP: 0033:0x7f31fbc9e15c [ 790.667137][T12530] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 790.667152][T12530] RSP: 002b:00007f31f9efe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 790.667171][T12530] RAX: ffffffffffffffda RBX: 00007f31fbef5fa0 RCX: 00007f31fbc9e15c [ 790.667184][T12530] RDX: 000000000000000f RSI: 00007f31f9efe0a0 RDI: 0000000000000005 [ 790.667195][T12530] RBP: 00007f31f9efe090 R08: 0000000000000000 R09: 0000000000000000 [ 790.667206][T12530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 790.667217][T12530] R13: 00007f31fbef6038 R14: 00007f31fbef5fa0 R15: 00007ffcbe770388 [ 790.667248][T12530] [ 790.673051][ T5895] usb 6-1: USB disconnect, device number 7 [ 790.724802][T10038] usb 4-1: USB disconnect, device number 51 [ 791.827631][T12548] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2010'. [ 792.068799][T12556] FAULT_INJECTION: forcing a failure. [ 792.068799][T12556] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 792.068833][T12556] CPU: 1 UID: 0 PID: 12556 Comm: syz.3.2017 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 792.068859][T12556] Tainted: [L]=SOFTLOCKUP [ 792.068866][T12556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 792.068877][T12556] Call Trace: [ 792.068885][T12556] [ 792.068894][T12556] dump_stack_lvl+0x189/0x250 [ 792.068920][T12556] ? __pfx____ratelimit+0x10/0x10 [ 792.068941][T12556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 792.068963][T12556] ? __pfx__printk+0x10/0x10 [ 792.068981][T12556] ? __might_fault+0xb0/0x130 [ 792.069015][T12556] should_fail_ex+0x46c/0x600 [ 792.069045][T12556] _copy_from_user+0x2d/0xb0 [ 792.069065][T12556] do_semtimedop+0x1d3/0x2e0 [ 792.069086][T12556] ? __pfx_do_semtimedop+0x10/0x10 [ 792.069139][T12556] ? rcu_is_watching+0x15/0xb0 [ 792.069167][T12556] do_syscall_64+0xfa/0xf80 [ 792.069189][T12556] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.069207][T12556] ? clear_bhb_loop+0x60/0xb0 [ 792.069228][T12556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.069246][T12556] RIP: 0033:0x7ff39ab0f749 [ 792.069262][T12556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.069277][T12556] RSP: 002b:00007ff398d6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000041 [ 792.069297][T12556] RAX: ffffffffffffffda RBX: 00007ff39ad65fa0 RCX: 00007ff39ab0f749 [ 792.069311][T12556] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000000 [ 792.069323][T12556] RBP: 00007ff398d6e090 R08: 0000000000000000 R09: 0000000000000000 [ 792.069334][T12556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 792.069345][T12556] R13: 00007ff39ad66038 R14: 00007ff39ad65fa0 R15: 00007ffc8ad68368 [ 792.069376][T12556] [ 792.282931][T12560] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2020'. [ 792.283519][T12560] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2020'. [ 792.415969][T12564] netlink: 296 bytes leftover after parsing attributes in process `syz.4.2021'. [ 792.430999][T12564] overlayfs: overlapping lowerdir path [ 792.695829][ T6872] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 792.715539][T10038] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 792.825554][ T6872] usb 3-1: device descriptor read/64, error -71 [ 792.865730][T10038] usb 5-1: Using ep0 maxpacket: 32 [ 792.868173][T10038] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 792.868198][T10038] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 792.868214][T10038] usb 5-1: config 0 has no interface number 0 [ 792.868260][T10038] usb 5-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 792.875076][T10038] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 792.875102][T10038] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.875120][T10038] usb 5-1: Product: syz [ 792.875133][T10038] usb 5-1: Manufacturer: syz [ 792.875146][T10038] usb 5-1: SerialNumber: syz [ 792.906553][T10038] usb 5-1: config 0 descriptor?? [ 792.918477][T10038] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 793.075541][ T6872] usb 3-1: new full-speed USB device number 57 using dummy_hcd [ 793.125793][T10038] usb 5-1: qt2_setup_urbs - submit read urb failed -8 [ 793.126039][T10038] quatech2 5-1:0.51: probe with driver quatech2 failed with error -8 [ 793.207797][ T6872] usb 3-1: device descriptor read/64, error -71 [ 793.323268][ T6872] usb usb3-port1: attempt power cycle [ 793.526466][T12579] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2026'. [ 793.527349][T12579] FAULT_INJECTION: forcing a failure. [ 793.527349][T12579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 793.527380][T12579] CPU: 0 UID: 0 PID: 12579 Comm: syz.5.2026 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 793.527406][T12579] Tainted: [L]=SOFTLOCKUP [ 793.527413][T12579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 793.527425][T12579] Call Trace: [ 793.527433][T12579] [ 793.527442][T12579] dump_stack_lvl+0x189/0x250 [ 793.527469][T12579] ? __pfx____ratelimit+0x10/0x10 [ 793.527492][T12579] ? __pfx_dump_stack_lvl+0x10/0x10 [ 793.527513][T12579] ? __pfx__printk+0x10/0x10 [ 793.527532][T12579] ? __might_fault+0xb0/0x130 [ 793.527566][T12579] should_fail_ex+0x46c/0x600 [ 793.527595][T12579] _copy_from_user+0x2d/0xb0 [ 793.527616][T12579] ___sys_sendmsg+0x158/0x2a0 [ 793.527642][T12579] ? __pfx____sys_sendmsg+0x10/0x10 [ 793.527694][T12579] ? __fget_files+0x2a/0x420 [ 793.527712][T12579] ? __fget_files+0x3a6/0x420 [ 793.527740][T12579] __sys_sendmmsg+0x22d/0x430 [ 793.527764][T12579] ? __pfx___sys_sendmmsg+0x10/0x10 [ 793.527792][T12579] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 793.527826][T12579] ? ksys_write+0x230/0x260 [ 793.527851][T12579] ? __pfx_ksys_write+0x10/0x10 [ 793.527879][T12579] __x64_sys_sendmmsg+0xa0/0xc0 [ 793.527899][T12579] do_syscall_64+0xfa/0xf80 [ 793.527921][T12579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.527939][T12579] ? clear_bhb_loop+0x60/0xb0 [ 793.527961][T12579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.527978][T12579] RIP: 0033:0x7f3fd784f749 [ 793.527994][T12579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.528011][T12579] RSP: 002b:00007f3fd5ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 793.528030][T12579] RAX: ffffffffffffffda RBX: 00007f3fd7aa5fa0 RCX: 00007f3fd784f749 [ 793.528044][T12579] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 793.528057][T12579] RBP: 00007f3fd5ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 793.528069][T12579] R10: 00000000000000fc R11: 0000000000000246 R12: 0000000000000001 [ 793.528081][T12579] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 793.528111][T12579] [ 793.786780][ T6872] usb 3-1: new full-speed USB device number 58 using dummy_hcd [ 793.806097][ T6872] usb 3-1: device descriptor read/8, error -71 [ 793.872400][ T6007] usb 5-1: USB disconnect, device number 56 [ 794.055556][ T6872] usb 3-1: new full-speed USB device number 59 using dummy_hcd [ 794.081096][ T6872] usb 3-1: device descriptor read/8, error -71 [ 794.185894][ T6872] usb usb3-port1: unable to enumerate USB device [ 794.241394][T12599] FAULT_INJECTION: forcing a failure. [ 794.241394][T12599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 794.241417][T12599] CPU: 1 UID: 0 PID: 12599 Comm: syz.0.2035 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 794.241432][T12599] Tainted: [L]=SOFTLOCKUP [ 794.241436][T12599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 794.241442][T12599] Call Trace: [ 794.241447][T12599] [ 794.241452][T12599] dump_stack_lvl+0x189/0x250 [ 794.241472][T12599] ? __pfx____ratelimit+0x10/0x10 [ 794.241486][T12599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 794.241498][T12599] ? __pfx__printk+0x10/0x10 [ 794.241508][T12599] ? __might_fault+0xb0/0x130 [ 794.241529][T12599] should_fail_ex+0x46c/0x600 [ 794.241547][T12599] _copy_from_user+0x2d/0xb0 [ 794.241560][T12599] ___sys_recvmsg+0x12e/0x510 [ 794.241574][T12599] ? __pfx____sys_recvmsg+0x10/0x10 [ 794.241597][T12599] ? __fget_files+0x3a6/0x420 [ 794.241613][T12599] do_recvmmsg+0x30d/0x770 [ 794.241629][T12599] ? __pfx_do_recvmmsg+0x10/0x10 [ 794.241638][T12599] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 794.241651][T12599] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 794.241669][T12599] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 794.241687][T12599] __x64_sys_recvmmsg+0x190/0x240 [ 794.241699][T12599] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 794.241712][T12599] ? do_syscall_64+0xbe/0xf80 [ 794.241726][T12599] do_syscall_64+0xfa/0xf80 [ 794.241739][T12599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.241749][T12599] ? clear_bhb_loop+0x60/0xb0 [ 794.241761][T12599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.241771][T12599] RIP: 0033:0x7f31fbc9f749 [ 794.241781][T12599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 794.241790][T12599] RSP: 002b:00007f31f9efe038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 794.241802][T12599] RAX: ffffffffffffffda RBX: 00007f31fbef5fa0 RCX: 00007f31fbc9f749 [ 794.241810][T12599] RDX: 0000000000000001 RSI: 0000200000001140 RDI: 0000000000000003 [ 794.241816][T12599] RBP: 00007f31f9efe090 R08: 0000000000000000 R09: 0000000000000000 [ 794.241823][T12599] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 794.241829][T12599] R13: 00007f31fbef6038 R14: 00007f31fbef5fa0 R15: 00007ffcbe770388 [ 794.241846][T12599] [ 796.159588][T12640] netlink: 296 bytes leftover after parsing attributes in process `syz.2.2052'. [ 796.166476][ T5819] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 796.194172][ T5819] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 796.271439][T12640] overlayfs: overlapping lowerdir path [ 796.641193][ T6050] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 797.553565][ T6050] usb 3-1: Using ep0 maxpacket: 32 [ 797.555564][ T6050] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 797.555584][ T6050] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 797.555601][ T6050] usb 3-1: config 0 has no interface number 0 [ 797.555645][ T6050] usb 3-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 797.626275][ T6050] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 797.626293][ T6050] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.626305][ T6050] usb 3-1: Product: syz [ 797.626312][ T6050] usb 3-1: Manufacturer: syz [ 797.626319][ T6050] usb 3-1: SerialNumber: syz [ 797.650437][ T6050] usb 3-1: config 0 descriptor?? [ 797.696058][ T6050] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 797.879534][ T6050] usb 3-1: qt2_setup_urbs - submit read urb failed -8 [ 797.879673][ T6050] quatech2 3-1:0.51: probe with driver quatech2 failed with error -8 [ 798.085185][T12679] loop2: detected capacity change from 0 to 7 [ 798.091973][T12679] loop2: [ 798.092004][T12679] loop2: partition table partially beyond EOD, truncated [ 798.238604][ T6050] usb 3-1: USB disconnect, device number 60 [ 798.353497][T12691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2070'. [ 798.374101][T12691] mmap: syz.0.2070 (12691): VmData 37584896 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 799.225519][ T5792] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 799.353171][T12713] netlink: 284 bytes leftover after parsing attributes in process `syz.3.2083'. [ 801.098928][ T5792] usb 5-1: Using ep0 maxpacket: 32 [ 801.166864][ T5792] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 801.166923][ T5792] usb 5-1: config 0 has no interface number 0 [ 801.167021][ T5792] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 801.229386][ T5792] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 801.229657][ T5792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.229721][ T5792] usb 5-1: Product: syz [ 801.229735][ T5792] usb 5-1: Manufacturer: syz [ 801.229915][ T5792] usb 5-1: SerialNumber: syz [ 801.335713][ T6007] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 801.403955][ T5792] usb 5-1: config 0 descriptor?? [ 801.436386][T12706] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 801.586541][ T6007] usb 3-1: Using ep0 maxpacket: 32 [ 801.587770][T12720] FAULT_INJECTION: forcing a failure. [ 801.587770][T12720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 801.588054][T12720] CPU: 0 UID: 0 PID: 12720 Comm: syz.5.2085 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 801.588082][T12720] Tainted: [L]=SOFTLOCKUP [ 801.588089][T12720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 801.588101][T12720] Call Trace: [ 801.588109][T12720] [ 801.588118][T12720] dump_stack_lvl+0x189/0x250 [ 801.588145][T12720] ? __pfx____ratelimit+0x10/0x10 [ 801.588166][T12720] ? __pfx_dump_stack_lvl+0x10/0x10 [ 801.588188][T12720] ? __pfx__printk+0x10/0x10 [ 801.588207][T12720] ? __might_fault+0xb0/0x130 [ 801.588241][T12720] should_fail_ex+0x46c/0x600 [ 801.588271][T12720] _copy_from_user+0x2d/0xb0 [ 801.588293][T12720] core_sys_select+0x60b/0xa20 [ 801.588330][T12720] ? __pfx_core_sys_select+0x10/0x10 [ 801.588378][T12720] ? __pfx_set_user_sigmask+0x10/0x10 [ 801.588397][T12720] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 801.588416][T12720] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 801.588441][T12720] __se_sys_pselect6+0x27a/0x300 [ 801.588471][T12720] ? __pfx___se_sys_pselect6+0x10/0x10 [ 801.588501][T12720] ? __x64_sys_pselect6+0x21/0xf0 [ 801.588527][T12720] do_syscall_64+0xfa/0xf80 [ 801.588549][T12720] ? rcu_is_watching+0x15/0xb0 [ 801.588566][T12720] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.588584][T12720] ? clear_bhb_loop+0x60/0xb0 [ 801.588605][T12720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.588623][T12720] RIP: 0033:0x7f3fd784f749 [ 801.588640][T12720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.588656][T12720] RSP: 002b:00007f3fd5a95038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 801.588676][T12720] RAX: ffffffffffffffda RBX: 00007f3fd7aa6090 RCX: 00007f3fd784f749 [ 801.588690][T12720] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 801.588702][T12720] RBP: 00007f3fd5a95090 R08: 0000000000000000 R09: 0000000000000000 [ 801.588714][T12720] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 801.588727][T12720] R13: 00007f3fd7aa6128 R14: 00007f3fd7aa6090 R15: 00007ffed4c34718 [ 801.588764][T12720] [ 801.715463][ T6007] usb 3-1: config 4 has an invalid interface number: 40 but max is 0 [ 801.715488][ T6007] usb 3-1: config 4 has no interface number 0 [ 801.715521][ T6007] usb 3-1: config 4 interface 40 has no altsetting 0 [ 801.728044][ T6007] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=8f.de [ 801.728072][ T6007] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.728091][ T6007] usb 3-1: Product: syz [ 801.728104][ T6007] usb 3-1: Manufacturer: syz [ 801.728117][ T6007] usb 3-1: SerialNumber: syz [ 801.800369][T12706] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 802.186543][ T10] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 802.360869][ T10] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 802.360888][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 802.360899][ T10] usb 4-1: Product: syz [ 802.360945][ T10] usb 4-1: Manufacturer: syz [ 802.360953][ T10] usb 4-1: SerialNumber: syz [ 802.407329][ T10] usb 4-1: config 0 descriptor?? [ 802.431619][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 802.644844][ T5792] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 802.644871][ T5792] asix 5-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 802.667374][ T5792] asix 5-1:0.188: probe with driver asix failed with error -71 [ 802.724396][ T5792] usb 5-1: USB disconnect, device number 57 [ 803.232657][ T10] gspca_sunplus: reg_r err -32 [ 803.232802][ T10] sunplus 4-1:0.0: probe with driver sunplus failed with error -32 [ 803.405732][T12763] FAULT_INJECTION: forcing a failure. [ 803.405732][T12763] name failslab, interval 1, probability 0, space 0, times 0 [ 803.405824][T12763] CPU: 0 UID: 0 PID: 12763 Comm: syz.5.2106 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 803.405851][T12763] Tainted: [L]=SOFTLOCKUP [ 803.405858][T12763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 803.405870][T12763] Call Trace: [ 803.405879][T12763] [ 803.405887][T12763] dump_stack_lvl+0x189/0x250 [ 803.405918][T12763] ? __pfx____ratelimit+0x10/0x10 [ 803.405941][T12763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 803.405963][T12763] ? __pfx__printk+0x10/0x10 [ 803.405988][T12763] ? __pfx___might_resched+0x10/0x10 [ 803.406005][T12763] ? fs_reclaim_acquire+0x7d/0x100 [ 803.406034][T12763] should_fail_ex+0x46c/0x600 [ 803.406065][T12763] should_failslab+0xa8/0x100 [ 803.406092][T12763] __kmalloc_noprof+0xe0/0x7e0 [ 803.406115][T12763] ? tomoyo_encode+0x28b/0x550 [ 803.406140][T12763] tomoyo_encode+0x28b/0x550 [ 803.406166][T12763] tomoyo_realpath_from_path+0x58d/0x5d0 [ 803.406197][T12763] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 803.406222][T12763] tomoyo_path_number_perm+0x1e8/0x5a0 [ 803.406249][T12763] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 803.406278][T12763] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 803.406300][T12763] ? lockdep_hardirqs_on+0x98/0x140 [ 803.406358][T12763] ? __fget_files+0x2a/0x420 [ 803.406381][T12763] ? __fget_files+0x3a6/0x420 [ 803.406397][T12763] ? __fget_files+0x2a/0x420 [ 803.406419][T12763] security_file_ioctl+0xcb/0x2d0 [ 803.406446][T12763] __se_sys_ioctl+0x47/0x170 [ 803.406471][T12763] do_syscall_64+0xfa/0xf80 [ 803.406493][T12763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.406511][T12763] ? clear_bhb_loop+0x60/0xb0 [ 803.406532][T12763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.406550][T12763] RIP: 0033:0x7f3fd784f749 [ 803.406566][T12763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.406582][T12763] RSP: 002b:00007f3fd5ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 803.406602][T12763] RAX: ffffffffffffffda RBX: 00007f3fd7aa5fa0 RCX: 00007f3fd784f749 [ 803.406616][T12763] RDX: ffffffffffffffff RSI: 00000000400454ce RDI: 0000000000000003 [ 803.406628][T12763] RBP: 00007f3fd5ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 803.406640][T12763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 803.406651][T12763] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 803.406683][T12763] [ 803.406815][T12763] ERROR: Out of memory at tomoyo_realpath_from_path. [ 804.035173][T12773] FAULT_INJECTION: forcing a failure. [ 804.035173][T12773] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 804.035210][T12773] CPU: 1 UID: 0 PID: 12773 Comm: syz.5.2109 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 804.035233][T12773] Tainted: [L]=SOFTLOCKUP [ 804.035240][T12773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 804.035251][T12773] Call Trace: [ 804.035259][T12773] [ 804.035268][T12773] dump_stack_lvl+0x189/0x250 [ 804.035295][T12773] ? __pfx____ratelimit+0x10/0x10 [ 804.035314][T12773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 804.035334][T12773] ? __pfx__printk+0x10/0x10 [ 804.035359][T12773] ? get_sigframe+0x596/0x7d0 [ 804.035388][T12773] should_fail_ex+0x46c/0x600 [ 804.035418][T12773] _copy_to_user+0x31/0xb0 [ 804.035437][T12773] copy_siginfo_to_user+0x22/0xc0 [ 804.035457][T12773] x64_setup_rt_frame+0x777/0xd40 [ 804.035478][T12773] ? rt_spin_unlock+0x150/0x200 [ 804.035513][T12773] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 804.035554][T12773] arch_do_signal_or_restart+0x3d6/0x7a0 [ 804.035581][T12773] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 804.035615][T12773] ? exit_to_user_mode_loop+0x55/0x4f0 [ 804.035641][T12773] exit_to_user_mode_loop+0x87/0x4f0 [ 804.035662][T12773] ? rcu_is_watching+0x15/0xb0 [ 804.035681][T12773] do_syscall_64+0x2e3/0xf80 [ 804.035702][T12773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.035719][T12773] ? clear_bhb_loop+0x60/0xb0 [ 804.035738][T12773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.035754][T12773] RIP: 0033:0x7f3fd784f747 [ 804.035771][T12773] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 804.035786][T12773] RSP: 002b:00007f3fd5ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 804.035807][T12773] RAX: 0000000000000013 RBX: 00007f3fd7aa5fa0 RCX: 00007f3fd784f749 [ 804.035820][T12773] RDX: 0000000000000001 RSI: 0000200000000700 RDI: 0000000000000003 [ 804.035831][T12773] RBP: 00007f3fd5ab6090 R08: 0000000000000000 R09: 0000000000000000 [ 804.035843][T12773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 804.035853][T12773] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 804.035882][T12773] [ 805.023645][ T5792] usb 4-1: USB disconnect, device number 52 [ 805.370582][T12793] loop2: detected capacity change from 0 to 7 [ 805.371569][T12793] loop2: [ 805.371598][T12793] loop2: partition table partially beyond EOD, truncated [ 806.832010][T12807] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2121'. [ 808.106480][ T6007] usb_ehset_test 3-1:4.40: probe with driver usb_ehset_test failed with error -32 [ 808.525478][T10038] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 808.682918][T10038] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 808.682949][T10038] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 808.682969][T10038] usb 5-1: Product: syz [ 808.682983][T10038] usb 5-1: Manufacturer: syz [ 808.682997][T10038] usb 5-1: SerialNumber: syz [ 808.692341][T10038] usb 5-1: config 0 descriptor?? [ 808.740280][T10038] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 809.082315][T12854] ======================================================= [ 809.082315][T12854] WARNING: The mand mount option has been deprecated and [ 809.082315][T12854] and is ignored by this kernel. Remove the mand [ 809.082315][T12854] option from the mount to silence this warning. [ 809.082315][T12854] ======================================================= [ 809.312966][T12860] FAULT_INJECTION: forcing a failure. [ 809.312966][T12860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 809.313002][T12860] CPU: 1 UID: 60929 PID: 12860 Comm: syz.5.2141 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 809.313031][T12860] Tainted: [L]=SOFTLOCKUP [ 809.313038][T12860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 809.313047][T12860] Call Trace: [ 809.313054][T12860] [ 809.313063][T12860] dump_stack_lvl+0x189/0x250 [ 809.313088][T12860] ? __pfx____ratelimit+0x10/0x10 [ 809.313110][T12860] ? __pfx_dump_stack_lvl+0x10/0x10 [ 809.313131][T12860] ? __pfx__printk+0x10/0x10 [ 809.313160][T12860] should_fail_ex+0x46c/0x600 [ 809.313197][T12860] strncpy_from_user+0x36/0x2c0 [ 809.313225][T12860] getname_flags+0xf3/0x540 [ 809.313246][T12860] do_sys_openat2+0xbc/0x200 [ 809.313268][T12860] ? __pfx_do_sys_openat2+0x10/0x10 [ 809.313289][T12860] ? exc_page_fault+0x82/0x100 [ 809.313319][T12860] __x64_sys_openat+0x138/0x170 [ 809.313343][T12860] do_syscall_64+0xfa/0xf80 [ 809.313364][T12860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.313381][T12860] ? clear_bhb_loop+0x60/0xb0 [ 809.313402][T12860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.313418][T12860] RIP: 0033:0x7f3fd784df90 [ 809.313434][T12860] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 809.313449][T12860] RSP: 002b:00007f3fd5ab5b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 809.313469][T12860] RAX: ffffffffffffffda RBX: 0000000000142ba3 RCX: 00007f3fd784df90 [ 809.313483][T12860] RDX: 0000000000142ba3 RSI: 00007f3fd5ab5c10 RDI: 00000000ffffff9c [ 809.313496][T12860] RBP: 00007f3fd5ab5c10 R08: 0000000000000000 R09: 0023706f6f6c2f76 [ 809.313508][T12860] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 809.313520][T12860] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 809.313551][T12860] [ 809.556869][T10038] gspca_sunplus: reg_r err -32 [ 809.556963][T10038] sunplus 5-1:0.0: probe with driver sunplus failed with error -32 [ 811.446711][T10038] usb 5-1: USB disconnect, device number 58 [ 811.689195][T12912] FAULT_INJECTION: forcing a failure. [ 811.689195][T12912] name failslab, interval 1, probability 0, space 0, times 0 [ 811.689230][T12912] CPU: 1 UID: 0 PID: 12912 Comm: syz.2.2158 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 811.689255][T12912] Tainted: [L]=SOFTLOCKUP [ 811.689261][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 811.689272][T12912] Call Trace: [ 811.689280][T12912] [ 811.689288][T12912] dump_stack_lvl+0x189/0x250 [ 811.689315][T12912] ? __pfx____ratelimit+0x10/0x10 [ 811.689336][T12912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 811.689358][T12912] ? __pfx__printk+0x10/0x10 [ 811.689380][T12912] ? __pfx___might_resched+0x10/0x10 [ 811.689403][T12912] should_fail_ex+0x46c/0x600 [ 811.689431][T12912] ? __se_sys_mbind+0x4ef/0xc40 [ 811.689453][T12912] should_failslab+0xa8/0x100 [ 811.689478][T12912] ? __se_sys_mbind+0x4ef/0xc40 [ 811.689498][T12912] kmem_cache_alloc_noprof+0x84/0x6c0 [ 811.689527][T12912] __se_sys_mbind+0x4ef/0xc40 [ 811.689548][T12912] ? __pfx_vfs_write+0x10/0x10 [ 811.689574][T12912] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 811.689592][T12912] ? __pfx___se_sys_mbind+0x10/0x10 [ 811.689622][T12912] ? fput+0xa0/0xd0 [ 811.689640][T12912] ? ksys_write+0x230/0x260 [ 811.689663][T12912] ? __pfx_ksys_write+0x10/0x10 [ 811.689688][T12912] ? __x64_sys_mbind+0x21/0xf0 [ 811.689712][T12912] do_syscall_64+0xfa/0xf80 [ 811.689734][T12912] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.689751][T12912] ? clear_bhb_loop+0x60/0xb0 [ 811.689773][T12912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.689798][T12912] RIP: 0033:0x7f4a6815f749 [ 811.689814][T12912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 811.689829][T12912] RSP: 002b:00007f4a663c6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 811.689848][T12912] RAX: ffffffffffffffda RBX: 00007f4a683b5fa0 RCX: 00007f4a6815f749 [ 811.689861][T12912] RDX: 0000000000004003 RSI: 0000000000004000 RDI: 0000200000000000 [ 811.689873][T12912] RBP: 00007f4a663c6090 R08: 0000000000000006 R09: 0000000000000002 [ 811.689885][T12912] R10: 0000200000000c00 R11: 0000000000000246 R12: 0000000000000001 [ 811.689897][T12912] R13: 00007f4a683b6038 R14: 00007f4a683b5fa0 R15: 00007ffe231dfd98 [ 811.689925][T12912] [ 813.739173][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.745515][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.760175][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.761880][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.772470][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.789085][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.798880][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.808381][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.816156][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.817643][T12924] kvm: kvm [12923]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1 [ 813.855629][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.855717][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.110104][T12943] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 816.245497][ T6872] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 817.301901][ T6872] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 817.301931][ T6872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 817.301950][ T6872] usb 1-1: Product: syz [ 817.301963][ T6872] usb 1-1: Manufacturer: syz [ 817.301975][ T6872] usb 1-1: SerialNumber: syz [ 817.351952][ T6872] usb 1-1: config 0 descriptor?? [ 817.372704][ T6872] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 817.524844][T12984] [U] ÿ [ 817.755851][T12991] binder: 12990:12991 ioctl c0306201 200000000280 returned -14 [ 817.956810][T10038] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 817.979742][ T6872] gspca_sunplus: reg_r err -32 [ 817.979801][ T6872] sunplus 1-1:0.0: probe with driver sunplus failed with error -32 [ 818.078670][T13008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 818.078966][T13008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 818.107334][T10038] usb 4-1: Using ep0 maxpacket: 16 [ 818.109300][T10038] usb 4-1: config 0 has an invalid interface number: 238 but max is 0 [ 818.109324][T10038] usb 4-1: config 0 has no interface number 0 [ 818.109370][T10038] usb 4-1: config 0 interface 238 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 818.109395][T10038] usb 4-1: config 0 interface 238 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 818.109416][T10038] usb 4-1: config 0 interface 238 has no altsetting 0 [ 818.109448][T10038] usb 4-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 818.109468][T10038] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 818.118781][T10038] usb 4-1: config 0 descriptor?? [ 818.271981][T13013] FAULT_INJECTION: forcing a failure. [ 818.271981][T13013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 818.272017][T13013] CPU: 1 UID: 0 PID: 13013 Comm: syz.5.2193 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 818.272041][T13013] Tainted: [L]=SOFTLOCKUP [ 818.272048][T13013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 818.272058][T13013] Call Trace: [ 818.272067][T13013] [ 818.272078][T13013] dump_stack_lvl+0x189/0x250 [ 818.272114][T13013] ? __pfx____ratelimit+0x10/0x10 [ 818.272136][T13013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 818.272156][T13013] ? __pfx__printk+0x10/0x10 [ 818.272174][T13013] ? __might_fault+0xb0/0x130 [ 818.272206][T13013] should_fail_ex+0x46c/0x600 [ 818.272236][T13013] _copy_from_user+0x2d/0xb0 [ 818.272256][T13013] memdup_user+0x5e/0xd0 [ 818.272276][T13013] strndup_user+0x68/0xd0 [ 818.272295][T13013] __se_sys_mount+0x9d/0x410 [ 818.272315][T13013] ? ksys_write+0x230/0x260 [ 818.272340][T13013] ? __pfx___se_sys_mount+0x10/0x10 [ 818.272361][T13013] ? do_syscall_64+0xbe/0xf80 [ 818.272380][T13013] ? __x64_sys_mount+0x20/0xc0 [ 818.272400][T13013] do_syscall_64+0xfa/0xf80 [ 818.272420][T13013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.272438][T13013] ? clear_bhb_loop+0x60/0xb0 [ 818.272459][T13013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.272477][T13013] RIP: 0033:0x7f3fd784f749 [ 818.272493][T13013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.272510][T13013] RSP: 002b:00007f3fd5ab6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 818.272530][T13013] RAX: ffffffffffffffda RBX: 00007f3fd7aa5fa0 RCX: 00007f3fd784f749 [ 818.272543][T13013] RDX: 0000200000000240 RSI: 00002000000001c0 RDI: 0000000000000000 [ 818.272556][T13013] RBP: 00007f3fd5ab6090 R08: 0000200000000000 R09: 0000000000000000 [ 818.272568][T13013] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 818.272580][T13013] R13: 00007f3fd7aa6038 R14: 00007f3fd7aa5fa0 R15: 00007ffed4c34718 [ 818.272611][T13013] [ 818.354147][T13015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 818.359106][T13015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 818.575732][T10038] hid_parser_main: 5 callbacks suppressed [ 818.575760][T10038] logitech-djreceiver 0003:046D:C513.000A: unknown main item tag 0x0 [ 818.575792][T10038] logitech-djreceiver 0003:046D:C513.000A: unknown main item tag 0x0 [ 818.575818][T10038] logitech-djreceiver 0003:046D:C513.000A: unknown main item tag 0x0 [ 818.575853][T10038] logitech-djreceiver 0003:046D:C513.000A: unknown main item tag 0x0 [ 818.575878][T10038] logitech-djreceiver 0003:046D:C513.000A: unknown main item tag 0x0 [ 818.615659][T10038] logitech-djreceiver 0003:046D:C513.000A: hidraw0: USB HID v0.05 Device [HID 046d:c513] on usb-dummy_hcd.3-1/input238 [ 818.751929][T13021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2177'. [ 818.820729][T10038] usb 4-1: USB disconnect, device number 53 [ 818.827413][ T5819] Bluetooth: hci4: connection err: -111 [ 818.906473][T13029] binder: BINDER_SET_CONTEXT_MGR already set [ 818.906488][T13029] binder: 13028:13029 ioctl 4018620d 2000000000c0 returned -16 [ 818.932341][T13029] binder: BINDER_SET_CONTEXT_MGR already set [ 818.932357][T13029] binder: 13028:13029 ioctl 4018620d 200000000040 returned -16 [ 818.950114][T13029] FAULT_INJECTION: forcing a failure. [ 818.950114][T13029] name failslab, interval 1, probability 0, space 0, times 0 [ 818.950147][T13029] CPU: 0 UID: 0 PID: 13029 Comm: syz.2.2199 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 818.950172][T13029] Tainted: [L]=SOFTLOCKUP [ 818.950179][T13029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 818.950191][T13029] Call Trace: [ 818.950199][T13029] [ 818.950207][T13029] dump_stack_lvl+0x189/0x250 [ 818.950234][T13029] ? __pfx____ratelimit+0x10/0x10 [ 818.950256][T13029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 818.950277][T13029] ? __pfx__printk+0x10/0x10 [ 818.950302][T13029] ? __pfx___might_resched+0x10/0x10 [ 818.950320][T13029] ? fs_reclaim_acquire+0x7d/0x100 [ 818.950348][T13029] should_fail_ex+0x46c/0x600 [ 818.950378][T13029] should_failslab+0xa8/0x100 [ 818.950405][T13029] __kmalloc_noprof+0xe0/0x7e0 [ 818.950428][T13029] ? tomoyo_encode+0x28b/0x550 [ 818.950454][T13029] tomoyo_encode+0x28b/0x550 [ 818.950479][T13029] tomoyo_realpath_from_path+0x58d/0x5d0 [ 818.950510][T13029] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 818.950535][T13029] tomoyo_path_number_perm+0x1e8/0x5a0 [ 818.950562][T13029] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 818.950590][T13029] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 818.950612][T13029] ? lockdep_hardirqs_on+0x98/0x140 [ 818.950662][T13029] ? __fget_files+0x2a/0x420 [ 818.950690][T13029] ? __fget_files+0x3a6/0x420 [ 818.950707][T13029] ? __fget_files+0x2a/0x420 [ 818.950729][T13029] security_file_ioctl+0xcb/0x2d0 [ 818.950756][T13029] __se_sys_ioctl+0x47/0x170 [ 818.950780][T13029] do_syscall_64+0xfa/0xf80 [ 818.950802][T13029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.950821][T13029] ? clear_bhb_loop+0x60/0xb0 [ 818.950843][T13029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.950860][T13029] RIP: 0033:0x7f4a6815f749 [ 818.950877][T13029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.950893][T13029] RSP: 002b:00007f4a663c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.950913][T13029] RAX: ffffffffffffffda RBX: 00007f4a683b5fa0 RCX: 00007f4a6815f749 [ 818.950927][T13029] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 818.950939][T13029] RBP: 00007f4a663c6090 R08: 0000000000000000 R09: 0000000000000000 [ 818.950952][T13029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 818.950963][T13029] R13: 00007f4a683b6038 R14: 00007f4a683b5fa0 R15: 00007ffe231dfd98 [ 818.950995][T13029] [ 818.952248][T13029] ERROR: Out of memory at tomoyo_realpath_from_path. [ 819.097619][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 820.169215][T10038] usb 1-1: USB disconnect, device number 44 [ 822.325424][ T6007] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 822.498675][ T6007] usb 4-1: Using ep0 maxpacket: 8 [ 822.501489][ T6007] usb 4-1: config 16 has an invalid interface number: 124 but max is 0 [ 822.501514][ T6007] usb 4-1: config 16 has no interface number 0 [ 822.501560][ T6007] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice= c.1b [ 822.501581][ T6007] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.181094][ T6007] usb 4-1: MBOX3: Invalid descriptor size=18. [ 823.386151][ T5792] usb 4-1: USB disconnect, device number 54 [ 823.552323][ T5819] Bluetooth: hci4: connection err: -111 [ 823.645382][ T6007] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 823.809878][ T6007] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 823.809907][ T6007] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.813617][ T6007] usb 1-1: config 0 descriptor?? [ 824.747512][ T6007] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 825.185914][ T6007] cpia1 1-1:0.0: unexpected state after lo power cmd: 00 [ 826.379378][T13127] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 826.379404][T13127] CIFS mount error: No usable UNC path provided in device string! [ 826.379404][T13127] [ 826.379669][T13127] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 827.181302][ T6007] gspca_cpia1: usb_control_msg 02, error -110 [ 827.181322][ T6007] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 827.222836][ T6050] usb 1-1: USB disconnect, device number 45 [ 827.367343][T13137] /dev/nullb0: Can't open blockdev [ 827.955459][ T6050] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 828.105333][ T6050] usb 1-1: Using ep0 maxpacket: 32 [ 828.107727][ T6050] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 828.107749][ T6050] usb 1-1: config 0 has no interface number 0 [ 828.117395][ T6050] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 828.117422][ T6050] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 828.117441][ T6050] usb 1-1: Product: syz [ 828.117454][ T6050] usb 1-1: Manufacturer: syz [ 828.117467][ T6050] usb 1-1: SerialNumber: syz [ 828.152547][ T6050] usb 1-1: config 0 descriptor?? [ 828.163630][ T6050] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 828.163655][ T6050] usb 1-1: selecting invalid altsetting 1 [ 828.163670][ T6050] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 828.347051][T13155] loop2: detected capacity change from 0 to 7 [ 828.349187][ T6050] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 828.349597][ T6050] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 828.349646][ T6050] usb 1-1: media controller created [ 828.368845][T13139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 828.369355][T13139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 828.405893][T13155] loop2: [ 828.405929][T13155] loop2: partition table partially beyond EOD, truncated [ 828.425143][ T6050] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 828.581177][ T6050] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 828.581234][ T6050] zl10353_read_register: readreg error (reg=127, ret==-71) [ 828.583738][ T6050] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 828.874705][ T6050] usb 1-1: USB disconnect, device number 46 [ 829.517392][T13180] FAULT_INJECTION: forcing a failure. [ 829.517392][T13180] name failslab, interval 1, probability 0, space 0, times 0 [ 829.517467][T13180] CPU: 1 UID: 0 PID: 13180 Comm: syz.0.2254 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 829.517493][T13180] Tainted: [L]=SOFTLOCKUP [ 829.517500][T13180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 829.517511][T13180] Call Trace: [ 829.517519][T13180] [ 829.517527][T13180] dump_stack_lvl+0x189/0x250 [ 829.517555][T13180] ? __pfx____ratelimit+0x10/0x10 [ 829.517576][T13180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 829.517598][T13180] ? __pfx__printk+0x10/0x10 [ 829.517622][T13180] ? __pfx___might_resched+0x10/0x10 [ 829.517645][T13180] should_fail_ex+0x46c/0x600 [ 829.517672][T13180] ? __alloc_skb+0x255/0x430 [ 829.517695][T13180] should_failslab+0xa8/0x100 [ 829.517729][T13180] ? __alloc_skb+0x255/0x430 [ 829.517749][T13180] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 829.517780][T13180] __alloc_skb+0x255/0x430 [ 829.517805][T13180] ? __pfx___alloc_skb+0x10/0x10 [ 829.517829][T13180] ? netlink_autobind+0xdb/0x300 [ 829.517848][T13180] ? netlink_autobind+0x2c2/0x300 [ 829.517871][T13180] netlink_sendmsg+0x5c6/0xb30 [ 829.517899][T13180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 829.517925][T13180] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 829.517948][T13180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 829.517967][T13180] __sock_sendmsg+0x21c/0x270 [ 829.517992][T13180] ____sys_sendmsg+0x508/0x810 [ 829.518015][T13180] ? __pfx_____sys_sendmsg+0x10/0x10 [ 829.518041][T13180] ? import_iovec+0x74/0xa0 [ 829.518064][T13180] ___sys_sendmsg+0x21f/0x2a0 [ 829.518084][T13180] ? __pfx____sys_sendmsg+0x10/0x10 [ 829.518135][T13180] ? __fget_files+0x2a/0x420 [ 829.518153][T13180] ? __fget_files+0x3a6/0x420 [ 829.518180][T13180] __x64_sys_sendmsg+0x1a1/0x260 [ 829.518200][T13180] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 829.518233][T13180] ? do_syscall_64+0xbe/0xf80 [ 829.518257][T13180] do_syscall_64+0xfa/0xf80 [ 829.518278][T13180] ? rcu_is_watching+0x15/0xb0 [ 829.518294][T13180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.518312][T13180] ? clear_bhb_loop+0x60/0xb0 [ 829.518333][T13180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.518350][T13180] RIP: 0033:0x7f31fbc9f749 [ 829.518367][T13180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 829.518383][T13180] RSP: 002b:00007f31f9edd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 829.518403][T13180] RAX: ffffffffffffffda RBX: 00007f31fbef6090 RCX: 00007f31fbc9f749 [ 829.518417][T13180] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000008 [ 829.518429][T13180] RBP: 00007f31f9edd090 R08: 0000000000000000 R09: 0000000000000000 [ 829.518441][T13180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 829.518453][T13180] R13: 00007f31fbef6128 R14: 00007f31fbef6090 R15: 00007ffcbe770388 [ 829.518482][T13180] [ 830.930233][T13205] hpfs: Bad magic ... probably not HPFS [ 831.036562][T13210] FAULT_INJECTION: forcing a failure. [ 831.036562][T13210] name failslab, interval 1, probability 0, space 0, times 0 [ 831.039410][T13210] CPU: 1 UID: 0 PID: 13210 Comm: syz.4.2268 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 831.039438][T13210] Tainted: [L]=SOFTLOCKUP [ 831.039446][T13210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 831.039457][T13210] Call Trace: [ 831.039466][T13210] [ 831.039475][T13210] dump_stack_lvl+0x189/0x250 [ 831.039502][T13210] ? __pfx____ratelimit+0x10/0x10 [ 831.039523][T13210] ? __pfx_dump_stack_lvl+0x10/0x10 [ 831.039545][T13210] ? __pfx__printk+0x10/0x10 [ 831.039569][T13210] ? __pfx___might_resched+0x10/0x10 [ 831.039593][T13210] should_fail_ex+0x46c/0x600 [ 831.039621][T13210] ? __alloc_skb+0x255/0x430 [ 831.039644][T13210] should_failslab+0xa8/0x100 [ 831.039670][T13210] ? __alloc_skb+0x255/0x430 [ 831.039726][T13210] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 831.039757][T13210] __alloc_skb+0x255/0x430 [ 831.039782][T13210] ? __pfx___alloc_skb+0x10/0x10 [ 831.039807][T13210] ? netlink_autobind+0xdb/0x300 [ 831.039825][T13210] ? netlink_autobind+0x2c2/0x300 [ 831.039849][T13210] netlink_sendmsg+0x5c6/0xb30 [ 831.039877][T13210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 831.039903][T13210] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 831.039925][T13210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 831.039943][T13210] __sock_sendmsg+0x21c/0x270 [ 831.039964][T13210] ____sys_sendmsg+0x508/0x810 [ 831.039988][T13210] ? __pfx_____sys_sendmsg+0x10/0x10 [ 831.040015][T13210] ? import_iovec+0x74/0xa0 [ 831.040038][T13210] ___sys_sendmsg+0x21f/0x2a0 [ 831.040058][T13210] ? __pfx____sys_sendmsg+0x10/0x10 [ 831.040110][T13210] ? __fget_files+0x2a/0x420 [ 831.040128][T13210] ? __fget_files+0x3a6/0x420 [ 831.040156][T13210] __x64_sys_sendmsg+0x1a1/0x260 [ 831.040177][T13210] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 831.040205][T13210] ? __pfx_ksys_write+0x10/0x10 [ 831.040230][T13210] ? do_syscall_64+0xbe/0xf80 [ 831.040256][T13210] do_syscall_64+0xfa/0xf80 [ 831.040277][T13210] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.040295][T13210] ? clear_bhb_loop+0x60/0xb0 [ 831.040317][T13210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 831.040334][T13210] RIP: 0033:0x7f11c665f749 [ 831.040350][T13210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 831.040367][T13210] RSP: 002b:00007f11c48c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 831.040387][T13210] RAX: ffffffffffffffda RBX: 00007f11c68b5fa0 RCX: 00007f11c665f749 [ 831.040401][T13210] RDX: 0000000000008004 RSI: 0000200000000180 RDI: 000000000000000b [ 831.040414][T13210] RBP: 00007f11c48c6090 R08: 0000000000000000 R09: 0000000000000000 [ 831.040426][T13210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 831.040442][T13210] R13: 00007f11c68b6038 R14: 00007f11c68b5fa0 R15: 00007ffe43ecd2e8 [ 831.040473][T13210] [ 832.032422][T13228] FAULT_INJECTION: forcing a failure. [ 832.032422][T13228] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 832.032446][T13228] CPU: 0 UID: 0 PID: 13228 Comm: syz.2.2273 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 832.032462][T13228] Tainted: [L]=SOFTLOCKUP [ 832.032466][T13228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 832.032473][T13228] Call Trace: [ 832.032478][T13228] [ 832.032483][T13228] dump_stack_lvl+0x189/0x250 [ 832.032501][T13228] ? __pfx____ratelimit+0x10/0x10 [ 832.032514][T13228] ? __pfx_dump_stack_lvl+0x10/0x10 [ 832.032527][T13228] ? __pfx__printk+0x10/0x10 [ 832.032543][T13228] should_fail_ex+0x46c/0x600 [ 832.032561][T13228] strncpy_from_user+0x36/0x2c0 [ 832.032578][T13228] getname_flags+0xf3/0x540 [ 832.032598][T13228] do_sys_openat2+0xbc/0x200 [ 832.032610][T13228] ? __pfx_do_sys_openat2+0x10/0x10 [ 832.032623][T13228] ? ksys_write+0x230/0x260 [ 832.032637][T13228] ? __pfx_ksys_write+0x10/0x10 [ 832.032652][T13228] __x64_sys_openat+0x138/0x170 [ 832.032665][T13228] do_syscall_64+0xfa/0xf80 [ 832.032679][T13228] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.032689][T13228] ? clear_bhb_loop+0x60/0xb0 [ 832.032702][T13228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.032712][T13228] RIP: 0033:0x7f4a6815f749 [ 832.032722][T13228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.032731][T13228] RSP: 002b:00007f4a663c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 832.032743][T13228] RAX: ffffffffffffffda RBX: 00007f4a683b5fa0 RCX: 00007f4a6815f749 [ 832.032751][T13228] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 832.032758][T13228] RBP: 00007f4a663c6090 R08: 0000000000000000 R09: 0000000000000000 [ 832.032765][T13228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 832.032771][T13228] R13: 00007f4a683b6038 R14: 00007f4a683b5fa0 R15: 00007ffe231dfd98 [ 832.032788][T13228] [ 832.766068][T13253] FAULT_INJECTION: forcing a failure. [ 832.766068][T13253] name failslab, interval 1, probability 0, space 0, times 0 [ 832.766101][T13253] CPU: 0 UID: 0 PID: 13253 Comm: syz.5.2284 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 832.766126][T13253] Tainted: [L]=SOFTLOCKUP [ 832.766133][T13253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 832.766144][T13253] Call Trace: [ 832.766151][T13253] [ 832.766160][T13253] dump_stack_lvl+0x189/0x250 [ 832.766186][T13253] ? __pfx____ratelimit+0x10/0x10 [ 832.766208][T13253] ? __pfx_dump_stack_lvl+0x10/0x10 [ 832.766230][T13253] ? __pfx__printk+0x10/0x10 [ 832.766254][T13253] ? __pfx___might_resched+0x10/0x10 [ 832.766273][T13253] ? fs_reclaim_acquire+0x7d/0x100 [ 832.766301][T13253] should_fail_ex+0x46c/0x600 [ 832.766331][T13253] should_failslab+0xa8/0x100 [ 832.766357][T13253] __kmalloc_noprof+0xe0/0x7e0 [ 832.766381][T13253] ? tomoyo_encode+0x28b/0x550 [ 832.766406][T13253] tomoyo_encode+0x28b/0x550 [ 832.766431][T13253] tomoyo_realpath_from_path+0x58d/0x5d0 [ 832.766462][T13253] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 832.766485][T13253] tomoyo_path_number_perm+0x1e8/0x5a0 [ 832.766507][T13253] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 832.766531][T13253] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 832.766554][T13253] ? lockdep_hardirqs_on+0x98/0x140 [ 832.766605][T13253] ? __fget_files+0x2a/0x420 [ 832.766627][T13253] ? __fget_files+0x3a6/0x420 [ 832.766644][T13253] ? __fget_files+0x2a/0x420 [ 832.766666][T13253] security_file_ioctl+0xcb/0x2d0 [ 832.766695][T13253] __se_sys_ioctl+0x47/0x170 [ 832.766720][T13253] do_syscall_64+0xfa/0xf80 [ 832.766751][T13253] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.766770][T13253] ? clear_bhb_loop+0x60/0xb0 [ 832.766791][T13253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.766809][T13253] RIP: 0033:0x7f3fd784f749 [ 832.766826][T13253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.766842][T13253] RSP: 002b:00007f3fd5a95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 832.766863][T13253] RAX: ffffffffffffffda RBX: 00007f3fd7aa6090 RCX: 00007f3fd784f749 [ 832.766878][T13253] RDX: 0000200000000200 RSI: 00000000c0189379 RDI: 0000000000000003 [ 832.766890][T13253] RBP: 00007f3fd5a95090 R08: 0000000000000000 R09: 0000000000000000 [ 832.766902][T13253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 832.766914][T13253] R13: 00007f3fd7aa6128 R14: 00007f3fd7aa6090 R15: 00007ffed4c34718 [ 832.766946][T13253] [ 832.767071][T13253] ERROR: Out of memory at tomoyo_realpath_from_path. [ 833.512077][T13279] loop2: detected capacity change from 0 to 7 [ 833.526802][T13279] loop2: [ 833.527032][T13279] loop2: partition table partially beyond EOD, truncated [ 835.494795][T13292] overlayfs: failed to clone upperpath [ 839.642984][T13345] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 844.851148][T13443] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 845.095336][ T5792] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 845.788846][ T5792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 845.788894][ T5792] usb 4-1: New USB device found, idVendor=0738, idProduct=1709, bcdDevice= 0.00 [ 845.788916][ T5792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.840380][ T5792] usb 4-1: config 0 descriptor?? [ 845.841504][T13445] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 847.111238][ T5792] saitek 0003:0738:1709.000B: unknown main item tag 0x0 [ 847.111275][ T5792] saitek 0003:0738:1709.000B: unknown main item tag 0x0 [ 847.143015][ T5792] saitek 0003:0738:1709.000B: hidraw0: USB HID v1.01 Device [HID 0738:1709] on usb-dummy_hcd.3-1/input0 [ 847.422622][ T10] usb 4-1: USB disconnect, device number 55 [ 849.045410][ T10] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 849.185360][ T10] usb 5-1: device descriptor read/64, error -71 [ 849.427033][ T10] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 849.565273][ T10] usb 5-1: device descriptor read/64, error -71 [ 849.675913][ T10] usb usb5-port1: attempt power cycle [ 850.265264][ T10] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 850.286017][ T10] usb 5-1: device descriptor read/8, error -71 [ 850.532439][ T10] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 851.440356][ T10] usb 5-1: device descriptor read/8, error -71 [ 851.582528][ T10] usb usb5-port1: unable to enumerate USB device [ 853.946274][T13582] fuse: Bad value for 'fd' [ 854.185530][ T6007] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 854.610996][ T6007] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 854.634697][ T6007] usb 5-1: New USB device found, idVendor=056a, idProduct=0318, bcdDevice= 0.40 [ 854.634717][ T6007] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.634727][ T6007] usb 5-1: Manufacturer: ๖뭬㭳 [ 854.634735][ T6007] usb 5-1: SerialNumber: syz [ 854.875637][ T6007] usb 5-1: USB disconnect, device number 63 [ 855.892847][T13629] gretap0: entered promiscuous mode [ 855.893084][T13629] vlan2: entered promiscuous mode [ 855.955626][T13631] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2422'. [ 856.119059][T13632] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 856.321809][T13643] netlink: 296 bytes leftover after parsing attributes in process `syz.0.2427'. [ 856.615446][ T5792] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 856.925825][ T5792] usb 1-1: Using ep0 maxpacket: 32 [ 856.927698][ T5792] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 856.927721][ T5792] usb 1-1: config 0 has no interface number 0 [ 856.929881][ T5792] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 856.929901][ T5792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 856.929919][ T5792] usb 1-1: Product: syz [ 856.929927][ T5792] usb 1-1: Manufacturer: syz [ 856.929934][ T5792] usb 1-1: SerialNumber: syz [ 856.993294][ T5792] usb 1-1: config 0 descriptor?? [ 857.010464][ T5792] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 857.226280][ T5792] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 857.260274][ T5792] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 857.402080][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 857.607800][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 857.610685][ T5951] usb 1-1: USB disconnect, device number 47 [ 857.637705][ T5951] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 857.647007][ T5951] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 857.647872][ T5951] quatech2 1-1:0.51: device disconnected [ 860.047430][ T9889] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 860.062388][ T9889] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 860.082903][ T9889] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 860.208559][ T9889] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 860.209523][ T9889] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 860.454112][T13692] fuse: Bad value for 'fd' [ 860.812220][T13707] FAULT_INJECTION: forcing a failure. [ 860.812220][T13707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 860.812257][T13707] CPU: 1 UID: 0 PID: 13707 Comm: syz.4.2452 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 860.812284][T13707] Tainted: [L]=SOFTLOCKUP [ 860.812291][T13707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 860.812302][T13707] Call Trace: [ 860.812310][T13707] [ 860.812319][T13707] dump_stack_lvl+0x189/0x250 [ 860.812347][T13707] ? __pfx____ratelimit+0x10/0x10 [ 860.812369][T13707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 860.812391][T13707] ? __pfx__printk+0x10/0x10 [ 860.812425][T13707] should_fail_ex+0x46c/0x600 [ 860.812456][T13707] _copy_to_user+0x31/0xb0 [ 860.812479][T13707] simple_read_from_buffer+0xe1/0x170 [ 860.812510][T13707] proc_fail_nth_read+0x1b6/0x220 [ 860.812537][T13707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 860.812564][T13707] ? rw_verify_area+0x2ac/0x4e0 [ 860.812586][T13707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 860.812610][T13707] vfs_read+0x206/0xa30 [ 860.812641][T13707] ? __pfx_vfs_read+0x10/0x10 [ 860.812659][T13707] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 860.812694][T13707] ? mutex_lock_nested+0x154/0x1d0 [ 860.812710][T13707] ? fdget_pos+0x253/0x320 [ 860.812737][T13707] ksys_read+0x14b/0x260 [ 860.812762][T13707] ? __pfx_ksys_read+0x10/0x10 [ 860.812794][T13707] do_syscall_64+0xfa/0xf80 [ 860.812817][T13707] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.812834][T13707] ? clear_bhb_loop+0x60/0xb0 [ 860.812857][T13707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.812874][T13707] RIP: 0033:0x7f11c665e15c [ 860.812892][T13707] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 860.812914][T13707] RSP: 002b:00007f11c48a5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 860.812935][T13707] RAX: ffffffffffffffda RBX: 00007f11c68b6090 RCX: 00007f11c665e15c [ 860.812949][T13707] RDX: 000000000000000f RSI: 00007f11c48a50a0 RDI: 0000000000000003 [ 860.812961][T13707] RBP: 00007f11c48a5090 R08: 0000000000000000 R09: 0000000000000000 [ 860.812973][T13707] R10: 00000000040080c0 R11: 0000000000000246 R12: 0000000000000001 [ 860.812984][T13707] R13: 00007f11c68b6128 R14: 00007f11c68b6090 R15: 00007ffe43ecd2e8 [ 860.813017][T13707] [ 860.855298][T10038] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 861.894842][T10038] usb 4-1: Using ep0 maxpacket: 16 [ 861.905472][T10038] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 861.905514][T10038] usb 4-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00 [ 861.905533][T10038] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.951920][T10038] usb 4-1: config 0 descriptor?? [ 862.573614][ T5819] Bluetooth: hci2: command tx timeout [ 863.180949][T10038] usbhid 4-1:0.0: can't add hid device: -71 [ 863.181025][T10038] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 863.202947][T10038] usb 4-1: USB disconnect, device number 56 [ 863.953061][ T7504] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.630610][T13749] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2462'. [ 864.645256][ T5819] Bluetooth: hci2: command tx timeout [ 864.850620][ T7504] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 865.222899][T13765] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2468'. [ 865.252513][ T7504] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 865.296565][T13689] chnl_net:caif_netlink_parms(): no params data found [ 865.425412][ T6872] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 865.576218][ T6872] usb 5-1: Using ep0 maxpacket: 16 [ 865.582770][ T6872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 865.582819][ T6872] usb 5-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00 [ 865.582842][ T6872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 865.631108][ T6872] usb 5-1: config 0 descriptor?? [ 866.120436][ T7504] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 866.315304][ T5792] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 866.445655][ T5792] usb 1-1: device descriptor read/64, error -71 [ 866.466767][ T6872] usbhid 5-1:0.0: can't add hid device: -71 [ 866.466883][ T6872] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 866.495723][ T6872] usb 5-1: USB disconnect, device number 64 [ 866.695411][ T5792] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 866.725276][ T5819] Bluetooth: hci2: command tx timeout [ 866.747850][T13689] bridge0: port 1(bridge_slave_0) entered blocking state [ 866.748072][T13689] bridge0: port 1(bridge_slave_0) entered disabled state [ 866.748270][T13689] bridge_slave_0: entered allmulticast mode [ 866.754105][T13689] bridge_slave_0: entered promiscuous mode [ 866.837829][ T5792] usb 1-1: device descriptor read/64, error -71 [ 866.841607][T13689] bridge0: port 2(bridge_slave_1) entered blocking state [ 866.841749][T13689] bridge0: port 2(bridge_slave_1) entered disabled state [ 866.841921][T13689] bridge_slave_1: entered allmulticast mode [ 866.843807][T13689] bridge_slave_1: entered promiscuous mode [ 866.945563][ T5792] usb usb1-port1: attempt power cycle [ 867.153764][T13794] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2477'. [ 867.243539][T13689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 867.276253][T13689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 867.294622][ T5792] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 867.305805][ T5792] usb 1-1: device descriptor read/8, error -71 [ 867.545255][ T5792] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 867.550113][ T7504] bridge_slave_1: left allmulticast mode [ 867.550131][ T7504] bridge_slave_1: left promiscuous mode [ 867.550283][ T7504] bridge0: port 2(bridge_slave_1) entered disabled state [ 867.582662][ T5792] usb 1-1: device descriptor read/8, error -71 [ 867.626086][ T7504] bridge_slave_0: left allmulticast mode [ 867.626115][ T7504] bridge_slave_0: left promiscuous mode [ 867.627100][ T7504] bridge0: port 1(bridge_slave_0) entered disabled state [ 867.685810][ T5792] usb usb1-port1: unable to enumerate USB device [ 868.832875][ T5819] Bluetooth: hci2: command tx timeout [ 869.882123][T13808] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 871.033330][T13817] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2482'. [ 874.113192][T13822] loop2: detected capacity change from 0 to 7 [ 874.185674][T13822] loop2: [ 874.185710][T13822] loop2: partition table partially beyond EOD, truncated [ 875.294766][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.294842][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.397587][T13828] TCP: TCP_TX_DELAY enabled [ 875.686976][T13823] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 875.875270][T13823] usb 4-1: Using ep0 maxpacket: 8 [ 875.877677][T13823] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 875.877704][T13823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 875.877727][T13823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 875.877749][T13823] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 875.877786][T13823] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 875.877807][T13823] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 876.113341][T13823] usb 4-1: GET_CAPABILITIES returned 0 [ 876.113371][T13823] usbtmc 4-1:16.0: can't read capabilities [ 876.349563][T13828] FAULT_INJECTION: forcing a failure. [ 876.349563][T13828] name failslab, interval 1, probability 0, space 0, times 0 [ 876.349600][T13828] CPU: 1 UID: 0 PID: 13828 Comm: syz.3.2485 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 876.349626][T13828] Tainted: [L]=SOFTLOCKUP [ 876.349634][T13828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 876.349646][T13828] Call Trace: [ 876.349654][T13828] [ 876.349663][T13828] dump_stack_lvl+0x189/0x250 [ 876.349691][T13828] ? __pfx____ratelimit+0x10/0x10 [ 876.349712][T13828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 876.349734][T13828] ? __pfx__printk+0x10/0x10 [ 876.349758][T13828] ? __pfx___might_resched+0x10/0x10 [ 876.349782][T13828] should_fail_ex+0x46c/0x600 [ 876.349813][T13828] should_failslab+0xa8/0x100 [ 876.349839][T13828] __kmalloc_noprof+0xe0/0x7e0 [ 876.349861][T13828] ? kfree+0x4d/0x900 [ 876.349879][T13828] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 876.349905][T13828] tomoyo_realpath_from_path+0xe3/0x5d0 [ 876.349927][T13828] ? tomoyo_domain+0xd9/0x130 [ 876.349952][T13828] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 876.349976][T13828] tomoyo_path_number_perm+0x1e8/0x5a0 [ 876.350003][T13828] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 876.350032][T13828] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 876.350054][T13828] ? lockdep_hardirqs_on+0x98/0x140 [ 876.350105][T13828] ? __fget_files+0x2a/0x420 [ 876.350129][T13828] ? __fget_files+0x3a6/0x420 [ 876.350145][T13828] ? __fget_files+0x2a/0x420 [ 876.350167][T13828] security_file_ioctl+0xcb/0x2d0 [ 876.350201][T13828] __se_sys_ioctl+0x47/0x170 [ 876.350226][T13828] do_syscall_64+0xfa/0xf80 [ 876.350248][T13828] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.350267][T13828] ? clear_bhb_loop+0x60/0xb0 [ 876.350288][T13828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 876.350305][T13828] RIP: 0033:0x7ff39ab0f749 [ 876.350322][T13828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 876.350338][T13828] RSP: 002b:00007ff398d6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 876.350358][T13828] RAX: ffffffffffffffda RBX: 00007ff39ad65fa0 RCX: 00007ff39ab0f749 [ 876.350373][T13828] RDX: 0000200000000040 RSI: 00000000c0145b0e RDI: 0000000000000009 [ 876.350386][T13828] RBP: 00007ff398d6e090 R08: 0000000000000000 R09: 0000000000000000 [ 876.350397][T13828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 876.350408][T13828] R13: 00007ff39ad66038 R14: 00007ff39ad65fa0 R15: 00007ffc8ad68368 [ 876.350440][T13828] [ 876.350448][T13828] ERROR: Out of memory at tomoyo_realpath_from_path. [ 876.353107][T13828] Illegal XDP return value 813465600 on prog (id 238) dev N/A, expect packet loss! [ 876.362146][T13823] usb 4-1: USB disconnect, device number 57 [ 876.428197][ T7504] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 876.498293][ T7504] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 876.522483][ T7504] bond0 (unregistering): Released all slaves [ 876.582980][T13825] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 876.583026][T13825] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 876.583044][T13825] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 876.758055][T13689] team0: Port device team_slave_0 added [ 876.830067][T13833] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2487'. [ 877.015831][ T5881] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 877.019894][T13689] team0: Port device team_slave_1 added [ 877.133784][ T5819] Bluetooth: hci4: connection err: -111 [ 877.248133][T13845] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2492'. [ 877.350066][ T5881] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 877.350102][ T5881] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 877.350141][ T5881] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 877.350164][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 877.415470][T13831] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 878.330650][ T5881] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 878.540151][ T37] audit: type=1326 audit(1765075322.446:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13830 comm="syz.0.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31fbc9f749 code=0x7fc00000 [ 880.667422][ T37] audit: type=1326 audit(1765075324.576:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13830 comm="syz.0.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f31fbc9f749 code=0x7fc00000 [ 881.097094][ T6050] usb 1-1: USB disconnect, device number 52 [ 881.302477][T13875] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2499'. [ 881.562659][T13689] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 881.562677][T13689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 881.562703][T13689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 881.665355][ T5936] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 881.845441][ T5936] usb 4-1: Using ep0 maxpacket: 16 [ 881.848331][ T5936] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 881.848444][ T5936] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 881.848464][ T5936] usb 4-1: config 0 has no interface number 0 [ 881.903570][ T5936] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 881.903599][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 881.903618][ T5936] usb 4-1: Product: syz [ 881.903632][ T5936] usb 4-1: Manufacturer: syz [ 881.903646][ T5936] usb 4-1: SerialNumber: syz [ 881.947470][ T5936] usb 4-1: config 0 descriptor?? [ 881.967833][ T5936] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 881.967871][ T5936] uvcvideo 4-1:0.105: No valid video chain found. [ 882.058152][T13689] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 882.058170][T13689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 882.058196][T13689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 882.300697][ T6050] usb 4-1: USB disconnect, device number 58 [ 884.720005][ T7504] hsr_slave_0: left promiscuous mode [ 884.741954][ T7504] hsr_slave_1: left promiscuous mode [ 884.743146][ T7504] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 884.743172][ T7504] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 884.958432][ T7504] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 884.958459][ T7504] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 885.418160][ T7504] veth1_macvtap: left promiscuous mode [ 885.418231][ T7504] veth0_macvtap: left promiscuous mode [ 885.418375][ T7504] veth1_vlan: left promiscuous mode [ 885.418482][ T7504] veth0_vlan: left promiscuous mode [ 886.317644][T13926] FAULT_INJECTION: forcing a failure. [ 886.317644][T13926] name failslab, interval 1, probability 0, space 0, times 0 [ 886.317668][T13926] CPU: 0 UID: 0 PID: 13926 Comm: syz.3.2515 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 886.317684][T13926] Tainted: [L]=SOFTLOCKUP [ 886.317688][T13926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 886.317695][T13926] Call Trace: [ 886.317700][T13926] [ 886.317705][T13926] dump_stack_lvl+0x189/0x250 [ 886.317723][T13926] ? __pfx____ratelimit+0x10/0x10 [ 886.317737][T13926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 886.317750][T13926] ? __pfx__printk+0x10/0x10 [ 886.317764][T13926] ? __pfx___might_resched+0x10/0x10 [ 886.317777][T13926] should_fail_ex+0x46c/0x600 [ 886.317795][T13926] ? __alloc_skb+0x255/0x430 [ 886.317810][T13926] should_failslab+0xa8/0x100 [ 886.317827][T13926] ? __alloc_skb+0x255/0x430 [ 886.317839][T13926] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 886.317858][T13926] __alloc_skb+0x255/0x430 [ 886.317873][T13926] ? __pfx___alloc_skb+0x10/0x10 [ 886.317887][T13926] ? __lock_acquire+0x6b6/0x2cf0 [ 886.317905][T13926] alloc_skb_with_frags+0xca/0x890 [ 886.317916][T13926] ? __local_bh_enable+0x27b/0x410 [ 886.317937][T13926] ? __local_bh_enable+0x28c/0x410 [ 886.317959][T13926] sock_alloc_send_pskb+0x859/0x990 [ 886.317997][T13926] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 886.318017][T13926] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 886.318036][T13926] ? rt_spin_unlock+0x150/0x200 [ 886.318055][T13926] ? rt_spin_unlock+0x161/0x200 [ 886.318066][T13926] j1939_sk_sendmsg+0x788/0x1330 [ 886.318082][T13926] ? j1939_sk_sendmsg+0x531/0x1330 [ 886.318098][T13926] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 886.318111][T13926] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 886.318126][T13926] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 886.318142][T13926] __sock_sendmsg+0x21c/0x270 [ 886.318165][T13926] ____sys_sendmsg+0x534/0x810 [ 886.318185][T13926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 886.318208][T13926] ? import_iovec+0x74/0xa0 [ 886.318225][T13926] ___sys_sendmsg+0x21f/0x2a0 [ 886.318237][T13926] ? __pfx____sys_sendmsg+0x10/0x10 [ 886.318266][T13926] ? __fget_files+0x2a/0x420 [ 886.318276][T13926] ? __fget_files+0x3a6/0x420 [ 886.318292][T13926] __sys_sendmmsg+0x22d/0x430 [ 886.318306][T13926] ? __pfx___sys_sendmmsg+0x10/0x10 [ 886.318321][T13926] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 886.318340][T13926] ? ksys_write+0x230/0x260 [ 886.318355][T13926] ? __pfx_ksys_write+0x10/0x10 [ 886.318372][T13926] __x64_sys_sendmmsg+0xa0/0xc0 [ 886.318414][T13926] do_syscall_64+0xfa/0xf80 [ 886.318428][T13926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.318438][T13926] ? clear_bhb_loop+0x60/0xb0 [ 886.318451][T13926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.318460][T13926] RIP: 0033:0x7ff39ab0f749 [ 886.318473][T13926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 886.318483][T13926] RSP: 002b:00007ff398d6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 886.318495][T13926] RAX: ffffffffffffffda RBX: 00007ff39ad65fa0 RCX: 00007ff39ab0f749 [ 886.318503][T13926] RDX: 03fffffffffffe3d RSI: 0000200000003e40 RDI: 0000000000000003 [ 886.318510][T13926] RBP: 00007ff398d6e090 R08: 0000000000000000 R09: 0000000000000000 [ 886.318516][T13926] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000001 [ 886.318523][T13926] R13: 00007ff39ad66038 R14: 00007ff39ad65fa0 R15: 00007ffc8ad68368 [ 886.318541][T13926] [ 889.541015][T13938] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 890.846418][T13944] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 891.325354][ T6007] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 891.506755][ T6007] usb 5-1: Using ep0 maxpacket: 8 [ 891.508480][ T6007] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 891.508509][ T6007] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 891.508521][ T6007] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 891.508533][ T6007] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 891.510948][ T6007] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 891.510967][ T6007] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.510981][ T6007] usb 5-1: Product: syz [ 891.510988][ T6007] usb 5-1: Manufacturer: syz [ 891.510995][ T6007] usb 5-1: SerialNumber: syz [ 891.514061][ T6007] usb 5-1: config 0 descriptor?? [ 891.599548][ T6007] kvaser_usb 5-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 892.356115][ T7504] team0 (unregistering): Port device team_slave_1 removed [ 892.575722][ T7504] team0 (unregistering): Port device team_slave_0 removed [ 894.058359][ T6050] usb 5-1: USB disconnect, device number 65 [ 895.634654][T13930] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 895.634696][T13930] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 895.634714][T13930] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 895.798513][ T6021] kworker/u8:20 (6021) used greatest stack depth: 11888 bytes left [ 895.838599][T13689] hsr_slave_0: entered promiscuous mode [ 895.851611][T13689] hsr_slave_1: entered promiscuous mode [ 895.859886][T13689] debugfs: 'hsr0' already exists in 'hsr' [ 895.859913][T13689] Cannot create hsr debugfs directory [ 897.035384][ T8112] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 897.040480][ T6050] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 897.223247][ T8112] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 897.223278][ T8112] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.223298][ T8112] usb 1-1: Product: syz [ 897.223317][ T8112] usb 1-1: Manufacturer: syz [ 897.223331][ T8112] usb 1-1: SerialNumber: syz [ 897.231801][ T6050] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 897.231829][ T6050] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.231848][ T6050] usb 4-1: Product: syz [ 897.231861][ T6050] usb 4-1: Manufacturer: syz [ 897.231874][ T6050] usb 4-1: SerialNumber: syz [ 897.354192][ T8112] usb 1-1: config 0 descriptor?? [ 897.389303][ T6050] usb 4-1: config 0 descriptor?? [ 897.417707][ T8112] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 897.456772][ T6050] hub 4-1:0.0: bad descriptor, ignoring hub [ 897.456811][ T6050] hub 4-1:0.0: probe with driver hub failed with error -5 [ 897.730300][ T6050] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 897.922020][ T6050] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 897.922092][ T6050] dib0700: firmware download failed at 7 with -22 [ 898.473759][ T9889] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 898.491051][ T9889] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 898.552890][ T5947] usb 3-1: USB disconnect, device number 61 [ 898.558387][ T9889] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 898.563105][ T6050] usb 4-1: USB disconnect, device number 59 [ 898.567263][ T9889] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 898.568606][ T9889] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 898.890857][ T5936] usb 1-1: USB disconnect, device number 53 [ 900.455880][T14023] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 900.803348][ T5819] Bluetooth: hci0: command tx timeout [ 903.419005][ T5819] Bluetooth: hci0: command tx timeout [ 904.514056][ T5947] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 905.236745][ T5947] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 905.236775][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.236793][ T5947] usb 4-1: Product: syz [ 905.236805][ T5947] usb 4-1: Manufacturer: syz [ 905.236818][ T5947] usb 4-1: SerialNumber: syz [ 905.414873][ T5947] usb 4-1: config 0 descriptor?? [ 905.448285][ T5819] Bluetooth: hci0: command tx timeout [ 905.629829][ T5947] hub 4-1:0.0: bad descriptor, ignoring hub [ 905.629867][ T5947] hub 4-1:0.0: probe with driver hub failed with error -5 [ 905.890093][ T5947] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 905.922535][ T5947] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 905.922585][ T5947] dib0700: firmware download failed at 7 with -22 [ 906.106100][T14087] tipc: Enabling of bearer rejected, failed to enable media [ 906.117579][T14087] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 906.322791][T14003] chnl_net:caif_netlink_parms(): no params data found [ 906.435690][ T5947] usb 4-1: USB disconnect, device number 60 [ 906.532151][T14105] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2552'. [ 907.322962][T14003] bridge0: port 1(bridge_slave_0) entered blocking state [ 907.323174][T14003] bridge0: port 1(bridge_slave_0) entered disabled state [ 907.323412][T14003] bridge_slave_0: entered allmulticast mode [ 907.365270][T14003] bridge_slave_0: entered promiscuous mode [ 907.693269][ T5819] Bluetooth: hci0: command tx timeout [ 908.375868][T14003] bridge0: port 2(bridge_slave_1) entered blocking state [ 908.375945][T14003] bridge0: port 2(bridge_slave_1) entered disabled state [ 908.376111][T14003] bridge_slave_1: entered allmulticast mode [ 908.377712][T14003] bridge_slave_1: entered promiscuous mode [ 908.708884][T14003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 908.750670][T14003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 908.750757][T13689] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 909.859075][T13689] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 910.237220][T13689] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 910.313302][T14003] team0: Port device team_slave_0 added [ 910.328544][T14003] team0: Port device team_slave_1 added [ 910.328631][T13689] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 910.631510][T14003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 910.631527][T14003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 910.631553][T14003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 910.695483][T14003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 910.695503][T14003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 910.695530][T14003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 910.846572][T14161] FAULT_INJECTION: forcing a failure. [ 910.846572][T14161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 910.846606][T14161] CPU: 1 UID: 0 PID: 14161 Comm: syz.4.2561 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 910.846631][T14161] Tainted: [L]=SOFTLOCKUP [ 910.846638][T14161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 910.846649][T14161] Call Trace: [ 910.846657][T14161] [ 910.846666][T14161] dump_stack_lvl+0x189/0x250 [ 910.846692][T14161] ? __pfx____ratelimit+0x10/0x10 [ 910.846721][T14161] ? __pfx_dump_stack_lvl+0x10/0x10 [ 910.846743][T14161] ? __pfx__printk+0x10/0x10 [ 910.846761][T14161] ? __might_fault+0xb0/0x130 [ 910.846795][T14161] should_fail_ex+0x46c/0x600 [ 910.846825][T14161] _copy_from_user+0x2d/0xb0 [ 910.846846][T14161] ___sys_sendmsg+0x158/0x2a0 [ 910.846868][T14161] ? __pfx____sys_sendmsg+0x10/0x10 [ 910.846919][T14161] ? __fget_files+0x2a/0x420 [ 910.846938][T14161] ? __fget_files+0x3a6/0x420 [ 910.846964][T14161] __sys_sendmmsg+0x22d/0x430 [ 910.846988][T14161] ? __pfx___sys_sendmmsg+0x10/0x10 [ 910.847016][T14161] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 910.847050][T14161] ? ksys_write+0x230/0x260 [ 910.847075][T14161] ? __pfx_ksys_write+0x10/0x10 [ 910.847100][T14161] __x64_sys_sendmmsg+0xa0/0xc0 [ 910.847120][T14161] do_syscall_64+0xfa/0xf80 [ 910.847142][T14161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.847164][T14161] ? clear_bhb_loop+0x60/0xb0 [ 910.847186][T14161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.847203][T14161] RIP: 0033:0x7f11c665f749 [ 910.847219][T14161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 910.847235][T14161] RSP: 002b:00007f11c48c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 910.847255][T14161] RAX: ffffffffffffffda RBX: 00007f11c68b5fa0 RCX: 00007f11c665f749 [ 910.847268][T14161] RDX: 0000000000000002 RSI: 00002000000004c0 RDI: 0000000000000003 [ 910.847281][T14161] RBP: 00007f11c48c6090 R08: 0000000000000000 R09: 0000000000000000 [ 910.847291][T14161] R10: 00000000040080c0 R11: 0000000000000246 R12: 0000000000000001 [ 910.847304][T14161] R13: 00007f11c68b6038 R14: 00007f11c68b5fa0 R15: 00007ffe43ecd2e8 [ 910.847333][T14161] [ 914.326935][T14003] hsr_slave_0: entered promiscuous mode [ 914.328024][T14003] hsr_slave_1: entered promiscuous mode [ 914.328799][T14003] debugfs: 'hsr0' already exists in 'hsr' [ 914.328818][T14003] Cannot create hsr debugfs directory [ 914.690463][T14204] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2575'. [ 914.919227][T14206] loop9: detected capacity change from 0 to 7 [ 914.955575][T14206] Dev loop9: unable to read RDB block 7 [ 914.955605][T14206] loop9: AHDI p4 [ 914.955633][T14206] loop9: partition table partially beyond EOD, truncated [ 914.995139][ T6050] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 915.038567][T13689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 915.102098][T13689] 8021q: adding VLAN 0 to HW filter on device team0 [ 915.196998][ T7504] bridge0: port 1(bridge_slave_0) entered blocking state [ 915.197131][ T7504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 915.284935][ T7502] bridge0: port 2(bridge_slave_1) entered blocking state [ 915.288549][ T7502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 915.511585][T14003] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 915.578240][T14003] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 915.587023][ T5819] Bluetooth: hci3: connection err: -111 [ 917.813348][T14003] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 917.843846][T14003] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 918.013500][ T5819] Bluetooth: hci3: connection err: -111 [ 919.530505][T14003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 919.579826][T14245] blk_print_req_error: 11 callbacks suppressed [ 919.579847][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.579872][T14245] buffer_io_error: 11 callbacks suppressed [ 919.579892][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580064][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.580088][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580240][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.580262][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580413][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.580436][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580585][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.580607][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580785][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.580809][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.580983][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.581005][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.581155][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.581178][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.581271][T14245] ldm_validate_partition_table(): Disk read failed. [ 919.581344][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.581366][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.581516][T14245] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 919.581538][T14245] Buffer I/O error on dev nbd0, logical block 0, async page read [ 919.612234][T14003] 8021q: adding VLAN 0 to HW filter on device team0 [ 919.626982][ T7925] bridge0: port 1(bridge_slave_0) entered blocking state [ 919.627633][ T7925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 919.732872][ T7925] bridge0: port 2(bridge_slave_1) entered blocking state [ 919.733004][ T7925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 919.762987][ T9889] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 919.781300][ T9889] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 919.796266][ T9889] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 919.834362][T14245] Dev nbd0: unable to read RDB block 0 [ 919.840231][T14245] nbd0: unable to read partition table [ 919.846369][ T9889] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 919.847590][ T9889] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 920.240268][ T5819] Bluetooth: hci4: connection err: -111 [ 921.184448][ T5172] ldm_validate_partition_table(): Disk read failed. [ 921.198308][ T5172] Dev nbd0: unable to read RDB block 0 [ 921.198988][ T5172] nbd0: unable to read partition table [ 922.219773][ T5172] ldm_validate_partition_table(): Disk read failed. [ 922.220344][ T5172] Dev nbd0: unable to read RDB block 0 [ 922.221057][ T5172] nbd0: unable to read partition table [ 924.340554][ T8021] ldm_validate_partition_table(): Disk read failed. [ 924.356833][ T8021] Dev nbd0: unable to read RDB block 0 [ 924.357561][ T8021] nbd0: unable to read partition table [ 924.379339][ T8021] ldm_validate_partition_table(): Disk read failed. [ 924.379922][ T8021] Dev nbd0: unable to read RDB block 0 [ 924.380623][ T8021] nbd0: unable to read partition table [ 924.533320][ T9889] Bluetooth: hci5: command tx timeout [ 924.716297][T14272] comedi comedi0: pcl730: I/O port conflict (0x6,4) [ 925.184997][T14003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 926.110958][T14247] chnl_net:caif_netlink_parms(): no params data found [ 926.345566][T14296] netlink: 'syz.0.2597': attribute type 2 has an invalid length. [ 926.345589][T14296] netlink: 'syz.0.2597': attribute type 1 has an invalid length. [ 926.365192][ T6050] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 926.390210][T14297] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2597'. [ 926.566039][ T5819] Bluetooth: hci5: command tx timeout [ 926.569920][ T6050] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 926.569947][ T6050] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.603626][ T6050] usb 5-1: config 0 descriptor?? [ 926.623839][ T6050] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 927.007444][ T6050] cpia1 5-1:0.0: unexpected state after lo power cmd: 00 [ 927.041073][T14306] (syz.3.2599,14306,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 927.041104][T14306] (syz.3.2599,14306,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 927.239580][ T5819] Bluetooth: hci1: connection err: -111 [ 928.245467][ T6050] gspca_cpia1: usb_control_msg 02, error -110 [ 928.245490][ T6050] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 928.303224][ T6050] usb 5-1: USB disconnect, device number 66 [ 928.402946][T14315] FAULT_INJECTION: forcing a failure. [ 928.402946][T14315] name failslab, interval 1, probability 0, space 0, times 0 [ 928.402970][T14315] CPU: 0 UID: 0 PID: 14315 Comm: syz.4.2602 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 928.402988][T14315] Tainted: [L]=SOFTLOCKUP [ 928.402992][T14315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 928.402999][T14315] Call Trace: [ 928.403003][T14315] [ 928.403009][T14315] dump_stack_lvl+0x189/0x250 [ 928.403028][T14315] ? __pfx____ratelimit+0x10/0x10 [ 928.403041][T14315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 928.403054][T14315] ? __pfx__printk+0x10/0x10 [ 928.403066][T14315] ? rt_spin_unlock+0x150/0x200 [ 928.403081][T14315] should_fail_ex+0x46c/0x600 [ 928.403107][T14315] should_failslab+0xa8/0x100 [ 928.403124][T14315] __kmalloc_cache_noprof+0x84/0x6d0 [ 928.403144][T14315] ? sctp_bind_addr_match+0x30/0x2b0 [ 928.403157][T14315] ? sctp_add_bind_addr+0x8c/0x370 [ 928.403178][T14315] sctp_add_bind_addr+0x8c/0x370 [ 928.403195][T14315] sctp_do_bind+0x5ab/0x940 [ 928.403210][T14315] ? lock_sock_nested+0x5f/0x130 [ 928.403230][T14315] sctp_bind+0x9c/0x100 [ 928.403242][T14315] __sys_bind+0x2cc/0x3e0 [ 928.403257][T14315] ? __pfx___sys_bind+0x10/0x10 [ 928.403277][T14315] ? __pfx_ksys_write+0x10/0x10 [ 928.403294][T14315] __x64_sys_bind+0x7a/0x90 [ 928.403309][T14315] do_syscall_64+0xfa/0xf80 [ 928.403323][T14315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 928.403333][T14315] ? clear_bhb_loop+0x60/0xb0 [ 928.403345][T14315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 928.403355][T14315] RIP: 0033:0x7f11c665f749 [ 928.403365][T14315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 928.403375][T14315] RSP: 002b:00007f11c48c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 928.403388][T14315] RAX: ffffffffffffffda RBX: 00007f11c68b5fa0 RCX: 00007f11c665f749 [ 928.403399][T14315] RDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003 [ 928.403406][T14315] RBP: 00007f11c48c6090 R08: 0000000000000000 R09: 0000000000000000 [ 928.403412][T14315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 928.403419][T14315] R13: 00007f11c68b6038 R14: 00007f11c68b5fa0 R15: 00007ffe43ecd2e8 [ 928.403436][T14315] [ 928.645214][ T5819] Bluetooth: hci5: command tx timeout [ 928.785711][T14247] bridge0: port 1(bridge_slave_0) entered blocking state [ 928.786314][T14247] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.786554][T14247] bridge_slave_0: entered allmulticast mode [ 928.789165][T14247] bridge_slave_0: entered promiscuous mode [ 928.834190][T14247] bridge0: port 2(bridge_slave_1) entered blocking state [ 928.834321][T14247] bridge0: port 2(bridge_slave_1) entered disabled state [ 928.834532][T14247] bridge_slave_1: entered allmulticast mode [ 928.860652][T14247] bridge_slave_1: entered promiscuous mode [ 930.031165][T14327] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 930.359965][T14247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 930.399383][T14335] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2606'. [ 930.401939][T14247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 930.711844][T14247] team0: Port device team_slave_0 added [ 930.725495][ T5819] Bluetooth: hci5: command tx timeout [ 930.893687][T14247] team0: Port device team_slave_1 added [ 930.901075][T14003] veth0_vlan: entered promiscuous mode [ 931.237516][T14339] blk_print_req_error: 75 callbacks suppressed [ 931.237529][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.237545][T14339] buffer_io_error: 75 callbacks suppressed [ 931.237552][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.237651][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.237664][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.237808][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.237822][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.237907][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.237920][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238003][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238015][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238121][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238135][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238237][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238251][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238345][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238357][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238413][T14339] ldm_validate_partition_table(): Disk read failed. [ 931.238459][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238475][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238563][T14339] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 931.238577][T14339] Buffer I/O error on dev nbd0, logical block 0, async page read [ 931.238810][T14339] Dev nbd0: unable to read RDB block 0 [ 931.239211][T14339] nbd0: unable to read partition table [ 931.279004][ T5172] ldm_validate_partition_table(): Disk read failed. [ 931.279529][ T5172] Dev nbd0: unable to read RDB block 0 [ 931.280144][ T5172] nbd0: unable to read partition table [ 931.307126][ T5172] ldm_validate_partition_table(): Disk read failed. [ 931.307632][ T5172] Dev nbd0: unable to read RDB block 0 [ 931.308276][ T5172] nbd0: unable to read partition table [ 931.362026][ T5819] Bluetooth: hci3: connection err: -111 [ 931.365360][ T8021] ldm_validate_partition_table(): Disk read failed. [ 931.365900][ T8021] Dev nbd0: unable to read RDB block 0 [ 931.366593][ T8021] nbd0: unable to read partition table [ 931.575760][T14247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 931.575778][T14247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 931.575803][T14247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 932.376922][T14247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 932.376941][T14247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 932.376967][T14247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 932.577144][ T8021] ldm_validate_partition_table(): Disk read failed. [ 932.597980][T14003] veth1_vlan: entered promiscuous mode [ 932.600749][ T8021] Dev nbd0: unable to read RDB block 0 [ 932.601418][ T8021] nbd0: unable to read partition table [ 932.687895][T14349] tmpfs: Bad value for 'mpol' [ 932.948404][ T4477] bridge_slave_1: left allmulticast mode [ 932.948433][ T4477] bridge_slave_1: left promiscuous mode [ 932.948684][ T4477] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.780086][T14352] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 933.807859][ T5819] Bluetooth: hci4: connection err: -111 [ 934.666083][ T4477] bridge_slave_0: left allmulticast mode [ 934.666104][ T4477] bridge_slave_0: left promiscuous mode [ 934.666265][ T4477] bridge0: port 1(bridge_slave_0) entered disabled state [ 934.969398][T14363] FAULT_INJECTION: forcing a failure. [ 934.969398][T14363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 934.969433][T14363] CPU: 0 UID: 0 PID: 14363 Comm: syz.0.2615 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 934.969460][T14363] Tainted: [L]=SOFTLOCKUP [ 934.969467][T14363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 934.969478][T14363] Call Trace: [ 934.969495][T14363] [ 934.969504][T14363] dump_stack_lvl+0x189/0x250 [ 934.969530][T14363] ? __pfx____ratelimit+0x10/0x10 [ 934.969551][T14363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 934.969572][T14363] ? __pfx__printk+0x10/0x10 [ 934.969731][T14363] should_fail_ex+0x46c/0x600 [ 934.969763][T14363] _copy_to_user+0x31/0xb0 [ 934.969786][T14363] simple_read_from_buffer+0xe1/0x170 [ 934.969817][T14363] proc_fail_nth_read+0x1b6/0x220 [ 934.969845][T14363] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 934.969871][T14363] ? rw_verify_area+0x2ac/0x4e0 [ 934.969892][T14363] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 934.969916][T14363] vfs_read+0x206/0xa30 [ 934.969945][T14363] ? __pfx_vfs_read+0x10/0x10 [ 934.969963][T14363] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 934.969999][T14363] ? mutex_lock_nested+0x154/0x1d0 [ 934.970015][T14363] ? fdget_pos+0x253/0x320 [ 934.970041][T14363] ksys_read+0x14b/0x260 [ 934.970066][T14363] ? __pfx_ksys_read+0x10/0x10 [ 934.970091][T14363] ? do_syscall_64+0xbe/0xf80 [ 934.970116][T14363] do_syscall_64+0xfa/0xf80 [ 934.970138][T14363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.970157][T14363] ? clear_bhb_loop+0x60/0xb0 [ 934.970179][T14363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.970197][T14363] RIP: 0033:0x7f31fbc9e15c [ 934.970215][T14363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 934.970230][T14363] RSP: 002b:00007f31f9edd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 934.970250][T14363] RAX: ffffffffffffffda RBX: 00007f31fbef6090 RCX: 00007f31fbc9e15c [ 934.970264][T14363] RDX: 000000000000000f RSI: 00007f31f9edd0a0 RDI: 0000000000000004 [ 934.970276][T14363] RBP: 00007f31f9edd090 R08: 0000000000000000 R09: 0000000000000000 [ 934.970288][T14363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 934.970298][T14363] R13: 00007f31fbef6128 R14: 00007f31fbef6090 R15: 00007ffcbe770388 [ 934.970325][T14363] [ 935.414478][ T5819] Bluetooth: hci3: connection err: -111 [ 936.735797][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.735878][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 939.905991][ T4477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 939.971785][T14388] Process accounting resumed [ 940.000725][ T4477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 940.027517][ T4477] bond0 (unregistering): Released all slaves [ 941.456576][T14247] hsr_slave_0: entered promiscuous mode [ 941.458279][T14247] hsr_slave_1: entered promiscuous mode [ 941.459348][T14247] debugfs: 'hsr0' already exists in 'hsr' [ 941.459372][T14247] Cannot create hsr debugfs directory [ 944.224760][T14412] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 945.258907][ T5947] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 945.308741][ T4477] hsr_slave_0: left promiscuous mode [ 945.330949][ T4477] hsr_slave_1: left promiscuous mode [ 945.331902][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 945.351487][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 945.399866][T14421] FAULT_INJECTION: forcing a failure. [ 945.399866][T14421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.399890][T14421] CPU: 1 UID: 0 PID: 14421 Comm: syz.4.2631 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 945.399904][T14421] Tainted: [L]=SOFTLOCKUP [ 945.399909][T14421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 945.399915][T14421] Call Trace: [ 945.399920][T14421] [ 945.399925][T14421] dump_stack_lvl+0x189/0x250 [ 945.399943][T14421] ? __pfx____ratelimit+0x10/0x10 [ 945.399956][T14421] ? __pfx_dump_stack_lvl+0x10/0x10 [ 945.399970][T14421] ? __pfx__printk+0x10/0x10 [ 945.399980][T14421] ? __might_fault+0xb0/0x130 [ 945.400000][T14421] should_fail_ex+0x46c/0x600 [ 945.400018][T14421] _copy_from_user+0x2d/0xb0 [ 945.400031][T14421] ___sys_sendmsg+0x158/0x2a0 [ 945.400044][T14421] ? __pfx____sys_sendmsg+0x10/0x10 [ 945.400071][T14421] ? __fget_files+0x2a/0x420 [ 945.400081][T14421] ? __fget_files+0x3a6/0x420 [ 945.400097][T14421] __x64_sys_sendmsg+0x1a1/0x260 [ 945.400108][T14421] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 945.400123][T14421] ? __pfx_ksys_write+0x10/0x10 [ 945.400148][T14421] ? do_syscall_64+0xbe/0xf80 [ 945.400163][T14421] do_syscall_64+0xfa/0xf80 [ 945.400176][T14421] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.400186][T14421] ? clear_bhb_loop+0x60/0xb0 [ 945.400199][T14421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.400209][T14421] RIP: 0033:0x7f11c665f749 [ 945.400219][T14421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.400228][T14421] RSP: 002b:00007f11c48c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 945.400240][T14421] RAX: ffffffffffffffda RBX: 00007f11c68b5fa0 RCX: 00007f11c665f749 [ 945.400248][T14421] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000009 [ 945.400255][T14421] RBP: 00007f11c48c6090 R08: 0000000000000000 R09: 0000000000000000 [ 945.400262][T14421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 945.400268][T14421] R13: 00007f11c68b6038 R14: 00007f11c68b5fa0 R15: 00007ffe43ecd2e8 [ 945.400285][T14421] [ 945.479872][ T5819] Bluetooth: hci4: connection err: -111 [ 945.725605][ T5947] usb 1-1: Using ep0 maxpacket: 32 [ 945.727574][ T5947] usb 1-1: config 0 has an invalid interface number: 119 but max is 0 [ 945.727600][ T5947] usb 1-1: config 0 has no interface number 0 [ 945.727643][ T5947] usb 1-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 945.727662][ T5947] usb 1-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 945.727687][ T5947] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 945.727710][ T5947] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 945.727732][ T5947] usb 1-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 945.730083][ T5947] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 945.730109][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.730127][ T5947] usb 1-1: Product: syz [ 945.730140][ T5947] usb 1-1: Manufacturer: syz [ 945.730153][ T5947] usb 1-1: SerialNumber: syz [ 945.737266][ T5947] usb 1-1: config 0 descriptor?? [ 945.738136][T14417] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 945.752145][ T5947] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.119/input/input32 [ 946.054588][ T5157] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 946.657665][ C1] bcm5974 1-1:0.119: trackpad urb failed: -1 [ 946.834444][ C1] bcm5974 1-1:0.119: trackpad urb failed: -1 [ 946.968265][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 947.087793][ T5947] usb 1-1: USB disconnect, device number 55 [ 947.645901][ T4477] team0 (unregistering): Port device team_slave_1 removed [ 947.876106][ T4477] team0 (unregistering): Port device team_slave_0 removed [ 950.394862][T14415] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 950.394902][T14415] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 950.394920][T14415] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 950.665777][T14003] veth0_macvtap: entered promiscuous mode [ 950.908496][T14003] veth1_macvtap: entered promiscuous mode [ 951.215333][ T6050] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 951.374069][ T6050] usb 5-1: config 0 interface 0 has no altsetting 0 [ 951.374109][ T6050] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 951.374121][ T6050] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.379221][ T6050] usb 5-1: config 0 descriptor?? [ 951.416635][T14003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 951.464357][T14003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 951.527011][ T69] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.534096][ T69] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.534143][ T69] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.534177][ T69] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.623636][ T6050] (null): keene_cmd_main failed (-71) [ 951.673784][ T6050] video4linux radio48: keene_cmd_main failed (-71) [ 951.673802][ T6050] radio-keene 5-1:0.0: V4L2 device registered as radio48 [ 951.725653][ T6050] usb 5-1: USB disconnect, device number 67 [ 952.266368][T14471] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI [ 952.266394][T14471] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 952.266416][T14471] CPU: 0 UID: 0 PID: 14471 Comm: syz.0.2641 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 952.266443][T14471] Tainted: [L]=SOFTLOCKUP [ 952.266450][T14471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 952.266462][T14471] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 952.266490][T14471] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 79 91 ea f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 58 91 ea f9 4d 8b 24 24 48 83 c3 [ 952.266506][T14471] RSP: 0018:ffffc9000e2afa40 EFLAGS: 00010206 [ 952.266524][T14471] RAX: 0000000000000005 RBX: ffff88803bcc5300 RCX: 0000000000080000 [ 952.266537][T14471] RDX: ffffc900117c7000 RSI: 00000000000003c4 RDI: 00000000000003c5 [ 952.266550][T14471] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 952.266562][T14471] R10: dffffc0000000000 R11: ffffffff8837d9f0 R12: 0000000000000028 [ 952.266575][T14471] R13: dffffc0000000000 R14: ffff88802ef14000 R15: dffffc0000000000 [ 952.266590][T14471] FS: 00007f31f9ebc6c0(0000) GS:ffff888126d52000(0000) knlGS:0000000000000000 [ 952.266606][T14471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 952.266620][T14471] CR2: 0000001b2f617ff8 CR3: 000000003bdd4000 CR4: 00000000003526f0 [ 952.266637][T14471] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 952.266648][T14471] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 952.266661][T14471] Call Trace: [ 952.266668][T14471] [ 952.266678][T14471] pcl818_detach+0x66/0xd0 [ 952.266700][T14471] comedi_device_detach_locked+0x178/0x750 [ 952.266725][T14471] comedi_unlocked_ioctl+0xce4/0x1020 [ 952.266751][T14471] ? kasan_quarantine_put+0xdd/0x220 [ 952.266775][T14471] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 952.266805][T14471] ? smack_log+0xef/0x3f0 [ 952.266825][T14471] ? __pfx_smack_log+0x10/0x10 [ 952.266844][T14471] ? smk_access+0x14c/0x4e0 [ 952.266867][T14471] ? smk_tskacc+0x2fc/0x370 [ 952.266888][T14471] ? smack_file_ioctl+0x24d/0x340 [ 952.266913][T14471] ? __pfx_smack_file_ioctl+0x10/0x10 [ 952.266940][T14471] ? __fget_files+0x3a6/0x420 [ 952.266964][T14471] ? __fget_files+0x2a/0x420 [ 952.266982][T14471] ? bpf_lsm_file_ioctl+0x9/0x20 [ 952.267006][T14471] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 952.267031][T14471] __se_sys_ioctl+0xff/0x170 [ 952.267054][T14471] do_syscall_64+0xfa/0xf80 [ 952.267076][T14471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.267094][T14471] ? clear_bhb_loop+0x60/0xb0 [ 952.267112][T14471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.267129][T14471] RIP: 0033:0x7f31fbc9f749 [ 952.267145][T14471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 952.267161][T14471] RSP: 002b:00007f31f9ebc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 952.267179][T14471] RAX: ffffffffffffffda RBX: 00007f31fbef6180 RCX: 00007f31fbc9f749 [ 952.267193][T14471] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000006 [ 952.267205][T14471] RBP: 00007f31fbd23f91 R08: 0000000000000000 R09: 0000000000000000 [ 952.267217][T14471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 952.267229][T14471] R13: 00007f31fbef6218 R14: 00007f31fbef6180 R15: 00007ffcbe770388 [ 952.267250][T14471] [ 952.267262][T14471] Modules linked in: [ 952.267279][T14471] ---[ end trace 0000000000000000 ]--- [ 952.267292][T14471] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 952.267315][T14471] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 79 91 ea f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 58 91 ea f9 4d 8b 24 24 48 83 c3 [ 952.267329][T14471] RSP: 0018:ffffc9000e2afa40 EFLAGS: 00010206 [ 952.267345][T14471] RAX: 0000000000000005 RBX: ffff88803bcc5300 RCX: 0000000000080000 [ 952.267357][T14471] RDX: ffffc900117c7000 RSI: 00000000000003c4 RDI: 00000000000003c5 [ 952.267369][T14471] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 952.267380][T14471] R10: dffffc0000000000 R11: ffffffff8837d9f0 R12: 0000000000000028 [ 952.267392][T14471] R13: dffffc0000000000 R14: ffff88802ef14000 R15: dffffc0000000000 [ 952.267404][T14471] FS: 00007f31f9ebc6c0(0000) GS:ffff888126d52000(0000) knlGS:0000000000000000 [ 952.267420][T14471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 952.267432][T14471] CR2: 0000001b2f617ff8 CR3: 000000003bdd4000 CR4: 00000000003526f0 [ 952.267447][T14471] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 952.267458][T14471] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 952.267476][T14471] Kernel panic - not syncing: Fatal exception [ 952.267857][T14471] Kernel Offset: disabled