last executing test programs: 28.013515295s ago: executing program 4 (id=1201): wait4(0x0, 0x0, 0x1, 0x0) r0 = syz_pidfd_open(0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0xff09, 0x0) 26.416628905s ago: executing program 4 (id=1206): r0 = socket$kcm(0x23, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@phonet, 0x80, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000280)="c609", 0x2}], 0x2, 0x0, 0x0, 0xeaff}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r5, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x40000108, 0x0, 0x3ff000000}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r6) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x1c, r7, 0xadab2836b5a4ab95, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r11 = memfd_create(&(0x7f00000001c0)='\ve\xff\x00\x00\x00\x00\x00\x00\xe8\x00\x00\x00\x00', 0x1) write(r11, &(0x7f0000000040)="0600", 0x2) sendfile(r11, r11, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r11, 0x0) 22.465418268s ago: executing program 4 (id=1211): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000040)=@id, 0x10) shutdown(r5, 0x2) 16.173862845s ago: executing program 3 (id=1216): ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff6f}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4004550c, 0x0) socket(0xa, 0x800, 0xa) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x2, @local}}, 0x1e) r2 = socket$kcm(0x10, 0x5, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r3, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/180}, {&(0x7f0000000280)=""/122}, {&(0x7f0000000400)=""/165}, {&(0x7f00000004c0)=""/142}, {&(0x7f0000000640)=""/70}, {&(0x7f00000006c0)=""/179}], 0x0, &(0x7f0000000580)=""/70, 0x11}}], 0x40000000000029d, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x42, &(0x7f0000000100)=0x2, 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) recvmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c03000017"], 0x34c}, 0x1, 0x0, 0x0, 0x400c821}, 0x44) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) 15.34852018s ago: executing program 3 (id=1219): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe8f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x3, 0x40, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x0, 0x0, 0x2}}}}}]}}]}}, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r2}) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x5, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x4, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x1000000, 0x8, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x6, 0x0, 0x2, "57d4915b52cdfd4e8ea56ed6c1ca719a"}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x29, 0x4, 0x53, 0x5, 0x7b, @remote, @mcast2={0xff, 0x5}, 0x20, 0x7800, 0x7d, 0x6}}) 11.703276044s ago: executing program 1 (id=1225): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x2c020400) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)='./file0\x00', 0x80}) io_uring_enter(r3, 0x351e, 0x483, 0x0, 0x0, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x8080, 0x0) read$char_usb(r6, &(0x7f0000015140)=""/166, 0xa6) 11.702312341s ago: executing program 3 (id=1226): sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008040) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000f80)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats}) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000300)={{{@in=@remote, @in=@empty}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) sendmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffebe}, 0x90) r4 = syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x1, 0x10100, 0x10, 0x4033a}, &(0x7f0000000300)=0x0, &(0x7f00000004c0)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x38}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x2d3e, 0x0, 0x40, 0x0, 0x0) 11.69899621s ago: executing program 4 (id=1227): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x8, &(0x7f0000000300)={[{@redirect_dir_off, 0x3a}], [], 0x2f}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000500)=""/179, 0xb3) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, [{0x0, 0xa, "a78ce54806598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e518a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x20000172, "000000050000000026000400"}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x1f, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "f5000000000000000000000200000000000000000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="6eafae9268", 0x5}], 0x1}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x4) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000240)=0x28, 0x4) 11.631930786s ago: executing program 0 (id=1228): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x802541, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x5, 0x1, 0x4000, 0x2000, &(0x7f0000bde000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r3 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000440)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000003ec0), 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20002000}, 0xc, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[@ANYRES16=r0, @ANYBLOB="040029bd7000fbdbdf25750000000c0099000700000035000000ac00f0800a000200aee0069498a10000050001000200000090000e808b000000ccc944eb6bf68c8b128d3a67c9b75747e6f0875b7bbf110cc38576ae0234b17c15b64d8ddf6ba585a112f2a1a997a9eae15baf8b00a66d514f90e2fbdb308f46bdf16300ad317003bdbd3449e48fee7141114a005338291ca2054a321f1deb2d99146becabf3880d82630c5ff5fbe42aec5fa6bdde96f7c8a2d3c086bd7d5d9309f905bd0c65cc0004000500d009f0800c030c80700004800a00060008021100000000000a00060008021100000000000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000000000a00060008021100000000000a00060008021100000100000a000600080211000000000005000300040000000301020082c30d9ce36a017a91495f24f4e4f4e3c31bdc47383c5a6ad56cd3ce9010edeb1b53f753b1b16b49f3ea16ff788f66e3f842898370b5427218f77e81b24d7650eb9e006a1802b314d771763e144d9e4eb9f8ee0ca0ab8af5208b82d5ad17457d9f5682a52fff5fe8fec5cda3ff12f8b82466c1b59e4b1264f3b2785b70e5b68f75c30c76a591e561753d86adb4ec0ee7d270ed276600dc7f93d50f558cf10fedd0e69b3f15296a2ec0dc240a4abe3eb0d5b17715911b5d03fffdde3e0b4c92ff024d5dfe2fd84afb7bd07c9e3a18e81fb3230fe3fb829c4696430a8971e8cd313635a06b3dc906f53924f0f901d7b9e3b9a38707dd619a461e635915a40e370003010200bd6354047323aa60d15ffc2d5bb7f355c373fd426827ab6d80c1a405d3bb9b231f33e4a18f16f0b7a367c59c9e327e67cf821c0f1eba92d7f5f1f545badd9d5caa9f76d0ec2791cca18126844629121aab00710f011dfdbb45310df91a90128a2a2cf7ed288e0505dc7ebf0505c332d0618e4c2774adaa94ab993e3fd812297b6cdd64528b14126f6d8358b9af776d321cf7eeafa54f640b34f5d759cb69e6780d9f050983118a3e6e25a31e737aabbaae0c40b37ecda2f4a8200b843d78bcfe6dac94e1f8b96f9a934ff0654e0a30a0dc07b9af19612d288a2930fe23621c259f3e4be17629a75c166645a1214b5fc5d689584583e6f5e502a6426061669e00050003000a00000005000300060000000500030080000000700004800a000600ffffffffffff00000a00060008021100000100000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000100000a00060008021100000000000a000600ffffffffffff000040000d800b000000de43c9cafc4253002d0000009314943c49d134f601f19e084ce94053cc6df40098cbbbb89ef3f1f7d2b659b6749e1a55786227ed3d000000050006000200000034030d80c400000058215923c87a2047f46864eeba9d035aededc6656c15716d2d2b87de3129d0bc0d7c26c3a37a0ba3add20d577ddf9aaccc87cd39dbc4ce63605f0c3d689f25290813fddbf39b150151443f5dcd4d3c0f5c991e258963f8a432135b36031bb74ae74ce1e13775caf497657c50cea43496d758b975f281fbd9293af81df5632401a38ef180baaa130feb05b3c160bff31a4c84b8d5f15653a80346f926b309e90029c95824aca5a541d5a0fc168085826674acf91c872749b0de41d9315a0a69e68000000071db52040c5167732bcda15050a0eb147f5688927fb1f8df6381b3430d20a5db76eba1d8a127e1ab6f425ab79370e8d81e44213664971dbac432026de996a560a5720c6555c109660a030ae6dd688236e32520b9046a82eb75e23567e7085678f6409e651b5316e437054f7b1381e9f674db9aefd546bb01118b34ea5a00000030acc7b3ea204fd80da882c2c3754926b80def01ea8fc2d98231e7b565880c027098a93c976dc14189ddee05c05b8df124d6344ae349f2c34d55a15c953232f1eea86d0a33b28d8ff774f208ddfbb05a871ac89b1e1400004f0000004ba81bf116f592f4e4bc22ce0f1f4f45cbeba484717b2f991b24e20c668828a8d40d5fba5c5186cabc2aefc45dabaa7b737fbeea90e110882733f7726dc32f4b414673a276ec59772fc1d2006f000000fc7cfc44271367adf51fd5a92f2a4acbcc3d369742de21a1521a934f06385a292a1d5ec24e567aeaa81e8c06a85e264e1bfe92164b77626a8a386083dc14eb8251285c23e6eb403730d60cb5d729fc21316d385d958e301351fc33f911892f10b2cea8a7d044b581aa882800ce000000dce68bef696ead7554efa42cc5336f1fad1bd19d7e6f9ec4311ac89692fd975914c963d69894d2a842a161298d6f1adc6e9670f601554f077a489b52b3b80087efe4d197c65bd95f08f8ec622b98a6b56a71317eeabb27a64f1bc03e855a079c27ad22194e651294156cf28640fc5f81624a00e0b6357bc1c3da1f53e95f4e396cf33a69fd9fcc153ce894b6658810b4041738c9f61fefa0705674dbfdae81e0c32128a1ea68e907a90ca05b2b969ef7c4e9c45ee1f2bd627a84759db8ed284f154b9ad09ea05a873b10000005000f0000000000e8000c807c0004800a000600ffffffffffff00000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000000000a00060008021100000100000a000600ffffffffffff00000a00060008021100000100000a000600080211000001000005000300040000000500030006000000580004800a00060008021100000100000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000400050008000a00c202000048020c8005000300f2000000050003000900000005000300fb0000000500030001000000030102007cf1cf5ea385f47667af4a5d51561668a494f01868673450d71d0081d35b5c1f084fbf8813d35d932484fb4df44ccc68a59a1d1902042b8b1806e3543e720423a321b068bd7a8d6a48d24863699ccfd3352ab1ae2982bb3382ff7a0395efbe62a98afdc64b39a4ee97c61b1cfb53749f3a2be67634b90134bcb1a742fdadcdc9b18736c35817af3dbebe2f863d2137051a7da393c65229ceba9690ac309a42c47468e678f4b1e9415ab72efa7dec7f84277ab31e53068f25fdd7289703aa18135b5566e246d5a422f6b5fde4d20df5e3f5c90cdc2ec78b191d6f0dc52617a8d6549765fd499fcaeec480f9547c2d77ec90fba38c47977e05536efe5fbc5dd60004000100100004800a00060008021100000000000500030003000000030102006af0ca78705f20b202b6a6373dcc8e9df30ae72e63ee1dd1aadf02ea1bf9ef82f3ff2fad18701e12580243d6a1bc050459562b298154adbe3131979cd58f093d33c97dc4656a4fe9e7878bb89907f62ca0a9ed67bb8f19c995749dfcbf749d402594cf7dddc6a190e7474539c2969227937af326d39b24db77ab58d6526cd1d5b81efe1b0263bb858ee03e241fa155d6e13cf05a10340006604685f320e2835736017700b21811a2f409092895c45e6afd0c2b77f0445b1a22c9f4fe796524310ea6b6e8717b794ca3518d085876c6456a218dae2976a508d47b94aba4310bb46e1879465fdf7e05ee50770a975a96990a062cb8bbdaa14b3ead8014ad5a4c00b400f080aa000b0068df503d3ba5c2081ae6975f360252304ac28c76704a6b20cb1f990d280f479e3403c0179a8c2577cfd4e6ee9fffec3638f7d4b8fab11df7bc5d098e83eeb23e349e2e4b32e5f8b6426dea695ae614b80f45eb28bdc0c54fb49ec5e369e9c82719375d3e96d4a969dea7733c86b83ee539b3d7fc376db43de4f724da15f4a6"], 0xb50}, 0x1, 0x0, 0x0, 0x80}, 0x44000) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000003f00)={0x3, 0x0, 0x9}) io_setup(0x222, &(0x7f0000000180)=0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x40000001d7582, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r8, 0x0) io_submit(r7, 0x0, &(0x7f0000000080)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x4c884) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) r9 = syz_open_dev$video(&(0x7f0000000040), 0xa3, 0x0) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000180)={0x1, @pix_mp={0x0, 0x0, 0x33424752, 0x0, 0x9, [{}, {}, {}, {}, {}, {}, {0x0, 0x2000}]}}) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) 10.05811972s ago: executing program 1 (id=1229): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x7) ioctl$SIOCAX25OPTRT(r0, 0x891b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) sendfile(r2, r2, 0x0, 0x40000f63c) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz0\x00', 0x1c}) r3 = syz_open_dev$sndpcmp(&(0x7f0000002000), 0x5d5d, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001736e7202d15390500000000030109021b00020000000009040005450800000009"], 0x0) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x51) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat(r4, &(0x7f0000000080)='./file0\x00', 0x4000, 0x8) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) syz_open_dev$tty1(0xc, 0x4, 0x2) r7 = socket$inet6(0xa, 0x80008, 0x4000000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x2, 0x1, 0x0, 0x2}, 0x20) pipe2(&(0x7f0000000040), 0x0) syz_clone3(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 9.954779412s ago: executing program 0 (id=1231): r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000480)="11834a7319e3458ceed8e85a61ba46a79031254fe913e4487c07ba0f72b24f1e4598d11010cc0a2f2f76ce358982d2061f9ca27d21bb237bb33ad9ca8d92cd47156dad76f6e0041204b7d5ba0d19fc96b8ea0bc4aefda7ac9463ce9d45b7c0242be33e5c1cf7c0b1d497e6afc902a8d72ba3cab671ec61bab1e6f747d2c3eb54eb966ba6abb5dd2baca6111a18e69515242641682991a10e5e3b825f531ad61ed1a82fb29d196dd72b18d9499443a26fcea33c518fcce533a761cdb58bfaac15", 0xc0, 0xfffffffffffffffd) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) writev(r3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x100}, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$UHID_SET_REPORT_REPLY(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="0e00150000000000ffdff900e7b366a7ecfe80ba859b82edef2db5be54a9851abdee1907bf701b8857c081795de060d8b0973bdf0cad401004893774929dd36c9b5ba06d2693c04b38fc426735df21b373f8433b3a7a2ac939c4c5e4cb7b701f2e9765df533f3f69d78bc43f84054da5dbca6f0608f5def3a0853d529d31f0000000000000000000"], 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, 0x0, 0x0, 0x0) r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r8, 0xc01864c6, &(0x7f0000000100)={0x0}) 9.94117782s ago: executing program 3 (id=1232): bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="20000000040000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000100000000000e0a7b9"], 0x48) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x7, 0x101, 0x0, 'queue0\x00', 0x5}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2) 9.939502163s ago: executing program 4 (id=1233): mount(0x0, 0x0, &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"d6f5b0d6beb88af1a48d11e177e0eb3521d548f276122a537a1eccbbe72d40c68028906b6e49a2c147417b6eb1288f487c7cef61ae24152bfd2c00e823b7b09eb511237a053cda6423ee85cd5b3138ddde75aad11791d604844e96260abcbb26f3b6d26c710694ef2dbcbdaaf6e8c552c366e90ebe987d0b7ffd10d38cebcfafc35a3217c327118c58f8f2cce9e2604eb79c62f4a29778b70ff0a1353df811003a5a5883383232f1e44573d29ca558e9d9093b68e84085278dcd1fca845b364afbb9a305c786aa1bd953c6beb3f6258e1845875c292eb6e758dce7b38c02e13beb1f2a36e92e79f5030ecd091a58bc81b73317e5dca8e975b69ba47f60c0a936f3e47ccd4d415ae974482561c83b20e6c2c53fd326073cee3351588751d83395ec6dab863f32efc53a138424697a0e5226538a40bdff4fc07be8f06f753b08ddccf0638d2241349461d732647d0f59a236a888bf06889835910cb4b1630414ab8407725ee330dfba0ce517b67f89340d3fdcdf5bc4bb309b896deab19c8a749a0e5f783939300694699fa0e4cc5c384118a44811e836d0593ff2cee71c9a1f18790c0e8189bc57800a8f2ff01694a30c32934ae01980df9d0ca4010cc4f2a5dd5c452e85c04f3940d83ec090de235e6c3ae71ab5833b5e49b673d98ce2eb39cbeab9ad11d81eda0b1c17c48cfbfd92e9d54ba707e326756581eaaf344fddd0831e7ff1e47f4fc8eca3ea61fa07f4894482b15d4912626a67cbe9d6bc596f9860de380a550176dd87e3364ecc023c8d826c1755ea186999effdd063a9b561298141925e1c138ef7d8bf7dbaddf46f1746625a094d8b73670ba1e5279505d3f52f97e77f4677907a3dc3a3ee2b914f3a3680cdfae9700d835ad8d9a1fee4bf50b536cf474da4667c78dc04db9bd92cd2f017fec1265d4f5c04c06a88c39b7dfaed523c1f4d4dc39af448c4c02a195578fe8d24de251360c0dccea1b539add1ba96c20500bbe7ae700d59c94ff8f48a4569434654ed1d3d5bb83ee8124d7badd321c66dffdddd94c8b742a83fc26f423af1674cae4fa851d6eafbbe4d02840dfecd442dcfdf3a15185aaaf5bd4bd9a7c6aa8d59e8d924047656bac3b5e6553d3e85fe25b624cfbc7d43bb91a889b37ffeb0a566953483b75d3564caeadbcfe37779a1974d3e19925f9dfecada7e0271e2e1b459783ac4fd04ad7463fd1a9e9da50a2bde27578ee55cdb53c746f0d125bab7f5d6bba64db47fad8e1b2a4004c4e427a32b53391c60d2bd6d5dfd0a79f2117608c110054cf427f860cd7450d6e2099ee07a8be36792e3bddbf3ce05d3f41f3196dbfb25d6e6f92c01fc75242f2d00fd060082c155f31acdc1e55835c3e1dff972a161c4771849f97a447beb82692553c9bc7f8e1d24d1c458deccdfa9b3eeebc60e7ee714aeee07aa118f5c5d8f5ab4"}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000024d564b000000000b"]) 7.921737612s ago: executing program 2 (id=1234): r0 = eventfd2(0xffffffdc, 0x0) r1 = userfaultfd(0x80001) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0) write$P9_RSTATu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="6502000002fd0a4f0524012800001f00000000000000000000000000000000000000000000000c00000001040000000000007dff0a6e6f6465767b65766f03d38b9200000000000000000000000000280070673effeb09b5351f5bde054000000000187899a916638814e5708103b494e1000000000000000002000800ac00f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a440b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cba36f4fd1a4cc280e8e289da649a3700398641631d44f4a39b1191937a280e8d889fc220d115ac8e2f184b9a61758d26772ab0f2044d8ef0263ddd97d3c427b3a532efab1d1ce32ca7c1fc231af48408e02b255028b7c9bb85396f4d8af0eb95fc0ecc99f780e22c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/601, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0xfd85) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2c}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) readv(r1, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/114, 0x72}], 0x1) syz_open_dev$evdev(&(0x7f0000002f80), 0x3, 0x484000) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000130000/0x2000)=nil, 0x2000}}) r3 = syz_io_uring_setup(0x239, &(0x7f0000000680)={0x0, 0x405e5, 0x8000, 0x0, 0xfffffffe}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) gettid() socket$nl_route(0x10, 0x3, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, 0x0, 0x0) r7 = io_uring_setup(0x68af, &(0x7f0000000480)={0x0, 0x0, 0x1880, 0x1}) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x307500, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000080)=0xb) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r9, 0x40047438, &(0x7f0000000100)=0x1) preadv(r9, &(0x7f0000000840)=[{&(0x7f0000000000)=""/24, 0x18}], 0x1, 0x8, 0xa76) close_range(r7, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xb390}, 0x1}) io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r10, 0x84, 0x21, &(0x7f0000000000)=0x4, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000340)="7e9adf65e9c6bafa", 0x8}], 0x1) 7.175973476s ago: executing program 0 (id=1235): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x40000108, 0x0, 0x3ff000000}]}) 7.04331914s ago: executing program 3 (id=1236): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = getpid() seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x60}, {0x16, 0x0, 0x1, 0xf3}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x4, 0x200, 0x21db}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)={0x38, 0x2, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x30}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast1}}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40840}, 0x4010) syz_pidfd_open(r1, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f00000006c0)=[@uexit={0x0, 0x18, 0xce}, @cpuid={0x2, 0x18, {0x0, 0x10}}, @cpuid={0x2, 0x18, {0xab8, 0x401}}, @code={0x1, 0x62, {"f242af66b830010f00d0c402cd0a1366ba400066b81d1966efc4e1ff70118d0f783dfd7f00002e26640f01c9b9830b0000b864f70000ba000000000f30b805000000b9820000000f01d9c4e1d1d574cd04"}}, @cpuid={0x2, 0x18, {0x2, 0x3e}}, @uexit={0x0, 0x18, 0x8}, @cpuid={0x2, 0x18, {0x8001, 0x3}}, @code={0x1, 0x5c, {"66ba420066b8090066ef450fb1e4410f01c466470f3830ca366564430f350fc7a970110000c7442400a3000000c744240200800000ff2c24f3420f1ad066b8b3008ec8f04728aa00000000"}}, @cpuid={0x2, 0x18, {0x91, 0x5}}, @uexit={0x0, 0x18}, @code={0x1, 0x5d, {"640f07440f0766b813018ec8264c0fc7ad00000100b9800000c00f3235000400000f30c4a135691e730048b864000000000000000f23c80f21f8350400c0000f23f8c401e9d0c4c4411914c2"}}, @code={0x1, 0x50, {"66ba2100ecb904080000b800980000ba000000000f30c4813658f40f01cb4c0fc79fa8404c87f20f07f20fc27b00ae66b808010f00d066baa10066ed670f30"}}, @uexit={0x0, 0x18, 0x9}, @uexit={0x0, 0x18, 0x7}], 0x25b}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) umount2(0x0, 0x2) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) 6.844612918s ago: executing program 4 (id=1237): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000040)=@id, 0x10) shutdown(r5, 0x2) 6.791348224s ago: executing program 1 (id=1238): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000940)=0x707987cd) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) recvmsg(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mknodat$loop(0xffffffffffffffff, 0x0, 0x6000, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) prlimit64(r0, 0x4, 0x0, &(0x7f00000001c0)) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2) 5.529237327s ago: executing program 1 (id=1239): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001000)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r3, &(0x7f0000000580)="973ac95d8e8eb91311a0b6ebdac2bbe2ec3f77c66081d9dfdf18e4d6fd66e801560dc7a885ae499fdc20507f30564a39d12a009599b0ebc2f50d7dc4c6bd02f3aa2890345a42c6fdd22014b685929b7a99", 0x51, 0x24004004, &(0x7f0000000100)={0xa, 0x0, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, 0x1c) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2f, 0x1, 0x9, 0x4, 0x7e, @mcast2, @loopback, 0x10, 0x8020, 0x4021, 0x8}}) r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$USBDEVFS_DISCARDURB(r5, 0x550b, 0x0) tkill(0x0, 0xb) socket$unix(0x1, 0x2, 0x0) 5.525344331s ago: executing program 2 (id=1240): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x1c}) read(r5, &(0x7f0000000080)=""/129, 0x20) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8) 5.423706226s ago: executing program 0 (id=1241): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x802541, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x5, 0x1, 0x4000, 0x2000, &(0x7f0000bde000/0x2000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r3 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000440)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000003ec0), 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20002000}, 0xc, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[@ANYRES16=r0, @ANYBLOB="040029bd7000fbdbdf25750000000c0099000700000035000000ac00f0800a000200aee0069498a10000050001000200000090000e808b000000ccc944eb6bf68c8b128d3a67c9b75747e6f0875b7bbf110cc38576ae0234b17c15b64d8ddf6ba585a112f2a1a997a9eae15baf8b00a66d514f90e2fbdb308f46bdf16300ad317003bdbd3449e48fee7141114a005338291ca2054a321f1deb2d99146becabf3880d82630c5ff5fbe42aec5fa6bdde96f7c8a2d3c086bd7d5d9309f905bd0c65cc0004000500d009f0800c030c80700004800a00060008021100000000000a00060008021100000000000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000000000a00060008021100000000000a00060008021100000100000a000600080211000000000005000300040000000301020082c30d9ce36a017a91495f24f4e4f4e3c31bdc47383c5a6ad56cd3ce9010edeb1b53f753b1b16b49f3ea16ff788f66e3f842898370b5427218f77e81b24d7650eb9e006a1802b314d771763e144d9e4eb9f8ee0ca0ab8af5208b82d5ad17457d9f5682a52fff5fe8fec5cda3ff12f8b82466c1b59e4b1264f3b2785b70e5b68f75c30c76a591e561753d86adb4ec0ee7d270ed276600dc7f93d50f558cf10fedd0e69b3f15296a2ec0dc240a4abe3eb0d5b17715911b5d03fffdde3e0b4c92ff024d5dfe2fd84afb7bd07c9e3a18e81fb3230fe3fb829c4696430a8971e8cd313635a06b3dc906f53924f0f901d7b9e3b9a38707dd619a461e635915a40e370003010200bd6354047323aa60d15ffc2d5bb7f355c373fd426827ab6d80c1a405d3bb9b231f33e4a18f16f0b7a367c59c9e327e67cf821c0f1eba92d7f5f1f545badd9d5caa9f76d0ec2791cca18126844629121aab00710f011dfdbb45310df91a90128a2a2cf7ed288e0505dc7ebf0505c332d0618e4c2774adaa94ab993e3fd812297b6cdd64528b14126f6d8358b9af776d321cf7eeafa54f640b34f5d759cb69e6780d9f050983118a3e6e25a31e737aabbaae0c40b37ecda2f4a8200b843d78bcfe6dac94e1f8b96f9a934ff0654e0a30a0dc07b9af19612d288a2930fe23621c259f3e4be17629a75c166645a1214b5fc5d689584583e6f5e502a6426061669e00050003000a00000005000300060000000500030080000000700004800a000600ffffffffffff00000a00060008021100000100000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000100000a00060008021100000000000a000600ffffffffffff000040000d800b000000de43c9cafc4253002d0000009314943c49d134f601f19e084ce94053cc6df40098cbbbb89ef3f1f7d2b659b6749e1a55786227ed3d000000050006000200000034030d80c400000058215923c87a2047f46864eeba9d035aededc6656c15716d2d2b87de3129d0bc0d7c26c3a37a0ba3add20d577ddf9aaccc87cd39dbc4ce63605f0c3d689f25290813fddbf39b150151443f5dcd4d3c0f5c991e258963f8a432135b36031bb74ae74ce1e13775caf497657c50cea43496d758b975f281fbd9293af81df5632401a38ef180baaa130feb05b3c160bff31a4c84b8d5f15653a80346f926b309e90029c95824aca5a541d5a0fc168085826674acf91c872749b0de41d9315a0a69e68000000071db52040c5167732bcda15050a0eb147f5688927fb1f8df6381b3430d20a5db76eba1d8a127e1ab6f425ab79370e8d81e44213664971dbac432026de996a560a5720c6555c109660a030ae6dd688236e32520b9046a82eb75e23567e7085678f6409e651b5316e437054f7b1381e9f674db9aefd546bb01118b34ea5a00000030acc7b3ea204fd80da882c2c3754926b80def01ea8fc2d98231e7b565880c027098a93c976dc14189ddee05c05b8df124d6344ae349f2c34d55a15c953232f1eea86d0a33b28d8ff774f208ddfbb05a871ac89b1e1400004f0000004ba81bf116f592f4e4bc22ce0f1f4f45cbeba484717b2f991b24e20c668828a8d40d5fba5c5186cabc2aefc45dabaa7b737fbeea90e110882733f7726dc32f4b414673a276ec59772fc1d2006f000000fc7cfc44271367adf51fd5a92f2a4acbcc3d369742de21a1521a934f06385a292a1d5ec24e567aeaa81e8c06a85e264e1bfe92164b77626a8a386083dc14eb8251285c23e6eb403730d60cb5d729fc21316d385d958e301351fc33f911892f10b2cea8a7d044b581aa882800ce000000dce68bef696ead7554efa42cc5336f1fad1bd19d7e6f9ec4311ac89692fd975914c963d69894d2a842a161298d6f1adc6e9670f601554f077a489b52b3b80087efe4d197c65bd95f08f8ec622b98a6b56a71317eeabb27a64f1bc03e855a079c27ad22194e651294156cf28640fc5f81624a00e0b6357bc1c3da1f53e95f4e396cf33a69fd9fcc153ce894b6658810b4041738c9f61fefa0705674dbfdae81e0c32128a1ea68e907a90ca05b2b969ef7c4e9c45ee1f2bd627a84759db8ed284f154b9ad09ea05a873b10000005000f0000000000e8000c807c0004800a000600ffffffffffff00000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000a000600ffffffffffff00000a00060008021100000000000a00060008021100000100000a000600ffffffffffff00000a00060008021100000100000a000600080211000001000005000300040000000500030006000000580004800a00060008021100000100000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000400050008000a00c202000048020c8005000300f2000000050003000900000005000300fb0000000500030001000000030102007cf1cf5ea385f47667af4a5d51561668a494f01868673450d71d0081d35b5c1f084fbf8813d35d932484fb4df44ccc68a59a1d1902042b8b1806e3543e720423a321b068bd7a8d6a48d24863699ccfd3352ab1ae2982bb3382ff7a0395efbe62a98afdc64b39a4ee97c61b1cfb53749f3a2be67634b90134bcb1a742fdadcdc9b18736c35817af3dbebe2f863d2137051a7da393c65229ceba9690ac309a42c47468e678f4b1e9415ab72efa7dec7f84277ab31e53068f25fdd7289703aa18135b5566e246d5a422f6b5fde4d20df5e3f5c90cdc2ec78b191d6f0dc52617a8d6549765fd499fcaeec480f9547c2d77ec90fba38c47977e05536efe5fbc5dd60004000100100004800a00060008021100000000000500030003000000030102006af0ca78705f20b202b6a6373dcc8e9df30ae72e63ee1dd1aadf02ea1bf9ef82f3ff2fad18701e12580243d6a1bc050459562b298154adbe3131979cd58f093d33c97dc4656a4fe9e7878bb89907f62ca0a9ed67bb8f19c995749dfcbf749d402594cf7dddc6a190e7474539c2969227937af326d39b24db77ab58d6526cd1d5b81efe1b0263bb858ee03e241fa155d6e13cf05a10340006604685f320e2835736017700b21811a2f409092895c45e6afd0c2b77f0445b1a22c9f4fe796524310ea6b6e8717b794ca3518d085876c6456a218dae2976a508d47b94aba4310bb46e1879465fdf7e05ee50770a975a96990a062cb8bbdaa14b3ead8014ad5a4c00b400f080aa000b0068df503d3ba5c2081ae6975f360252304ac28c76704a6b20cb1f990d280f479e3403c0179a8c2577cfd4e6ee9fffec3638f7d4b8fab11df7bc5d098e83eeb23e349e2e4b32e5f8b6426dea695ae614b80f45eb28bdc0c54fb49ec5e369e9c82719375d3e96d4a969dea7733c86b83ee539b3d7fc376db43de4f724da15f4a6"], 0xb50}, 0x1, 0x0, 0x0, 0x80}, 0x44000) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000003f00)={0x3, 0x0, 0x9}) io_setup(0x222, &(0x7f0000000180)=0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x40000001d7582, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r8, 0x0) io_submit(r7, 0x0, &(0x7f0000000080)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x4c884) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) r9 = syz_open_dev$video(&(0x7f0000000040), 0xa3, 0x0) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000180)={0x1, @pix_mp={0x0, 0x0, 0x33424752, 0x0, 0x9, [{}, {}, {}, {}, {}, {}, {0x0, 0x2000}]}}) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) 3.928566531s ago: executing program 1 (id=1242): sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008040) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000f80)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats}) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000300)={{{@in=@remote, @in=@empty}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) sendmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffebe}, 0x90) r4 = syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x1, 0x10100, 0x10, 0x4033a}, &(0x7f0000000300)=0x0, &(0x7f00000004c0)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x38}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x2d3e, 0x0, 0x40, 0x0, 0x0) 3.771033342s ago: executing program 2 (id=1243): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') preadv(r2, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4112, 0x1010}], 0x1, 0x800, 0x0) gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) gettid() sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x84) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000880)="5b7c6f793db41fc6df0dedebf2f56f412807efb5239b21543c05b6c9a05c5eb4ebc0035ac642c82eaa659fcaf8e0a568ba5c09ef979478f9325128e704f1aff18731", &(0x7f0000000440)="b4bec0f7e1ed20363ca9a2555dd0517cd857afa6177ccb11a055b9e8e28d43cfe6bbf93603f464eb0aa34da31c5897c672c83d200090d2e20400a10b2533a21e5599db014a5b6f8f12"}}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e00000004000000040000000200020004000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000019a90877506bfcdb2c590d3f365e65b2c5859b2f2b280650991de383cfb9da6dca0ccee4f45079d386ab6ad7ca7d4504edebaf3ce26ddf752eb32fbc5764e2df18106251033664b72b602de036832a03055431103178aa", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000040)={0x9, {0x22, 0xff, 0x4, 0x7, 0x800}}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x74) r4 = syz_open_procfs(0x0, &(0x7f0000000200)='wchan\x00') r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r5, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @loopback}], 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYRESHEX=r4, @ANYRES16=r3, @ANYBLOB="de6ef7ffca65bedfa8a392131f50e659d37c37a62d4358d1e8a0214c665376fb2d6493a4e7146b33be7b51c7c82dea3c486ed8e909a5ef29abfb0675bb5a83692003e12f2bf83ad5c9745410f843a6f88d32191d61aedf2c9ff77db7103747a4b5dd20bf158e5792154159d7d620be858b857c4bc8a133e6ccbfb02d35d510d506635cb2061bf6e6fb59321f7209468414e9cb8312f99e1a970a41f23cc6c8413bf1ed7f3696b227db1183410e31a8815e49a85f267345f58041f9db"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4) socket$kcm(0x10, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 3.66956511s ago: executing program 0 (id=1244): capset(&(0x7f0000000040)={0x20080522}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r3 = socket(0x1e, 0x1, 0x0) connect$tipc(r3, &(0x7f0000000040)=@id, 0x10) shutdown(r3, 0x2) 1.907869304s ago: executing program 0 (id=1245): bpf$TOKEN_CREATE(0x24, &(0x7f0000000500), 0x8) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r3, 0x1, {0x1, 0xff, 0x4}}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18) sched_setaffinity(0x0, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xa002, 0x0) ioctl$TUNSETLINK(r4, 0x400454cd, 0x207) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) syz_emit_ethernet(0x3b6, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe909393fe089393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x2000000000000040, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@local}}, &(0x7f00000002c0)=0xe8) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000280)=@md0, r7, &(0x7f00000004c0)={0x8000, 0xc37}) syz_open_dev$tty1(0xc, 0x4, 0x1) 1.754154829s ago: executing program 1 (id=1246): bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="20000000040000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000100000000000e0a7b9"], 0x48) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x7, 0x101, 0x0, 'queue0\x00', 0x5}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2) 1.675735667s ago: executing program 2 (id=1247): mount(0x0, 0x0, &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"d6f5b0d6beb88af1a48d11e177e0eb3521d548f276122a537a1eccbbe72d40c68028906b6e49a2c147417b6eb1288f487c7cef61ae24152bfd2c00e823b7b09eb511237a053cda6423ee85cd5b3138ddde75aad11791d604844e96260abcbb26f3b6d26c710694ef2dbcbdaaf6e8c552c366e90ebe987d0b7ffd10d38cebcfafc35a3217c327118c58f8f2cce9e2604eb79c62f4a29778b70ff0a1353df811003a5a5883383232f1e44573d29ca558e9d9093b68e84085278dcd1fca845b364afbb9a305c786aa1bd953c6beb3f6258e1845875c292eb6e758dce7b38c02e13beb1f2a36e92e79f5030ecd091a58bc81b73317e5dca8e975b69ba47f60c0a936f3e47ccd4d415ae974482561c83b20e6c2c53fd326073cee3351588751d83395ec6dab863f32efc53a138424697a0e5226538a40bdff4fc07be8f06f753b08ddccf0638d2241349461d732647d0f59a236a888bf06889835910cb4b1630414ab8407725ee330dfba0ce517b67f89340d3fdcdf5bc4bb309b896deab19c8a749a0e5f783939300694699fa0e4cc5c384118a44811e836d0593ff2cee71c9a1f18790c0e8189bc57800a8f2ff01694a30c32934ae01980df9d0ca4010cc4f2a5dd5c452e85c04f3940d83ec090de235e6c3ae71ab5833b5e49b673d98ce2eb39cbeab9ad11d81eda0b1c17c48cfbfd92e9d54ba707e326756581eaaf344fddd0831e7ff1e47f4fc8eca3ea61fa07f4894482b15d4912626a67cbe9d6bc596f9860de380a550176dd87e3364ecc023c8d826c1755ea186999effdd063a9b561298141925e1c138ef7d8bf7dbaddf46f1746625a094d8b73670ba1e5279505d3f52f97e77f4677907a3dc3a3ee2b914f3a3680cdfae9700d835ad8d9a1fee4bf50b536cf474da4667c78dc04db9bd92cd2f017fec1265d4f5c04c06a88c39b7dfaed523c1f4d4dc39af448c4c02a195578fe8d24de251360c0dccea1b539add1ba96c20500bbe7ae700d59c94ff8f48a4569434654ed1d3d5bb83ee8124d7badd321c66dffdddd94c8b742a83fc26f423af1674cae4fa851d6eafbbe4d02840dfecd442dcfdf3a15185aaaf5bd4bd9a7c6aa8d59e8d924047656bac3b5e6553d3e85fe25b624cfbc7d43bb91a889b37ffeb0a566953483b75d3564caeadbcfe37779a1974d3e19925f9dfecada7e0271e2e1b459783ac4fd04ad7463fd1a9e9da50a2bde27578ee55cdb53c746f0d125bab7f5d6bba64db47fad8e1b2a4004c4e427a32b53391c60d2bd6d5dfd0a79f2117608c110054cf427f860cd7450d6e2099ee07a8be36792e3bddbf3ce05d3f41f3196dbfb25d6e6f92c01fc75242f2d00fd060082c155f31acdc1e55835c3e1dff972a161c4771849f97a447beb82692553c9bc7f8e1d24d1c458deccdfa9b3eeebc60e7ee714aeee07aa118f5c5d8f5ab4"}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000024d564b000000000b"]) 1.606394866s ago: executing program 3 (id=1248): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x7) ioctl$SIOCAX25OPTRT(r0, 0x891b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) sendfile(r2, r2, 0x0, 0x40000f63c) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz0\x00', 0x1c}) r3 = syz_open_dev$sndpcmp(&(0x7f0000002000), 0x5d5d, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001736e7202d15390500000000030109021b00020000000009040005450800000009"], 0x0) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x51) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat(r4, &(0x7f0000000080)='./file0\x00', 0x4000, 0x8) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) syz_open_dev$tty1(0xc, 0x4, 0x2) r7 = socket$inet6(0xa, 0x80008, 0x4000000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x2, 0x1, 0x0, 0x2}, 0x20) pipe2(&(0x7f0000000040), 0x0) syz_clone3(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.132362585s ago: executing program 2 (id=1249): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) ioctl$int_in(r4, 0x5452, &(0x7f0000000940)=0x707987cd) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) recvmsg(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mknodat$loop(0xffffffffffffffff, 0x0, 0x6000, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) prlimit64(r0, 0x4, 0x0, &(0x7f00000001c0)) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2) 0s ago: executing program 2 (id=1250): syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1\x88\x16', 0x0) close(0xffffffffffffffff) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) syz_usb_connect$uac1(0x1, 0xfa, &(0x7f00000007c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe8, 0x3, 0x1, 0xff, 0x0, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0xf9}, [@selector_unit={0xa, 0x24, 0x5, 0x4, 0x6, "80ffd2c112"}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x204, 0x5, 0x4, 0x4, 0x5, 0x1}, @selector_unit={0x5, 0x24, 0x5, 0x4, 0x1}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x202, 0x4, 0x3, 0x3ff, 0x80, 0x3}, @mixer_unit={0x7, 0x24, 0x4, 0x2, 0x6, "0bdb"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x7, 0xfffd, 0x6}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x4, 0xfe, 0xd2, "", 'u'}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x1, 0x800, 0x1, "dc8f"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x3, 0x9, 0x81, '\t', "860d7d"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x2, 0xf, 0xd9, {0x7, 0x25, 0x1, 0x2, 0x9, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x3, 0x7, 0x5}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x2, 0x3, 0x90, 0x3}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x8, 0x2, 0x5, 0x5, 'sG\f'}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x4, 0x4, 0xe, 0x5, "19a0f3f2ae8f47824d"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x8, 0x3}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x3, 0x80, 0x80, {0x7, 0x25, 0x1, 0x2, 0x8, 0x9}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x0, 0x7, 0x7, 0xb, 0xff, 0x1}, 0x4e, &(0x7f0000000040)={0x5, 0xf, 0x4e, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x9, 0x2, 0x3ff}, @ssp_cap={0x20, 0x10, 0xa, 0x2, 0x5, 0xd9b, 0x7800, 0xb74, [0x0, 0x3ff0, 0x30, 0xff00c0, 0xe73045ba57e5ca7a]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x40, 0x7, 0x9}, @ssp_cap={0x18, 0x10, 0xa, 0x90, 0x3, 0x6bb7, 0x88f, 0xfffb, [0x3f30, 0xffc030, 0x0]}]}, 0x6, [{0x84, &(0x7f00000003c0)=@string={0x84, 0x3, "3f1bfe7d18bce57c9e07b20363602bf7e7dbb416ca4a3e763931ecddbdd7c65f80c592e8b7e6f3bafdbe38f07bab662d608eed816bdb77b3895c36657c773f669d5244891dc8407f7eaf8292022723bf3e7fd509bcf0bc42fdf8513a5e4847648e8f3017275b331cbca12c1a6fcb1c711e25fd3a4ba0dff5596b4938a279eb7582a3"}}, {0xe5, &(0x7f0000000480)=@string={0xe5, 0x3, "2a46098da53c0bde2d53ded1143ebaab0c687a525ff04c03ee69c65eecdbea64cb2806c7564c05538ef53f3e7648474d12945fcf60ac618045c688b3ed83ebedebb3ec7e992100d414ac632a59b6cfdea68b0be627e661b6cf6e2f89f021ced03b43b03018f49ab44a349f35d12ad414ea628114df8f35c5b04bd09f7444755cf4f068b5c7e7e6bd070a042c8d55ae0c44c32421f2079dec8db802fb5dd520a1edb961f86cdef08a98f9fd5405d453ed3dd8b3a6ab3787bedd3e32dfbd075bb60dfddd6bd7521550b402d582995d6cf7d45a04690832443926d8de72c8b84c373e9056"}}, {0xb9, &(0x7f0000000580)=@string={0xb9, 0x3, "2a68490d010f0bd2777b6e85cf56ce79bcf7a8bd986ef34e07ac1802232da3152b74e790827513de83ca2faa11cfe28ed6a7a7fb54161d0a7eb295af0eed18b74faaa6ec286903b9ab324956845391000927d9b4ef08f1c44c04df3e505346b98c2135bf17a838bab1315aca014054244fcca43f93f9cb12f289631fa4711ddacbe3786a9f16aded9396835387642c0e450de9fc0123db5fe21f3fa867e1dc46d46d4190f369f24dc02d9514d5aac1af158c05aac161e1"}}, {0xc1, &(0x7f0000000640)=@string={0xc1, 0x3, "3131df1f202fb19d1ada56884f35ec172d24b9d95a4b4ae8302776aa5b337d96d37c4a1d2d8a1169a14d6cb5946637c491cfe97f8fcf00539a5642e895dc0c07cd695e3c21028df53d12f6c3716f7c33cb0bd3c0a4effb31c5e702c5d035b35e007bbdfcd94ae52a2874e5a6d764e27d7e9b6c09b27db971ae4bb5925d324dc1ac39f3a2cc557cb0b845d260087704d00e57347d46dedabd13839c1f764c5e64c64f70021f2e2413008fe8e61eb84e17e1ca3fbc3c2fa2c14d39756301bbbe"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0xc09}}]}) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2c, 0x2, 0x0, 0x17}, 0x10) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(0x3) kernel console output (not intermixed with test programs): 416.311555][ T5820] usb 4-1: USB disconnect, device number 19 [ 416.410727][ T2071] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 416.410768][ T2071] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 416.410864][ T2071] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 416.410911][ T2071] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 416.410937][ T2071] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.457085][ T8475] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 416.481179][ T2071] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 416.733239][ T8475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.744074][ T8475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.855867][ T2071] usb 5-1: USB disconnect, device number 24 [ 417.259259][ C0] vkms_vblank_simulate: vblank timer overrun [ 418.041100][ C0] vkms_vblank_simulate: vblank timer overrun [ 418.143420][ C0] vkms_vblank_simulate: vblank timer overrun [ 418.656087][ C0] vkms_vblank_simulate: vblank timer overrun [ 419.533396][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.569743][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.626851][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.809992][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.885536][ T5853] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 421.158458][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 421.158479][ T38] audit: type=1326 audit(1758671511.365:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.158526][ T38] audit: type=1326 audit(1758671511.385:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.161236][ T38] audit: type=1326 audit(1758671511.385:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.163760][ T38] audit: type=1326 audit(1758671511.385:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.164022][ T38] audit: type=1326 audit(1758671511.385:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.164462][ T38] audit: type=1326 audit(1758671511.385:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.205863][ T5853] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 421.205901][ T5853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.215797][ T38] audit: type=1326 audit(1758671511.435:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.215857][ T38] audit: type=1326 audit(1758671511.435:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.230157][ T5853] usb 5-1: config 0 descriptor?? [ 421.234719][ T5853] cp210x 5-1:0.0: cp210x converter detected [ 421.257540][ T38] audit: type=1326 audit(1758671511.485:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.262864][ T38] audit: type=1326 audit(1758671511.485:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8503 comm="syz.2.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 421.379722][ T31] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 421.462153][ T5853] usb 5-1: cp210x converter now attached to ttyUSB0 [ 421.525493][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 421.531168][ T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 421.531236][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 421.531264][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 421.531286][ T31] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 421.531309][ T31] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 421.535188][ T31] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 421.535215][ T31] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 421.535235][ T31] usb 2-1: Manufacturer: syz [ 421.585414][ T31] usb 2-1: config 0 descriptor?? [ 422.155813][ T31] rc_core: IR keymap rc-hauppauge not found [ 422.155842][ T31] Registered IR keymap rc-empty [ 422.156205][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.157633][ T8134] usb 5-1: USB disconnect, device number 25 [ 422.175521][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.198183][ T31] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 422.219844][ T31] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17 [ 422.248077][ T8134] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 422.264481][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.285766][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.288414][ T8134] cp210x 5-1:0.0: device disconnected [ 422.318390][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.339779][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.355570][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.375690][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.396487][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.425582][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.445528][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.475906][ T31] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 422.518329][ T31] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 422.518351][ T31] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 422.565131][ T31] usb 2-1: USB disconnect, device number 28 [ 424.394068][ T5911] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 425.195461][ T5911] usb 5-1: Using ep0 maxpacket: 32 [ 425.198335][ T5911] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 425.198362][ T5911] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 425.198385][ T5911] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 425.198407][ T5911] usb 5-1: config 1 has no interface number 0 [ 425.198460][ T5911] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 425.198487][ T5911] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 425.198531][ T5911] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 425.198554][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.237588][ T5911] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 425.510338][ T5911] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 426.101052][ T5911] usb 5-1: USB disconnect, device number 26 [ 426.103731][ T5911] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 426.206625][ T8554] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 427.191025][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.245488][ T8134] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 427.407959][ T8134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 427.408000][ T8134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 427.408040][ T8134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 427.408067][ T8134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 427.411432][ T8134] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 427.411459][ T8134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.411479][ T8134] usb 3-1: Product: syz [ 427.411492][ T8134] usb 3-1: Manufacturer: syz [ 427.411507][ T8134] usb 3-1: SerialNumber: syz [ 427.493297][ T8562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 427.506195][ T8134] cdc_mbim 3-1:1.0: skipping garbage [ 427.723776][ T8562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 427.765941][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 428.119789][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.302744][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.719709][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.081826][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.195398][ T8583] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 429.734293][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.881654][ T8585] netlink: 260 bytes leftover after parsing attributes in process `syz.3.747'. [ 429.881683][ T8585] netlink: 260 bytes leftover after parsing attributes in process `syz.3.747'. [ 429.950153][ T8134] cdc_mbim 3-1:1.0: bind() failure [ 429.977789][ C1] vkms_vblank_simulate: vblank timer overrun [ 430.023711][ T8134] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 430.033529][ T8134] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 430.046068][ T8134] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 430.073906][ T8134] usb 3-1: USB disconnect, device number 22 [ 430.673604][ C1] vkms_vblank_simulate: vblank timer overrun [ 430.791433][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 430.791454][ T38] audit: type=1326 audit(1758671521.005:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791517][ T38] audit: type=1326 audit(1758671521.015:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791560][ T38] audit: type=1326 audit(1758671521.015:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791601][ T38] audit: type=1326 audit(1758671521.015:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791642][ T38] audit: type=1326 audit(1758671521.015:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791683][ T38] audit: type=1326 audit(1758671521.015:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791724][ T38] audit: type=1326 audit(1758671521.015:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791765][ T38] audit: type=1326 audit(1758671521.015:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791806][ T38] audit: type=1326 audit(1758671521.015:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 430.791846][ T38] audit: type=1326 audit(1758671521.015:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8597 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69343eec9 code=0x7ffc0000 [ 431.406375][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.612073][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.235469][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 120 seconds [ 432.235522][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 120 seconds [ 432.235551][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 120 seconds [ 432.235582][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 120 seconds [ 433.659167][ T5853] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 434.365564][ T6068] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 434.367062][ T8640] netlink: 548 bytes leftover after parsing attributes in process `syz.2.763'. [ 434.390296][ T5853] usb 5-1: too many configurations: 52, using maximum allowed: 8 [ 434.448583][ T5853] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 434.448618][ T5853] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.448639][ T5853] usb 5-1: Product: syz [ 434.448652][ T5853] usb 5-1: Manufacturer: syz [ 434.448668][ T5853] usb 5-1: SerialNumber: syz [ 434.536501][ T6068] usb 4-1: too many configurations: 52, using maximum allowed: 8 [ 434.592317][ T8641] netlink: 260 bytes leftover after parsing attributes in process `syz.1.764'. [ 434.592348][ T8641] netlink: 260 bytes leftover after parsing attributes in process `syz.1.764'. [ 434.621008][ T6068] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 434.622332][ T6068] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.622359][ T6068] usb 4-1: Product: syz [ 434.622373][ T6068] usb 4-1: Manufacturer: syz [ 434.622387][ T6068] usb 4-1: SerialNumber: syz [ 434.846469][ T5853] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 434.846533][ T5853] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 434.846964][ T5853] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 434.924616][ T5853] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 435.058432][ T5853] usb 5-1: USB disconnect, device number 27 [ 435.166476][ T6068] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 435.166544][ T6068] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 435.166567][ T6068] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 435.219349][ T6068] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 435.272625][ T8654] netlink: 548 bytes leftover after parsing attributes in process `syz.1.765'. [ 435.344212][ T6068] usb 4-1: USB disconnect, device number 20 [ 435.797355][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 435.797378][ T38] audit: type=1326 audit(1758671526.025:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.797428][ T38] audit: type=1326 audit(1758671526.025:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.797488][ T38] audit: type=1326 audit(1758671526.025:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.798056][ T38] audit: type=1326 audit(1758671526.025:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.798107][ T38] audit: type=1326 audit(1758671526.025:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.798153][ T38] audit: type=1326 audit(1758671526.025:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.798263][ C1] vkms_vblank_simulate: vblank timer overrun [ 435.800392][ T38] audit: type=1326 audit(1758671526.025:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.800465][ T38] audit: type=1326 audit(1758671526.025:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.800518][ T38] audit: type=1326 audit(1758671526.025:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.869788][ T38] audit: type=1326 audit(1758671526.025:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8656 comm="syz.2.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 435.945121][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.293135][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.570091][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.662295][ C1] vkms_vblank_simulate: vblank timer overrun [ 437.323473][ C1] vkms_vblank_simulate: vblank timer overrun [ 437.527699][ T8675] netlink: 'syz.0.774': attribute type 1 has an invalid length. [ 437.527736][ T8675] netlink: 168 bytes leftover after parsing attributes in process `syz.0.774'. [ 437.527753][ T8675] netlink: 'syz.0.774': attribute type 2 has an invalid length. [ 437.542639][ C1] vkms_vblank_simulate: vblank timer overrun [ 437.689385][ T8675] openvswitch: netlink: Flow key attr not present in new flow. [ 437.905584][ T8685] netlink: 260 bytes leftover after parsing attributes in process `syz.2.776'. [ 437.905618][ T8685] netlink: 260 bytes leftover after parsing attributes in process `syz.2.776'. [ 437.930149][ C1] vkms_vblank_simulate: vblank timer overrun [ 438.970419][ T8698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 438.990543][ T8698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 445.036740][ T8712] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 445.496469][ T7220] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 445.716158][ T7220] usb 2-1: Using ep0 maxpacket: 16 [ 445.765226][ T7220] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.766185][ T7220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 445.766242][ T7220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 445.766290][ T7220] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 445.766315][ T7220] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 445.965943][ T7220] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 445.965981][ T7220] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 445.966000][ T7220] usb 2-1: Manufacturer: syz [ 445.980737][ T7220] usb 2-1: config 0 descriptor?? [ 446.655672][ T7220] rc_core: IR keymap rc-hauppauge not found [ 446.655690][ T7220] Registered IR keymap rc-empty [ 446.655801][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.685522][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.713685][ T7220] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 446.734485][ T7220] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input18 [ 446.762351][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.765439][ T5911] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 446.785782][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.815540][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.835975][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.855467][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.886795][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.915463][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 446.917979][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x41, changing to 0x1 [ 446.918010][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 446.921271][ T5911] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 446.921298][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.921317][ T5911] usb 4-1: Product: syz [ 446.921330][ T5911] usb 4-1: Manufacturer: syz [ 446.921344][ T5911] usb 4-1: SerialNumber: syz [ 446.985250][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 447.005588][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 447.025701][ T7220] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 447.047445][ T7220] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 447.047460][ T7220] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 447.047868][ T5911] usb 4-1: config 0 descriptor?? [ 447.053389][ T5911] streamzap 4-1:0.0: streamzap_probe: endpoint doesn't match input device 0201 [ 447.148417][ T7220] usb 2-1: USB disconnect, device number 29 [ 447.299494][ T8725] program syz.3.790 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 447.350409][ T5911] usb 4-1: USB disconnect, device number 21 [ 447.556745][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 447.557026][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.435588][ T5911] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 452.468192][ T8757] fuse: Bad value for 'group_id' [ 452.468209][ T8757] fuse: Bad value for 'group_id' [ 452.504246][ T8743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 452.633433][ T5911] usb 4-1: Using ep0 maxpacket: 16 [ 452.659600][ T5911] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.659667][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 452.659699][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 452.659724][ T5911] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 452.659749][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 452.684506][ T5911] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 452.684540][ T5911] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 452.684562][ T5911] usb 4-1: Manufacturer: syz [ 452.708049][ T5911] usb 4-1: config 0 descriptor?? [ 452.767405][ T8743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 453.422635][ T5911] rc_core: IR keymap rc-hauppauge not found [ 453.422660][ T5911] Registered IR keymap rc-empty [ 453.422819][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.440839][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.457120][ T5911] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 453.461926][ T5911] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input19 [ 453.500618][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.515760][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.548173][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.565539][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.586396][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.605556][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.627376][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.961879][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 453.975486][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 454.654067][ T5911] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 454.679047][ T5911] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 454.679075][ T5911] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 455.154300][ T5911] usb 4-1: USB disconnect, device number 22 [ 457.381082][ T8798] FAULT_INJECTION: forcing a failure. [ 457.381082][ T8798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.381157][ T8798] CPU: 0 UID: 0 PID: 8798 Comm: syz.2.808 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 457.381185][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 457.381211][ T8798] Call Trace: [ 457.381222][ T8798] [ 457.381232][ T8798] dump_stack_lvl+0x189/0x250 [ 457.381276][ T8798] ? __pfx____ratelimit+0x10/0x10 [ 457.381312][ T8798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.381344][ T8798] ? __pfx__printk+0x10/0x10 [ 457.381370][ T8798] ? __might_fault+0xb0/0x130 [ 457.381426][ T8798] should_fail_ex+0x46c/0x600 [ 457.381482][ T8798] _copy_from_user+0x2d/0xb0 [ 457.381525][ T8798] __sys_connect+0x124/0x450 [ 457.381557][ T8798] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 457.381587][ T8798] ? __pfx___sys_connect+0x10/0x10 [ 457.381640][ T8798] __x64_sys_connect+0x7a/0x90 [ 457.381687][ T8798] do_syscall_64+0xfa/0x3b0 [ 457.381709][ T8798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.381732][ T8798] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 457.381754][ T8798] ? clear_bhb_loop+0x60/0xb0 [ 457.381780][ T8798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.381812][ T8798] RIP: 0033:0x7f5b7fd5eec9 [ 457.381830][ T8798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.381849][ T8798] RSP: 002b:00007f5b7df7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 457.381871][ T8798] RAX: ffffffffffffffda RBX: 00007f5b7ffb6180 RCX: 00007f5b7fd5eec9 [ 457.381886][ T8798] RDX: 000000000000001c RSI: 0000200000000200 RDI: 0000000000000005 [ 457.381900][ T8798] RBP: 00007f5b7df7c090 R08: 0000000000000000 R09: 0000000000000000 [ 457.381925][ T8798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.381938][ T8798] R13: 00007f5b7ffb6218 R14: 00007f5b7ffb6180 R15: 00007ffeff7d4118 [ 457.381987][ T8798] [ 459.377303][ T8803] loop4: detected capacity change from 0 to 7 [ 461.177335][ T8802] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.442980][ T8802] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.546035][ T2071] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 461.595448][ T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 461.695465][ T2071] usb 1-1: Using ep0 maxpacket: 16 [ 461.718657][ T2071] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 461.718732][ T2071] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 461.718763][ T2071] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 461.718786][ T2071] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 461.718809][ T2071] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 461.721721][ T2071] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 461.721748][ T2071] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 461.721767][ T2071] usb 1-1: Manufacturer: syz [ 461.975757][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 462.170016][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 462.686264][ T9] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 462.686290][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.686304][ T9] usb 2-1: Product: syz [ 462.686313][ T9] usb 2-1: Manufacturer: syz [ 462.686323][ T9] usb 2-1: SerialNumber: syz [ 462.729350][ T9] usb 2-1: config 0 descriptor?? [ 462.764317][ T2071] usb 1-1: config 0 descriptor?? [ 462.788168][ T9] cdc_ether 2-1:0.0: skipping garbage [ 462.788203][ T9] usb 2-1: bad CDC descriptors [ 462.793522][ T9] usb 2-1: unsupported MDLM descriptors [ 462.844977][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 150 seconds [ 462.845031][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 150 seconds [ 462.845055][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 150 seconds [ 462.845079][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 150 seconds [ 463.164740][ T2071] rc_core: IR keymap rc-hauppauge not found [ 463.174194][ T2071] Registered IR keymap rc-empty [ 463.174357][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.197411][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.217071][ T2071] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 463.238083][ T2071] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input20 [ 463.259362][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.276105][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.305499][ T6068] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 463.307341][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.328447][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.345455][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.365572][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.385498][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.410968][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.431133][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.452057][ T2071] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 463.466659][ T6068] usb 5-1: too many configurations: 52, using maximum allowed: 8 [ 463.505150][ T2071] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 463.505179][ T2071] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 463.546169][ T2071] usb 1-1: USB disconnect, device number 23 [ 463.718631][ T6068] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 463.718671][ T6068] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.718709][ T6068] usb 5-1: Product: syz [ 463.718725][ T6068] usb 5-1: Manufacturer: syz [ 463.718741][ T6068] usb 5-1: SerialNumber: syz [ 464.375208][ C0] vkms_vblank_simulate: vblank timer overrun [ 464.428339][ T6068] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 464.428402][ T6068] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 464.428423][ T6068] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 465.146298][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.168956][ T6068] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 465.225426][ T5911] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 465.260633][ T6068] usb 5-1: USB disconnect, device number 28 [ 465.411927][ T5911] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 465.411974][ T5911] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 465.413312][ T5911] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 465.413342][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 465.413364][ T5911] usb 3-1: SerialNumber: syz [ 465.835675][ T5911] usb 3-1: cannot find UAC_HEADER [ 465.900976][ T5912] usb 2-1: USB disconnect, device number 30 [ 465.985779][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.038524][ T5911] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 466.379919][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.590852][ T8859] netlink: 548 bytes leftover after parsing attributes in process `syz.4.824'. [ 466.901854][ T5911] usb 3-1: USB disconnect, device number 23 [ 467.014265][ T6204] udevd[6204]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 467.330393][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.648740][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.775745][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.880491][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.959843][ C0] vkms_vblank_simulate: vblank timer overrun [ 468.746407][ C0] vkms_vblank_simulate: vblank timer overrun [ 468.815397][ T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 469.025476][ T9] usb 3-1: device descriptor read/64, error -71 [ 469.948731][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 470.035631][ T8875] fuse: Bad value for 'group_id' [ 470.035650][ T8875] fuse: Bad value for 'group_id' [ 470.125477][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 470.345452][ T9] usb 3-1: device descriptor read/64, error -71 [ 470.458782][ T9] usb usb3-port1: attempt power cycle [ 470.805493][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 470.826376][ T9] usb 3-1: device descriptor read/8, error -71 [ 471.105578][ T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 471.635594][ T9] usb 3-1: device descriptor read/8, error -71 [ 471.812582][ T9] usb usb3-port1: unable to enumerate USB device [ 471.906802][ T8906] bridge_slave_0: entered promiscuous mode [ 471.907059][ T8906] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 473.708170][ T8919] loop4: detected capacity change from 0 to 7 [ 473.817654][ T8919] Dev loop4: unable to read RDB block 7 [ 473.817863][ T8919] loop4: unable to read partition table [ 473.818085][ T8919] loop4: partition table beyond EOD, truncated [ 473.818110][ T8919] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 476.388244][ T8937] overlayfs: failed to resolve './file0': -2 [ 477.627411][ T8944] overlay: Unknown parameter 'hash' [ 477.734228][ T5912] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 477.903999][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x41, changing to 0x1 [ 477.904039][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 477.930122][ T5912] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 477.930158][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.930181][ T5912] usb 1-1: Product: syz [ 477.930198][ T5912] usb 1-1: Manufacturer: syz [ 477.930213][ T5912] usb 1-1: SerialNumber: syz [ 477.990232][ T8948] Bluetooth: MGMT ver 1.23 [ 478.010360][ T5912] usb 1-1: config 0 descriptor?? [ 478.031884][ T5912] streamzap 1-1:0.0: streamzap_probe: endpoint doesn't match input device 0201 [ 478.283928][ T9] usb 1-1: USB disconnect, device number 24 [ 478.629627][ T8950] netlink: 260 bytes leftover after parsing attributes in process `syz.3.846'. [ 478.629652][ T8950] netlink: 260 bytes leftover after parsing attributes in process `syz.3.846'. [ 478.895223][ T8957] xt_socket: unknown flags 0x40 [ 483.176158][ T8985] loop4: detected capacity change from 0 to 7 [ 483.197081][ T8985] Dev loop4: unable to read RDB block 7 [ 483.197133][ T8985] loop4: unable to read partition table [ 483.197362][ T8985] loop4: partition table beyond EOD, truncated [ 483.197380][ T8985] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 483.606368][ T8994] overlayfs: overlapping lowerdir path [ 487.521242][ T9018] comedi comedi3: comedi_config --init_data is deprecated [ 487.968682][ T9030] fuse: Bad value for 'fd' [ 488.070879][ T44] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 489.098671][ T44] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 489.098711][ T44] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 489.098738][ T44] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 489.098779][ T44] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 489.098802][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.155453][ T2071] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 489.168549][ T9022] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 489.184979][ T44] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 489.581383][ T2071] usb 5-1: Using ep0 maxpacket: 32 [ 489.663551][ T9042] fuse: Bad value for 'group_id' [ 489.663645][ T9042] fuse: Bad value for 'group_id' [ 489.840633][ T2071] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 489.840659][ T2071] usb 5-1: config 0 has no interface number 0 [ 489.840699][ T2071] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 489.840720][ T2071] usb 5-1: config 0 interface 85 has no altsetting 0 [ 489.844522][ T2071] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 489.844554][ T2071] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.844587][ T2071] usb 5-1: Product: syz [ 489.844602][ T2071] usb 5-1: Manufacturer: syz [ 489.844617][ T2071] usb 5-1: SerialNumber: syz [ 489.897833][ T2071] usb 5-1: config 0 descriptor?? [ 490.112073][ T2071] appletouch 5-1:0.85: Failed to read mode from device. [ 490.112300][ T2071] appletouch 5-1:0.85: probe with driver appletouch failed with error -5 [ 490.152526][ T9044] netlink: 260 bytes leftover after parsing attributes in process `syz.1.868'. [ 490.152865][ T9044] netlink: 260 bytes leftover after parsing attributes in process `syz.1.868'. [ 490.346710][ T9046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.380270][ T9046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.457055][ T5911] usb 4-1: USB disconnect, device number 23 [ 490.593276][ T2071] usb 5-1: USB disconnect, device number 29 [ 493.378200][ T9063] fuse: Bad value for 'group_id' [ 493.378249][ T9063] fuse: Bad value for 'group_id' [ 493.640994][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 180 seconds [ 493.641053][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 180 seconds [ 493.641091][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 180 seconds [ 493.641126][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 180 seconds [ 495.961104][ T9077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 496.002894][ T9077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 498.106588][ T5820] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 498.318430][ T5820] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 498.318470][ T5820] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.366128][ T5820] usb 3-1: config 0 descriptor?? [ 498.369902][ T5820] cp210x 3-1:0.0: cp210x converter detected [ 498.485445][ T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 498.535537][ T5912] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 498.681117][ T9] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 498.681248][ T9] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 498.681283][ T9] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 498.681326][ T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 498.681400][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.735908][ T5912] usb 5-1: Using ep0 maxpacket: 8 [ 498.738546][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short [ 498.739880][ T5912] usb 5-1: config 4 has an invalid interface number: 147 but max is 0 [ 498.739897][ T5912] usb 5-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 498.739919][ T5912] usb 5-1: config 4 has no interface number 0 [ 498.742996][ T5912] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 498.743032][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.743052][ T5912] usb 5-1: Product: syz [ 498.743066][ T5912] usb 5-1: Manufacturer: syz [ 498.743079][ T5912] usb 5-1: SerialNumber: syz [ 498.908432][ T9100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.041090][ T9100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.064332][ T9103] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 499.148814][ T5820] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 499.148848][ T5820] cp210x 3-1:0.0: querying part number failed [ 499.193109][ T5820] usb 3-1: cp210x converter now attached to ttyUSB0 [ 499.198249][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 499.202203][ T9100] netlink: 148 bytes leftover after parsing attributes in process `syz.2.882'. [ 499.202230][ T9100] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 499.332274][ T9103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.345601][ T9103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.493023][ T9107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.509590][ T9107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.577335][ T5912] usb 5-1: Found UVC 0.02 device syz (04f2:b746) [ 499.577430][ T5912] usb 5-1: No valid video chain found. [ 499.600903][ T5912] usb 5-1: USB disconnect, device number 30 [ 499.767625][ T9] usb 1-1: USB disconnect, device number 25 [ 503.376387][ T7220] usb 3-1: USB disconnect, device number 28 [ 503.662755][ T7220] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 503.663472][ T7220] cp210x 3-1:0.0: device disconnected [ 504.595480][ T9150] fuse: Bad value for 'group_id' [ 504.595506][ T9150] fuse: Bad value for 'group_id' [ 508.607152][ T5205] udevd[5205]: worker [6054] /devices/virtual/block/nbd0 timeout; kill it [ 508.607257][ T5205] udevd[5205]: seq 12665 '/devices/virtual/block/nbd0' killed [ 508.969142][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 508.969202][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.993878][ T9163] FAULT_INJECTION: forcing a failure. [ 512.993878][ T9163] name failslab, interval 1, probability 0, space 0, times 0 [ 512.993920][ T9163] CPU: 0 UID: 0 PID: 9163 Comm: syz.0.898 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 512.993942][ T9163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 512.993955][ T9163] Call Trace: [ 512.993964][ T9163] [ 512.993973][ T9163] dump_stack_lvl+0x189/0x250 [ 512.994016][ T9163] ? __pfx____ratelimit+0x10/0x10 [ 512.994052][ T9163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 512.994080][ T9163] ? __pfx__printk+0x10/0x10 [ 512.994106][ T9163] ? __pfx___might_resched+0x10/0x10 [ 512.994131][ T9163] ? fs_reclaim_acquire+0x7d/0x100 [ 512.994156][ T9163] should_fail_ex+0x46c/0x600 [ 512.994192][ T9163] should_failslab+0xa8/0x100 [ 512.994223][ T9163] __kmalloc_noprof+0xcb/0x430 [ 512.994248][ T9163] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 512.994284][ T9163] tomoyo_realpath_from_path+0xe3/0x5d0 [ 512.994314][ T9163] ? tomoyo_domain+0xda/0x130 [ 512.994347][ T9163] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 512.994370][ T9163] tomoyo_path_number_perm+0x1e8/0x5a0 [ 512.994395][ T9163] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 512.994423][ T9163] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 512.994454][ T9163] ? lockdep_hardirqs_on+0x9c/0x150 [ 512.994491][ T9163] ? __lock_acquire+0xab9/0xd20 [ 512.994538][ T9163] ? __fget_files+0x2a/0x420 [ 512.994570][ T9163] ? __fget_files+0x2a/0x420 [ 512.994596][ T9163] ? __fget_files+0x3a6/0x420 [ 512.994637][ T9163] ? __fget_files+0x2a/0x420 [ 512.994668][ T9163] security_file_ioctl+0xcb/0x2d0 [ 512.994698][ T9163] __se_sys_ioctl+0x47/0x170 [ 512.994723][ T9163] do_syscall_64+0xfa/0x3b0 [ 512.994746][ T9163] ? lockdep_hardirqs_on+0x9c/0x150 [ 512.994774][ T9163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.994793][ T9163] ? clear_bhb_loop+0x60/0xb0 [ 512.994816][ T9163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.994834][ T9163] RIP: 0033:0x7fd1a1c2eec9 [ 512.994851][ T9163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.994868][ T9163] RSP: 002b:00007fd19fe96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.994890][ T9163] RAX: ffffffffffffffda RBX: 00007fd1a1e85fa0 RCX: 00007fd1a1c2eec9 [ 512.994905][ T9163] RDX: 0000200000000140 RSI: 00000000c020aa04 RDI: 0000000000000003 [ 512.994917][ T9163] RBP: 00007fd19fe96090 R08: 0000000000000000 R09: 0000000000000000 [ 512.994929][ T9163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.994946][ T9163] R13: 00007fd1a1e86038 R14: 00007fd1a1e85fa0 R15: 00007ffc301ceee8 [ 512.994976][ T9163] [ 513.034189][ T9163] ERROR: Out of memory at tomoyo_realpath_from_path. [ 514.901543][ T9179] FAULT_INJECTION: forcing a failure. [ 514.901543][ T9179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 514.901582][ T9179] CPU: 0 UID: 0 PID: 9179 Comm: syz.4.904 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 514.901604][ T9179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 514.901616][ T9179] Call Trace: [ 514.901624][ T9179] [ 514.901634][ T9179] dump_stack_lvl+0x189/0x250 [ 514.901672][ T9179] ? __pfx____ratelimit+0x10/0x10 [ 514.901702][ T9179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.901728][ T9179] ? __pfx__printk+0x10/0x10 [ 514.901761][ T9179] should_fail_ex+0x46c/0x600 [ 514.901794][ T9179] _copy_to_user+0x31/0xb0 [ 514.901829][ T9179] simple_read_from_buffer+0xe1/0x170 [ 514.901863][ T9179] proc_fail_nth_read+0x1b6/0x220 [ 514.901887][ T9179] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 514.901909][ T9179] ? rw_verify_area+0x2ac/0x4e0 [ 514.901933][ T9179] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 514.901953][ T9179] vfs_read+0x206/0xa30 [ 514.901984][ T9179] ? __pfx_vfs_read+0x10/0x10 [ 514.902004][ T9179] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 514.902036][ T9179] ? mutex_lock_nested+0x154/0x1d0 [ 514.902057][ T9179] ? fdget_pos+0x253/0x320 [ 514.902090][ T9179] ksys_read+0x14b/0x260 [ 514.902114][ T9179] ? __pfx_ksys_read+0x10/0x10 [ 514.902132][ T9179] ? fput+0xa0/0xd0 [ 514.902153][ T9179] ? do_syscall_64+0xbe/0x3b0 [ 514.902175][ T9179] do_syscall_64+0xfa/0x3b0 [ 514.902190][ T9179] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.902214][ T9179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.902249][ T9179] ? clear_bhb_loop+0x60/0xb0 [ 514.902271][ T9179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.902288][ T9179] RIP: 0033:0x7fd3ffa0d8dc [ 514.902305][ T9179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 514.902321][ T9179] RSP: 002b:00007fd3fdc4d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 514.902342][ T9179] RAX: ffffffffffffffda RBX: 00007fd3ffc66090 RCX: 00007fd3ffa0d8dc [ 514.902354][ T9179] RDX: 000000000000000f RSI: 00007fd3fdc4d0a0 RDI: 0000000000000005 [ 514.902365][ T9179] RBP: 00007fd3fdc4d090 R08: 0000000000000000 R09: 0000000000000000 [ 514.902376][ T9179] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001 [ 514.902388][ T9179] R13: 00007fd3ffc66128 R14: 00007fd3ffc66090 R15: 00007ffcea92e588 [ 514.902421][ T9179] [ 514.908439][ T7220] usb 1-1: new low-speed USB device number 26 using dummy_hcd [ 515.068273][ T7220] usb 1-1: config 7 has an invalid interface number: 252 but max is 0 [ 515.068310][ T7220] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 515.068332][ T7220] usb 1-1: config 7 has no interface number 0 [ 515.068381][ T7220] usb 1-1: config 7 interface 252 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 515.068411][ T7220] usb 1-1: config 7 interface 252 has no altsetting 0 [ 515.073163][ T7220] usb 1-1: string descriptor 0 read error: -22 [ 515.073321][ T7220] usb 1-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0 [ 515.073348][ T7220] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.646281][ T9185] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ' [ 515.652200][ T9185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 515.653553][ T9185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 515.910288][ T5912] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 516.125576][ T5912] usb 4-1: Using ep0 maxpacket: 16 [ 516.132259][ T5912] usb 4-1: config 0 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 516.132292][ T5912] usb 4-1: config 0 interface 0 has no altsetting 0 [ 516.132327][ T5912] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00 [ 516.132348][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.208206][ T5912] usb 4-1: config 0 descriptor?? [ 517.750518][ T44] usb 1-1: USB disconnect, device number 26 [ 519.543914][ T5912] usb 4-1: string descriptor 0 read error: -71 [ 519.571745][ T5912] usbhid 4-1:0.0: can't add hid device: -71 [ 519.571871][ T5912] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 519.591951][ T5912] usb 4-1: USB disconnect, device number 24 [ 520.531061][ T9215] netlink: 20 bytes leftover after parsing attributes in process `syz.1.912'. [ 520.600964][ T9215] netlink: 'syz.1.912': attribute type 2 has an invalid length. [ 521.340515][ T9215] k›*·]‘: entered promiscuous mode [ 522.695372][ T2071] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 522.855341][ T2071] usb 4-1: Using ep0 maxpacket: 8 [ 522.857962][ T2071] usb 4-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 522.858011][ T2071] usb 4-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 522.858038][ T2071] usb 4-1: config 0 interface 0 has no altsetting 0 [ 522.858071][ T2071] usb 4-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 522.858093][ T2071] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.896414][ T5927] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 524.367601][ T2071] usb 4-1: config 0 descriptor?? [ 524.501525][ T5927] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 524.501559][ T5927] usb 1-1: config 0 has no interface number 0 [ 524.501673][ T5927] usb 1-1: config 0 interface 41 has no altsetting 0 [ 524.996317][ T5927] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 524.996353][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.017330][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 210 seconds [ 525.017382][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 210 seconds [ 525.017413][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 210 seconds [ 525.017444][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 210 seconds [ 525.171573][ T5927] usb 1-1: config 0 descriptor?? [ 525.180347][ T5927] usb 1-1: can't set config #0, error -71 [ 525.258549][ T5927] usb 1-1: USB disconnect, device number 27 [ 525.315512][ T2071] usb 4-1: can't set config #0, error -71 [ 525.369286][ T2071] usb 4-1: USB disconnect, device number 25 [ 528.911137][ T9266] FAULT_INJECTION: forcing a failure. [ 528.911137][ T9266] name failslab, interval 1, probability 0, space 0, times 0 [ 528.911194][ T9266] CPU: 1 UID: 0 PID: 9266 Comm: syz.0.926 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 528.911228][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 528.911240][ T9266] Call Trace: [ 528.911249][ T9266] [ 528.911258][ T9266] dump_stack_lvl+0x189/0x250 [ 528.911296][ T9266] ? __pfx____ratelimit+0x10/0x10 [ 528.911335][ T9266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 528.911363][ T9266] ? __pfx__printk+0x10/0x10 [ 528.911391][ T9266] ? __pfx___might_resched+0x10/0x10 [ 528.911417][ T9266] should_fail_ex+0x46c/0x600 [ 528.911451][ T9266] ? getname_flags+0xb8/0x540 [ 528.911481][ T9266] should_failslab+0xa8/0x100 [ 528.911510][ T9266] ? getname_flags+0xb8/0x540 [ 528.911536][ T9266] kmem_cache_alloc_noprof+0x6e/0x310 [ 528.911569][ T9266] getname_flags+0xb8/0x540 [ 528.911602][ T9266] __x64_sys_link+0x5d/0x90 [ 528.911627][ T9266] do_syscall_64+0xfa/0x3b0 [ 528.911645][ T9266] ? lockdep_hardirqs_on+0x9c/0x150 [ 528.911673][ T9266] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.911692][ T9266] ? clear_bhb_loop+0x60/0xb0 [ 528.911717][ T9266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.911735][ T9266] RIP: 0033:0x7fd1a1c2eec9 [ 528.911752][ T9266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.911770][ T9266] RSP: 002b:00007fd19fe96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 528.911792][ T9266] RAX: ffffffffffffffda RBX: 00007fd1a1e85fa0 RCX: 00007fd1a1c2eec9 [ 528.911806][ T9266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000680 [ 528.911819][ T9266] RBP: 00007fd19fe96090 R08: 0000000000000000 R09: 0000000000000000 [ 528.911831][ T9266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.911842][ T9266] R13: 00007fd1a1e86038 R14: 00007fd1a1e85fa0 R15: 00007ffc301ceee8 [ 528.911873][ T9266] [ 531.675778][ T5927] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 531.676482][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 531.815556][ T5927] usb 5-1: device descriptor read/64, error -32 [ 532.145689][ T5927] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 532.316275][ T5927] usb 5-1: Using ep0 maxpacket: 8 [ 532.340209][ T5927] usb 5-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 532.340567][ T5927] usb 5-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 532.340601][ T5927] usb 5-1: config 0 interface 0 has no altsetting 0 [ 532.341964][ T5927] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 532.342426][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.578001][ T5927] usb 5-1: config 0 descriptor?? [ 533.779594][ T5927] usb 5-1: can't set config #0, error -71 [ 533.826610][ T5927] usb 5-1: USB disconnect, device number 32 [ 534.381059][ T5926] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 534.528062][ T5926] usb 2-1: Using ep0 maxpacket: 8 [ 534.532664][ T5926] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 534.532686][ T5926] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 534.532703][ T5926] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 534.532720][ T5926] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.532751][ T5926] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 534.532767][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.852154][ T5926] usb 2-1: GET_CAPABILITIES returned 0 [ 534.852206][ T5926] usbtmc 2-1:16.0: can't read capabilities [ 535.077112][ T9300] netlink: 260 bytes leftover after parsing attributes in process `syz.4.934'. [ 535.077153][ T9300] netlink: 260 bytes leftover after parsing attributes in process `syz.4.934'. [ 535.136403][ T5853] usb 2-1: USB disconnect, device number 31 [ 535.495451][ T5926] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 535.666910][ T5926] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 535.666954][ T5926] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 535.666992][ T5926] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 535.667037][ T5926] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 535.667063][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.674461][ T9305] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 535.740295][ T5926] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 535.958217][ T9305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 535.961662][ T9305] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 535.990445][ T5926] usb 3-1: USB disconnect, device number 29 [ 536.151135][ T9307] netlink: 260 bytes leftover after parsing attributes in process `syz.4.937'. [ 536.151182][ T9307] netlink: 260 bytes leftover after parsing attributes in process `syz.4.937'. [ 536.446969][ T9316] overlay: Unknown parameter 'hash' [ 536.524502][ T9322] overlay: Unknown parameter 'hash' [ 541.076409][ T5912] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 541.483917][ T5820] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 541.542317][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x41, changing to 0x1 [ 541.542354][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 541.545850][ T5912] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 541.545877][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.545898][ T5912] usb 3-1: Product: syz [ 541.545933][ T5912] usb 3-1: Manufacturer: syz [ 541.545949][ T5912] usb 3-1: SerialNumber: syz [ 541.618498][ T5912] usb 3-1: config 0 descriptor?? [ 541.635906][ T5912] streamzap 3-1:0.0: streamzap_probe: endpoint doesn't match input device 0201 [ 541.659871][ T5820] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 541.659906][ T5820] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 541.659932][ T5820] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 541.659971][ T5820] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 541.659996][ T5820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.736301][ T9355] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 541.770715][ T5820] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 542.003936][ T9350] program syz.2.951 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 542.588342][ T9355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 542.784678][ T9355] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 542.891662][ T5926] usb 3-1: USB disconnect, device number 30 [ 542.936309][ T5820] usb 4-1: USB disconnect, device number 26 [ 542.995095][ T5963] udevd[5963]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 543.216070][ T9370] overlay: Unknown parameter 'hash' [ 543.918561][ T9390] netlink: 548 bytes leftover after parsing attributes in process `syz.2.963'. [ 543.945529][ T5820] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 544.110383][ T5820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 544.110427][ T5820] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 544.110476][ T5820] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 544.110506][ T5820] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 544.113730][ T5820] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 544.113759][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.113780][ T5820] usb 1-1: Product: syz [ 544.113793][ T5820] usb 1-1: Manufacturer: syz [ 544.113807][ T5820] usb 1-1: SerialNumber: syz [ 544.209690][ T9383] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 544.226750][ T5820] cdc_mbim 1-1:1.0: skipping garbage [ 544.558762][ T9383] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 544.558892][ T9383] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 545.563855][ T9383] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 545.564910][ T9383] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 545.581488][ T5820] cdc_mbim 1-1:1.0: dwNtbInMaxSize=170 is too small. Using 2048 [ 545.581511][ T5820] cdc_mbim 1-1:1.0: setting rx_max = 2048 [ 545.831917][ T5820] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 546.080298][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 546.080352][ T38] audit: type=1326 audit(1758672094.156:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.080840][ T38] audit: type=1326 audit(1758672094.156:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.081432][ T38] audit: type=1326 audit(1758672094.166:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.081725][ T38] audit: type=1326 audit(1758672094.186:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.082195][ T38] audit: type=1326 audit(1758672094.206:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.082529][ T38] audit: type=1326 audit(1758672094.216:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.082807][ T38] audit: type=1326 audit(1758672094.226:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.083313][ T38] audit: type=1326 audit(1758672094.226:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.083722][ T38] audit: type=1326 audit(1758672094.226:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.084008][ T38] audit: type=1326 audit(1758672094.236:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9399 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 546.544329][ T5820] wwan wwan0: port wwan0mbim0 attached [ 546.664266][ T5820] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, fe:ae:71:04:f2:69 [ 546.731836][ T5820] usb 1-1: USB disconnect, device number 28 [ 546.772638][ T5820] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 548.976527][ T5820] wwan wwan0: port wwan0mbim0 disconnected [ 551.179189][ T38] kauditd_printk_skb: 15 callbacks suppressed [ 551.179211][ T38] audit: type=1326 audit(1758672099.406:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.179395][ T38] audit: type=1326 audit(1758672099.406:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.180589][ T38] audit: type=1326 audit(1758672099.406:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.180655][ T38] audit: type=1326 audit(1758672099.406:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.182463][ T38] audit: type=1326 audit(1758672099.406:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.184605][ T38] audit: type=1326 audit(1758672099.406:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.237554][ T38] audit: type=1326 audit(1758672099.406:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.237643][ T38] audit: type=1326 audit(1758672099.446:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.237719][ T38] audit: type=1326 audit(1758672099.446:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.237787][ T38] audit: type=1326 audit(1758672099.446:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9431 comm="syz.3.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6c7c6eec9 code=0x7ffc0000 [ 551.469088][ T9453] overlay: Unknown parameter 'hash' [ 552.145545][ T5911] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 552.298898][ T5911] usb 5-1: too many configurations: 52, using maximum allowed: 8 [ 552.323130][ T5911] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 552.323160][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.323179][ T5911] usb 5-1: Product: syz [ 552.323193][ T5911] usb 5-1: Manufacturer: syz [ 552.323207][ T5911] usb 5-1: SerialNumber: syz [ 552.660687][ T5911] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 552.660759][ T5911] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 552.660785][ T5911] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 552.738431][ T5911] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 552.776249][ T5911] usb 5-1: USB disconnect, device number 33 [ 554.147172][ T9472] 9pnet_fd: Insufficient options for proto=fd [ 554.375419][ T9475] syz.4.988 (9475) used greatest stack depth: 18968 bytes left [ 554.528607][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.910584][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.665530][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.887832][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 240 seconds [ 555.887887][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 240 seconds [ 555.887918][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 240 seconds [ 555.887958][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 240 seconds [ 556.486774][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.641884][ T9505] overlay: Unknown parameter 'hash' [ 556.906122][ C0] vkms_vblank_simulate: vblank timer overrun [ 559.738327][ T9515] overlayfs: failed to resolve './file0': -2 [ 560.675465][ T5911] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 561.118448][ T5911] usb 3-1: Using ep0 maxpacket: 32 [ 562.692697][ T5911] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 562.692732][ T5911] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 562.692752][ T5911] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 562.692772][ T5911] usb 3-1: config 1 has no interface number 0 [ 562.692826][ T5911] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 562.692853][ T5911] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 562.692894][ T5911] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 562.692918][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.782076][ T5911] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 562.920092][ T9549] FAULT_INJECTION: forcing a failure. [ 562.920092][ T9549] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 562.920138][ T9549] CPU: 0 UID: 0 PID: 9549 Comm: syz.3.1010 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 562.920164][ T9549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 562.920178][ T9549] Call Trace: [ 562.920187][ T9549] [ 562.920199][ T9549] dump_stack_lvl+0x189/0x250 [ 562.920246][ T9549] ? __pfx____ratelimit+0x10/0x10 [ 562.920283][ T9549] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.920315][ T9549] ? __pfx__printk+0x10/0x10 [ 562.920342][ T9549] ? __might_fault+0xb0/0x130 [ 562.920396][ T9549] should_fail_ex+0x46c/0x600 [ 562.920437][ T9549] _copy_from_iter+0x1de/0x1790 [ 562.920465][ T9549] ? kmalloc_reserve+0xbd/0x290 [ 562.920503][ T9549] ? kmalloc_reserve+0xbd/0x290 [ 562.920533][ T9549] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 562.920569][ T9549] ? kmem_cache_alloc_node_noprof+0x19c/0x330 [ 562.920609][ T9549] ? __pfx__copy_from_iter+0x10/0x10 [ 562.920640][ T9549] ? skb_page_frag_refill+0x1be/0x320 [ 562.920675][ T9549] tcp_sendmsg_locked+0x1ea3/0x5620 [ 562.920707][ T9549] ? __lock_acquire+0xab9/0xd20 [ 562.920799][ T9549] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 562.920835][ T9549] ? rt_spin_unlock+0x65/0x80 [ 562.920867][ T9549] ? lock_sock_nested+0x5f/0x130 [ 562.920895][ T9549] ? lock_sock_nested+0xdd/0x130 [ 562.920926][ T9549] tcp_sendmsg+0x2f/0x50 [ 562.920953][ T9549] __sock_sendmsg+0x19c/0x270 [ 562.920987][ T9549] __sys_sendto+0x3c7/0x520 [ 562.921023][ T9549] ? __pfx___sys_sendto+0x10/0x10 [ 562.921085][ T9549] ? ksys_write+0x230/0x260 [ 562.921120][ T9549] ? __pfx_ksys_write+0x10/0x10 [ 562.921144][ T9549] ? rcu_is_watching+0x15/0xb0 [ 562.921187][ T9549] __x64_sys_sendto+0xde/0x100 [ 562.921224][ T9549] do_syscall_64+0xfa/0x3b0 [ 562.921245][ T9549] ? lockdep_hardirqs_on+0x9c/0x150 [ 562.921291][ T9549] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.921314][ T9549] ? clear_bhb_loop+0x60/0xb0 [ 562.921340][ T9549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.921378][ T9549] RIP: 0033:0x7fe6c7c6eec9 [ 562.921397][ T9549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.921417][ T9549] RSP: 002b:00007fe6c5ece038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 562.921441][ T9549] RAX: ffffffffffffffda RBX: 00007fe6c7ec5fa0 RCX: 00007fe6c7c6eec9 [ 562.921456][ T9549] RDX: 0000000000001d4c RSI: 0000200000000580 RDI: 0000000000000003 [ 562.921470][ T9549] RBP: 00007fe6c5ece090 R08: 0000000000000000 R09: 0000000000000000 [ 562.921484][ T9549] R10: 0000000010048095 R11: 0000000000000246 R12: 0000000000000002 [ 562.921497][ T9549] R13: 00007fe6c7ec6038 R14: 00007fe6c7ec5fa0 R15: 00007fff5c64f5c8 [ 562.921532][ T9549] [ 562.989586][ T9523] netlink: 'syz.2.1001': attribute type 4 has an invalid length. [ 563.573620][ T5911] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 563.725518][ T9559] overlay: Unknown parameter 'hash' [ 563.788232][ T5927] usb 3-1: USB disconnect, device number 31 [ 563.800415][ T5927] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 566.572710][ T5911] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 566.761817][ T5927] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 567.298225][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.298265][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.298287][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 567.298329][ T5911] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 567.298351][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.363411][ T5911] usb 4-1: config 0 descriptor?? [ 567.375431][ T5927] usb 3-1: Using ep0 maxpacket: 32 [ 567.378865][ T5927] usb 3-1: unable to get BOS descriptor or descriptor too short [ 567.380476][ T5927] usb 3-1: config 7 has an invalid interface number: 111 but max is 0 [ 567.380503][ T5927] usb 3-1: config 7 has no interface number 0 [ 567.384283][ T5927] usb 3-1: New USB device found, idVendor=0481, idProduct=9f2e, bcdDevice=75.5b [ 567.384308][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.384326][ T5927] usb 3-1: Product: syz [ 567.384339][ T5927] usb 3-1: Manufacturer: syz [ 567.384352][ T5927] usb 3-1: SerialNumber: syz [ 567.720079][ T9592] fuse: Bad value for 'group_id' [ 567.720112][ T9592] fuse: Bad value for 'group_id' [ 567.816358][ T5911] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x2 [ 567.816406][ T5911] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x6 [ 567.931948][ T5911] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 568.024259][ T9575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 568.034805][ T9575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.181814][ T5911] usb 4-1: USB disconnect, device number 27 [ 568.527472][ T5927] usb 3-1: bad CDC descriptors [ 568.561743][ T5927] usb 3-1: USB disconnect, device number 32 [ 568.892359][ T9621] FAULT_INJECTION: forcing a failure. [ 568.892359][ T9621] name failslab, interval 1, probability 0, space 0, times 0 [ 568.892399][ T9621] CPU: 1 UID: 0 PID: 9621 Comm: syz.4.1031 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 568.892421][ T9621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 568.892433][ T9621] Call Trace: [ 568.892441][ T9621] [ 568.892450][ T9621] dump_stack_lvl+0x189/0x250 [ 568.892500][ T9621] ? __pfx____ratelimit+0x10/0x10 [ 568.892532][ T9621] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.892559][ T9621] ? __pfx__printk+0x10/0x10 [ 568.892586][ T9621] ? __pfx___might_resched+0x10/0x10 [ 568.892607][ T9621] ? fs_reclaim_acquire+0x7d/0x100 [ 568.892631][ T9621] should_fail_ex+0x46c/0x600 [ 568.892664][ T9621] ? __alloc_skb+0x112/0x2d0 [ 568.892691][ T9621] should_failslab+0xa8/0x100 [ 568.892720][ T9621] ? __alloc_skb+0x112/0x2d0 [ 568.892745][ T9621] kmem_cache_alloc_node_noprof+0x77/0x330 [ 568.892779][ T9621] __alloc_skb+0x112/0x2d0 [ 568.892810][ T9621] tcp_stream_alloc_skb+0x3d/0x340 [ 568.892838][ T9621] tcp_sendmsg_locked+0xf3e/0x5620 [ 568.892862][ T9621] ? __lock_acquire+0xab9/0xd20 [ 568.892898][ T9621] ? __pfx_migrate_enable+0x10/0x10 [ 568.892939][ T9621] ? __local_bh_enable+0x23f/0x3d0 [ 568.892982][ T9621] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 568.893011][ T9621] ? rt_spin_unlock+0x65/0x80 [ 568.893044][ T9621] ? lock_sock_nested+0x5f/0x130 [ 568.893067][ T9621] ? lock_sock_nested+0xdd/0x130 [ 568.893093][ T9621] tcp_sendmsg+0x2f/0x50 [ 568.893116][ T9621] __sock_sendmsg+0x19c/0x270 [ 568.893143][ T9621] __sys_sendto+0x3c7/0x520 [ 568.893173][ T9621] ? __pfx___sys_sendto+0x10/0x10 [ 568.893227][ T9621] ? ksys_write+0x230/0x260 [ 568.893253][ T9621] ? __pfx_ksys_write+0x10/0x10 [ 568.893275][ T9621] ? rcu_is_watching+0x15/0xb0 [ 568.893309][ T9621] __x64_sys_sendto+0xde/0x100 [ 568.893341][ T9621] do_syscall_64+0xfa/0x3b0 [ 568.893358][ T9621] ? lockdep_hardirqs_on+0x9c/0x150 [ 568.893386][ T9621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.893405][ T9621] ? clear_bhb_loop+0x60/0xb0 [ 568.893428][ T9621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.893446][ T9621] RIP: 0033:0x7fd3ffa0eec9 [ 568.893463][ T9621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.893480][ T9621] RSP: 002b:00007fd3fdc4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 568.893501][ T9621] RAX: ffffffffffffffda RBX: 00007fd3ffc66090 RCX: 00007fd3ffa0eec9 [ 568.893514][ T9621] RDX: 0000000000001d4c RSI: 0000200000000580 RDI: 0000000000000008 [ 568.893527][ T9621] RBP: 00007fd3fdc4d090 R08: 0000000000000000 R09: 0000000000000000 [ 568.893538][ T9621] R10: 0000000010048095 R11: 0000000000000246 R12: 0000000000000001 [ 568.893550][ T9621] R13: 00007fd3ffc66128 R14: 00007fd3ffc66090 R15: 00007ffcea92e588 [ 568.893580][ T9621] [ 570.039178][ T9594] Bluetooth: hci4: command 0x0406 tx timeout [ 570.715477][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 570.715556][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 571.465892][ T5911] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 571.525419][ T5912] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 571.615564][ T5853] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 571.635411][ T5911] usb 4-1: Using ep0 maxpacket: 8 [ 571.639374][ T5911] usb 4-1: config 93 has an invalid interface number: 31 but max is 0 [ 571.639398][ T5911] usb 4-1: config 93 has an invalid descriptor of length 0, skipping remainder of the config [ 571.639418][ T5911] usb 4-1: config 93 has no interface number 0 [ 571.642427][ T5911] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 571.642458][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.642483][ T5911] usb 4-1: Product: syz [ 571.642499][ T5911] usb 4-1: Manufacturer: syz [ 571.642514][ T5911] usb 4-1: SerialNumber: syz [ 571.707427][ T5912] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 571.707459][ T5912] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 571.711725][ T5912] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 571.711766][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.711786][ T5912] usb 3-1: Product: syz [ 571.711802][ T5912] usb 3-1: Manufacturer: syz [ 571.711818][ T5912] usb 3-1: SerialNumber: syz [ 571.790832][ T5912] usb 3-1: config 0 descriptor?? [ 571.803660][ T5911] usb 4-1: Found UVC 0.00 device syz (046d:08c3) [ 571.803692][ T5911] usb 4-1: No valid video chain found. [ 571.836767][ T5853] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 571.836858][ T5853] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 571.836887][ T5853] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 571.836927][ T5853] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 571.836950][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.867013][ T9641] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 571.867197][ T9641] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 571.941351][ T9644] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 572.002403][ T5853] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 572.102638][ T9641] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 572.102772][ T9641] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 572.180741][ T2071] usb 4-1: USB disconnect, device number 28 [ 572.201555][ T9644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.226135][ T9644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.562924][ C0] vkms_vblank_simulate: vblank timer overrun [ 573.047075][ T5853] usb 2-1: USB disconnect, device number 32 [ 573.618857][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.294401][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.348330][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.435951][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.535103][ T9666] fuse: Bad value for 'group_id' [ 574.535144][ T9666] fuse: Bad value for 'group_id' [ 574.959464][ T5912] Error reading MAC address [ 575.163024][ T5912] usb 3-1: USB disconnect, device number 33 [ 575.365866][ T9670] fuse: Bad value for 'group_id' [ 575.365945][ T9670] fuse: Bad value for 'group_id' [ 575.369540][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.484056][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.525099][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.783057][ C0] vkms_vblank_simulate: vblank timer overrun [ 575.938364][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.092577][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.719309][ T5926] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 577.885439][ T5926] usb 4-1: Using ep0 maxpacket: 8 [ 577.891161][ T5926] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 577.891184][ T5926] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 577.891203][ T5926] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 577.891221][ T5926] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 577.891273][ T5926] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 577.891290][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.085410][ T31] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 578.189587][ T5926] usb 4-1: GET_CAPABILITIES returned 0 [ 578.189639][ T5926] usbtmc 4-1:16.0: can't read capabilities [ 578.243795][ T31] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 578.243831][ T31] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 578.243856][ T31] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 578.243895][ T31] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 578.243915][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.726044][ T5927] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 579.747863][ T9702] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 579.754333][ T31] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 579.786039][ T9711] fuse: Bad value for 'group_id' [ 579.786052][ T9711] fuse: Bad value for 'group_id' [ 579.786320][ T5926] usb 4-1: USB disconnect, device number 29 [ 579.875396][ T5927] usb 2-1: Using ep0 maxpacket: 8 [ 579.877842][ T5927] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 579.877870][ T5927] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 579.877895][ T5927] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 579.877918][ T5927] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 579.877962][ T5927] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 579.877985][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.155405][ T9702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.181833][ T9702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.285822][ T2071] usb 1-1: USB disconnect, device number 29 [ 580.341562][ T9725] FAULT_INJECTION: forcing a failure. [ 580.341562][ T9725] name failslab, interval 1, probability 0, space 0, times 0 [ 580.341602][ T9725] CPU: 1 UID: 0 PID: 9725 Comm: syz.3.1065 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 580.341624][ T9725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 580.341637][ T9725] Call Trace: [ 580.341646][ T9725] [ 580.341655][ T9725] dump_stack_lvl+0x189/0x250 [ 580.341695][ T9725] ? __pfx____ratelimit+0x10/0x10 [ 580.341726][ T9725] ? __pfx_dump_stack_lvl+0x10/0x10 [ 580.341754][ T9725] ? __pfx__printk+0x10/0x10 [ 580.341796][ T9725] ? __pfx___might_resched+0x10/0x10 [ 580.341823][ T9725] should_fail_ex+0x46c/0x600 [ 580.341858][ T9725] should_failslab+0xa8/0x100 [ 580.341887][ T9725] __kmalloc_noprof+0xcb/0x430 [ 580.341912][ T9725] ? tomoyo_encode+0x28b/0x550 [ 580.341948][ T9725] tomoyo_encode+0x28b/0x550 [ 580.341980][ T9725] tomoyo_realpath_from_path+0x58d/0x5d0 [ 580.342009][ T9725] ? tomoyo_domain+0xda/0x130 [ 580.342047][ T9725] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 580.342068][ T9725] tomoyo_path_number_perm+0x1e8/0x5a0 [ 580.342091][ T9725] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 580.342117][ T9725] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 580.342144][ T9725] ? lockdep_hardirqs_on+0x9c/0x150 [ 580.342179][ T9725] ? __lock_acquire+0xab9/0xd20 [ 580.342224][ T9725] ? __fget_files+0x2a/0x420 [ 580.342261][ T9725] ? __fget_files+0x2a/0x420 [ 580.342286][ T9725] ? __fget_files+0x3a6/0x420 [ 580.342311][ T9725] ? __fget_files+0x2a/0x420 [ 580.342340][ T9725] security_file_ioctl+0xcb/0x2d0 [ 580.342370][ T9725] __se_sys_ioctl+0x47/0x170 [ 580.342394][ T9725] do_syscall_64+0xfa/0x3b0 [ 580.342411][ T9725] ? lockdep_hardirqs_on+0x9c/0x150 [ 580.342439][ T9725] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.342459][ T9725] ? clear_bhb_loop+0x60/0xb0 [ 580.342482][ T9725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.342501][ T9725] RIP: 0033:0x7fe6c7c6eec9 [ 580.342519][ T9725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.342535][ T9725] RSP: 002b:00007fe6c5ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 580.342554][ T9725] RAX: ffffffffffffffda RBX: 00007fe6c7ec5fa0 RCX: 00007fe6c7c6eec9 [ 580.342569][ T9725] RDX: 0000200000002c00 RSI: 0000000000008912 RDI: 0000000000000003 [ 580.342580][ T9725] RBP: 00007fe6c5ece090 R08: 0000000000000000 R09: 0000000000000000 [ 580.342592][ T9725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 580.342603][ T9725] R13: 00007fe6c7ec6038 R14: 00007fe6c7ec5fa0 R15: 00007fff5c64f5c8 [ 580.342633][ T9725] [ 580.342654][ T9725] ERROR: Out of memory at tomoyo_realpath_from_path. [ 580.459977][ T5927] usb 2-1: GET_CAPABILITIES returned 0 [ 580.460030][ T5927] usbtmc 2-1:16.0: can't read capabilities [ 580.700131][ T31] usb 2-1: USB disconnect, device number 33 [ 582.499165][ T9758] netlink: 548 bytes leftover after parsing attributes in process `syz.3.1072'. [ 582.846700][ T9761] fuse: Bad value for 'group_id' [ 582.846727][ T9761] fuse: Bad value for 'group_id' [ 584.985355][ T5911] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 585.137675][ T5911] usb 3-1: Using ep0 maxpacket: 8 [ 585.140125][ T5911] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 585.140157][ T5911] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 585.140186][ T5911] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 585.140231][ T5911] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 585.140280][ T5911] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 585.140307][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.477573][ T5911] usb 3-1: GET_CAPABILITIES returned 0 [ 585.477625][ T5911] usbtmc 3-1:16.0: can't read capabilities [ 585.795994][ T5911] usb 3-1: USB disconnect, device number 34 [ 585.874014][ T9785] Process accounting resumed [ 586.846059][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 270 seconds [ 586.846120][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 270 seconds [ 586.846157][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 270 seconds [ 586.846193][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 270 seconds [ 587.285909][ T6068] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 588.459927][ T6068] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 588.459972][ T6068] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 588.459998][ T6068] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 588.460043][ T6068] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 588.460085][ T6068] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.486490][ T9795] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 588.493026][ T6068] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 588.709679][ T9795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.710274][ T9795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 589.019371][ T9812] fuse: Bad value for 'group_id' [ 589.019458][ T9812] fuse: Bad value for 'group_id' [ 589.293340][ T10] usb 1-1: USB disconnect, device number 30 [ 590.209427][ T6295] udevd[6295]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 590.845497][ T5853] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 591.000526][ T5853] usb 3-1: Using ep0 maxpacket: 8 [ 591.004233][ T5853] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 591.004264][ T5853] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 591.004292][ T5853] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 591.004319][ T5853] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 591.004367][ T5853] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 591.004392][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.342603][ T5853] usb 3-1: GET_CAPABILITIES returned 0 [ 592.342670][ T5853] usbtmc 3-1:16.0: can't read capabilities [ 592.346672][ T10] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 592.497721][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 592.497756][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 592.497795][ T10] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 592.497817][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.513276][ T10] usb 2-1: config 0 descriptor?? [ 592.568748][ T2071] usb 3-1: USB disconnect, device number 35 [ 593.542911][ T10] playstation 0003:054C:0DF2.000D: unbalanced delimiter at end of report description [ 593.543686][ T10] playstation 0003:054C:0DF2.000D: Parse failed [ 593.543762][ T10] playstation 0003:054C:0DF2.000D: probe with driver playstation failed with error -22 [ 593.817050][ T5927] usb 2-1: USB disconnect, device number 34 [ 594.857931][ T9866] overlay: Unknown parameter 'hash' [ 594.892124][ T9867] fuse: Bad value for 'group_id' [ 594.892158][ T9867] fuse: Bad value for 'group_id' [ 595.102065][ T9873] fuse: Bad value for 'group_id' [ 595.102090][ T9873] fuse: Bad value for 'group_id' [ 595.449922][ T9874] overlay: Unknown parameter 'hash' [ 597.591347][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.838144][ T10] usb 5-1: new low-speed USB device number 34 using dummy_hcd [ 598.073891][ T10] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 598.073927][ T10] usb 5-1: config 179 has no interface number 0 [ 598.073976][ T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 598.074005][ T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 598.074029][ T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 598.074055][ T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8 [ 598.074084][ T10] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 598.074129][ T10] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 598.074152][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.179176][ T9887] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 598.221381][ T10] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 598.244496][ T10] xpad 5-1:179.65: probe with driver xpad failed with error -90 [ 598.450378][ T10] usb 5-1: USB disconnect, device number 34 [ 598.735414][ T6068] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 598.895411][ T6068] usb 1-1: Using ep0 maxpacket: 8 [ 598.898351][ T6068] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 598.898386][ T6068] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 598.898411][ T6068] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 598.898434][ T6068] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 598.898477][ T6068] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 598.898499][ T6068] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.158544][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.207719][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.331021][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.364059][ T6068] usb 1-1: GET_CAPABILITIES returned 0 [ 599.364073][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.364513][ T6068] usbtmc 1-1:16.0: can't read capabilities [ 599.426744][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.527219][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.549961][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.639795][ T6068] usb 1-1: USB disconnect, device number 31 [ 600.038527][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.066241][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.157879][ C0] vkms_vblank_simulate: vblank timer overrun [ 602.350953][ T9926] warning: `syz.0.1123' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 602.375910][ T9921] fuse: Bad value for 'group_id' [ 602.375945][ T9921] fuse: Bad value for 'group_id' [ 602.891105][ T9931] overlay: Unknown parameter 'hash' [ 602.982371][ T9924] fuse: Bad value for 'group_id' [ 602.982388][ T9924] fuse: Bad value for 'group_id' [ 603.585876][ T9936] overlay: Bad value for 'redirect_dir' [ 605.006103][ T9951] fuse: Bad value for 'group_id' [ 605.006145][ T9951] fuse: Bad value for 'group_id' [ 605.625509][ T2071] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 606.526012][ T2071] usb 4-1: Using ep0 maxpacket: 8 [ 606.540880][ T2071] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 606.540912][ T2071] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 606.540940][ T2071] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 606.540966][ T2071] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 606.541014][ T2071] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 606.541041][ T2071] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.813151][ T2071] usb 4-1: GET_CAPABILITIES returned 0 [ 606.813202][ T2071] usbtmc 4-1:16.0: can't read capabilities [ 607.364626][ T9970] overlay: Bad value for 'redirect_dir' [ 607.658821][ T5911] usb 4-1: USB disconnect, device number 30 [ 608.045339][ T6068] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 610.606387][ T6068] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 610.606424][ T6068] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.044342][ T6068] usb 3-1: config 0 descriptor?? [ 611.425728][ T6068] usb 3-1: can't set config #0, error -71 [ 611.457643][ T6068] usb 3-1: USB disconnect, device number 36 [ 611.587515][ T9987] fuse: Bad value for 'group_id' [ 611.587552][ T9987] fuse: Bad value for 'group_id' [ 611.625853][ T9994] overlay: Unknown parameter 'hash' [ 612.427234][ T6068] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 612.980954][ T6068] usb 3-1: Using ep0 maxpacket: 16 [ 612.983635][ T6068] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 612.983687][ T6068] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 612.983710][ T6068] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 612.996259][ T6068] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 612.996285][ T6068] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.996308][ T6068] usb 3-1: Product: syz [ 612.996323][ T6068] usb 3-1: Manufacturer: syz [ 612.996339][ T6068] usb 3-1: SerialNumber: syz [ 613.072105][ T6068] usb 3-1: config 0 descriptor?? [ 613.105916][ T6068] mcba_usb 3-1:0.0: Can't find endpoints [ 613.885695][ T9628] Bluetooth: hci4: command 0x0406 tx timeout [ 613.890882][T10015] overlay: Unknown parameter 'hash' [ 613.910714][ T9999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 613.914102][ T9999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 613.968237][ T6068] usb 3-1: USB disconnect, device number 37 [ 616.966898][T10041] sp0: Synchronizing with TNC [ 617.165459][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 300 seconds [ 617.165527][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 300 seconds [ 617.165583][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 300 seconds [ 617.165614][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 300 seconds [ 617.500568][T10054] fuse: Unknown parameter '' [ 617.723778][T10058] overlay: Unknown parameter 'hash' [ 619.772178][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 619.772238][ T38] audit: type=1326 audit(1758672396.894:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.772921][ T38] audit: type=1326 audit(1758672396.894:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.773391][ T38] audit: type=1326 audit(1758672396.894:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.773800][ T38] audit: type=1326 audit(1758672396.894:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.774269][ T38] audit: type=1326 audit(1758672396.894:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.774744][ T38] audit: type=1326 audit(1758672396.904:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.776645][ T38] audit: type=1326 audit(1758672396.904:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.777181][ T38] audit: type=1326 audit(1758672396.904:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 619.777723][ T38] audit: type=1326 audit(1758672396.904:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 620.524330][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.654511][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.661256][ T38] audit: type=1326 audit(1758672396.904:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10061 comm="syz.2.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 621.284252][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.502997][T10077] 9pnet_fd: Insufficient options for proto=fd [ 621.578941][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.637994][T10081] overlay: Bad value for 'redirect_dir' [ 621.672963][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.892201][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.372431][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.349146][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.838404][T10092] FAULT_INJECTION: forcing a failure. [ 625.838404][T10092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.838503][T10092] CPU: 0 UID: 0 PID: 10092 Comm: syz.4.1169 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 625.838526][T10092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 625.838538][T10092] Call Trace: [ 625.838547][T10092] [ 625.838556][T10092] dump_stack_lvl+0x189/0x250 [ 625.838599][T10092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 625.838628][T10092] ? __pfx__printk+0x10/0x10 [ 625.838661][T10092] should_fail_ex+0x46c/0x600 [ 625.838698][T10092] _copy_to_user+0x31/0xb0 [ 625.838742][T10092] simple_read_from_buffer+0xe1/0x170 [ 625.838786][T10092] proc_fail_nth_read+0x1b6/0x220 [ 625.838814][T10092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 625.838840][T10092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 625.838862][T10092] vfs_read+0x206/0xa30 [ 625.838885][T10092] ? preempt_schedule_thunk+0x16/0x30 [ 625.838917][T10092] ? __pfx_vfs_read+0x10/0x10 [ 625.838937][T10092] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 625.838976][T10092] ? mutex_lock_nested+0x154/0x1d0 [ 625.838999][T10092] ? fdget_pos+0x253/0x320 [ 625.839038][T10092] ksys_read+0x14b/0x260 [ 625.839076][T10092] ? __pfx_ksys_read+0x10/0x10 [ 625.839112][T10092] do_syscall_64+0xfa/0x3b0 [ 625.839133][T10092] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.839152][T10092] ? asm_sysvec_call_function_single+0x1a/0x20 [ 625.839172][T10092] ? clear_bhb_loop+0x60/0xb0 [ 625.839196][T10092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.839215][T10092] RIP: 0033:0x7fd3ffa0d8dc [ 625.839234][T10092] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 625.839252][T10092] RSP: 002b:00007fd3fdc1a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 625.839284][T10092] RAX: ffffffffffffffda RBX: 00007fd3ffc66090 RCX: 00007fd3ffa0d8dc [ 625.839298][T10092] RDX: 000000000000000f RSI: 00007fd3fdc1a0a0 RDI: 0000000000000005 [ 625.839310][T10092] RBP: 00007fd3fdc1a090 R08: 0000000000000000 R09: 0000000000000000 [ 625.839322][T10092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.839332][T10092] R13: 00007fd3ffc66128 R14: 00007fd3ffc66090 R15: 00007ffcea92e588 [ 625.839362][T10092] [ 626.645169][T10095] fuse: Bad value for 'group_id' [ 626.645187][T10095] fuse: Bad value for 'group_id' [ 626.938312][T10094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 626.987357][T10094] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 627.149479][ T6068] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 627.149532][ T6068] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 627.798344][ T6043] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 627.996428][ T78] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 628.167624][ T78] wlan1: authentication with 08:02:11:00:00:00 timed out [ 628.282696][T10113] overlay: Unknown parameter 'hash' [ 628.338155][T10110] fuse: Unknown parameter '' [ 629.219988][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 629.220040][ T38] audit: type=1326 audit(1758672405.704:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220159][ T38] audit: type=1326 audit(1758672405.704:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220314][ T38] audit: type=1326 audit(1758672405.704:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220414][ T38] audit: type=1326 audit(1758672405.714:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220472][ T38] audit: type=1326 audit(1758672405.714:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220733][ T38] audit: type=1326 audit(1758672405.724:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220782][ T38] audit: type=1326 audit(1758672405.724:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.220830][ T38] audit: type=1326 audit(1758672405.734:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.221062][ T38] audit: type=1326 audit(1758672405.734:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 629.221199][ T38] audit: type=1326 audit(1758672405.734:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10108 comm="syz.0.1175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 632.472538][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 632.472787][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 633.887715][T10142] overlay: Bad value for 'redirect_dir' [ 633.891759][T10146] fuse: Bad value for 'group_id' [ 633.891780][T10146] fuse: Bad value for 'group_id' [ 636.169200][T10167] fuse: Unknown parameter '' [ 645.210064][ T38] kauditd_printk_skb: 18 callbacks suppressed [ 645.210184][ T38] audit: type=1326 audit(1758672422.294:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.210778][ T38] audit: type=1326 audit(1758672422.294:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.211309][ T38] audit: type=1326 audit(1758672422.294:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.211772][ T38] audit: type=1326 audit(1758672422.294:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.212376][ T38] audit: type=1326 audit(1758672422.294:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.212802][ T38] audit: type=1326 audit(1758672422.304:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.743533][ T38] audit: type=1326 audit(1758672422.304:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.743594][ T38] audit: type=1326 audit(1758672422.304:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.743638][ T38] audit: type=1326 audit(1758672422.304:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 645.743681][ T38] audit: type=1326 audit(1758672422.304:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10192 comm="syz.4.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 646.126570][T10202] overlay: Unknown parameter 'hash' [ 646.535589][ T31] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 646.705406][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 646.723367][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 646.723419][ T31] usb 4-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 646.723443][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.744996][ T31] usb 4-1: config 0 descriptor?? [ 647.135499][ T31] usbhid 4-1:0.0: can't add hid device: -71 [ 647.135640][ T31] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 647.165926][ T31] usb 4-1: USB disconnect, device number 31 [ 647.265380][ T63] block nbd0: Possible stuck request ffff888024e17000: control (read@0,1024B). Runtime 330 seconds [ 647.265435][ T63] block nbd0: Possible stuck request ffff888024e171c0: control (read@1024,1024B). Runtime 330 seconds [ 647.265467][ T63] block nbd0: Possible stuck request ffff888024e17380: control (read@2048,1024B). Runtime 330 seconds [ 647.265497][ T63] block nbd0: Possible stuck request ffff888024e17540: control (read@3072,1024B). Runtime 330 seconds [ 650.336643][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 651.571934][ T10] usb 1-1: device descriptor read/all, error -71 [ 651.593272][T10243] fuse: Unknown parameter '' [ 656.980360][ T38] kauditd_printk_skb: 7 callbacks suppressed [ 656.980383][ T38] audit: type=1326 audit(1758672434.204:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 656.980438][ T38] audit: type=1326 audit(1758672434.204:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 656.982626][ T38] audit: type=1326 audit(1758672434.214:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.072154][T10263] overlay: Unknown parameter 'hash' [ 657.149849][ T38] audit: type=1326 audit(1758672434.354:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.149908][ T38] audit: type=1326 audit(1758672434.354:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.149948][ T38] audit: type=1326 audit(1758672434.384:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.149989][ T38] audit: type=1326 audit(1758672434.384:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.150032][ T38] audit: type=1326 audit(1758672434.384:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.264256][ T38] audit: type=1326 audit(1758672434.494:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 657.290821][ T38] audit: type=1326 audit(1758672434.524:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10253 comm="syz.4.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 658.247363][T10279] netlink: 548 bytes leftover after parsing attributes in process `syz.3.1216'. [ 659.145461][ T8134] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 660.369086][ T8134] usb 4-1: Using ep0 maxpacket: 16 [ 660.869413][ T8134] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.869471][ T8134] usb 4-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 660.869495][ T8134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.907464][ T8134] usb 4-1: config 0 descriptor?? [ 661.136269][ T8134] usbhid 4-1:0.0: can't add hid device: -71 [ 661.136397][ T8134] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 661.165412][ T8134] usb 4-1: USB disconnect, device number 32 [ 662.506169][T10308] overlay: Bad value for 'redirect_dir' [ 665.078505][ T38] kauditd_printk_skb: 4 callbacks suppressed [ 665.078568][ T38] audit: type=1326 audit(1758672442.084:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.2.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 665.079117][ T38] audit: type=1326 audit(1758672442.084:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.2.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 665.408548][ T38] audit: type=1326 audit(1758672442.644:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.2.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 665.973737][ T38] audit: type=1326 audit(1758672442.884:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.2.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 665.973788][ T38] audit: type=1326 audit(1758672442.884:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10322 comm="syz.2.1230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7fd5eec9 code=0x7ffc0000 [ 666.415358][ T6068] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 666.565297][ T6068] usb 2-1: Using ep0 maxpacket: 32 [ 666.570956][ T6068] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 666.571004][ T6068] usb 2-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30 [ 666.571049][ T6068] usb 2-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69 [ 666.571079][ T6068] usb 2-1: config 0 interface 0 has no altsetting 0 [ 666.642986][ T6068] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 666.643017][ T6068] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 666.643037][ T6068] usb 2-1: SerialNumber: syz [ 666.782847][ C1] vkms_vblank_simulate: vblank timer overrun [ 666.832011][ T6068] usb 2-1: config 0 descriptor?? [ 666.853318][ T6068] usb-storage 2-1:0.0: USB Mass Storage device detected [ 666.879013][ T6068] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 666.955969][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.175465][ T5927] usb 2-1: USB disconnect, device number 35 [ 667.504540][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.646343][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.705122][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.181379][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.445239][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.633061][ T38] audit: type=1326 audit(1758672445.864:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10354 comm="syz.4.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 668.665691][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.721923][ T38] audit: type=1326 audit(1758672445.864:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10354 comm="syz.4.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 668.722004][ T38] audit: type=1326 audit(1758672445.954:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10354 comm="syz.4.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 668.722045][ T38] audit: type=1326 audit(1758672445.954:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10354 comm="syz.4.1237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ffa0eec9 code=0x7ffc0000 [ 669.209526][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.375739][ C1] vkms_vblank_simulate: vblank timer overrun [ 670.035055][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.277086][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.453309][ T38] audit: type=1326 audit(1758672448.644:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.453683][ T38] audit: type=1326 audit(1758672448.644:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.454194][ T38] audit: type=1326 audit(1758672448.654:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.454539][ T38] audit: type=1326 audit(1758672448.654:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.454830][ T38] audit: type=1326 audit(1758672448.654:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.456023][ T38] audit: type=1326 audit(1758672448.664:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.456487][ T38] audit: type=1326 audit(1758672448.674:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.456804][ T38] audit: type=1326 audit(1758672448.674:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.457016][ T38] audit: type=1326 audit(1758672448.674:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 671.457440][ T38] audit: type=1326 audit(1758672448.684:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10380 comm="syz.0.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1a1c2eec9 code=0x7ffc0000 [ 672.832331][T10395] overlayfs: failed to resolve './file0': -2 [ 672.862998][T10241] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 673.076277][T10241] usb 4-1: Using ep0 maxpacket: 32 [ 674.021014][T10241] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 674.021069][T10241] usb 4-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30 [ 674.021119][T10241] usb 4-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69 [ 674.021150][T10241] usb 4-1: config 0 interface 0 has no altsetting 0 [ 674.076370][T10241] usb 4-1: New USB device found, idVendor=1[ 674.076370][T10241] usb 4-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 674.076400][T10241] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 674.076421][T10241] usb 4-1: SerialNumber: syz [ 674.085863][ T39] INFO: task udevd:6054 blocked for more than 146 seconds. [ 674.085887][ T39] Not tainted syzkaller #0 [ 674.085900][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 674.085911][ T39] task:udevd state:D stack:20120 pid:6054 tgid:6054 ppid:5205 task_flags:0x400140 flags:0x00004006 [ 674.086058][ T39] Call Trace: [ 674.086068][ T39] [ 674.086084][ T39] __schedule+0x16f3/0x4c20 [ 674.086162][ T39] ? __pfx___schedule+0x10/0x10 [ 674.086212][ T39] ? schedule+0x91/0x360 [ 674.086247][ T39] schedule+0x165/0x360 [ 674.086281][ T39] io_schedule+0x81/0xe0 [ 674.086317][ T39] folio_wait_bit_common+0x6b5/0xb90 [ 674.086358][ T39] ? filemap_get_entry+0xad/0x2f0 [ 674.086411][ T39] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 674.086447][ T39] ? __pfx_wake_page_function+0x10/0x10 [ 674.086491][ T39] ? filemap_add_folio+0x1af/0x270 [ 674.086529][ T39] ? __filemap_get_folio+0x6ed/0xa40 [ 674.086561][ T39] ? __pfx_blkdev_read_folio+0x10/0x10 [ 674.086600][ T39] do_read_cache_folio+0x1a4/0x560 [ 674.086622][ T39] ? __pfx_blkdev_read_folio+0x10/0x10 [ 674.086655][ T39] read_part_sector+0xb8/0x2b0 [ 674.086684][ T39] adfspart_check_POWERTEC+0x8c/0xf30 [ 674.086720][ T39] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 674.086743][ T39] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 674.086765][ T39] ? set_page_refcounted+0xa0/0x1e0 [ 674.086810][ T39] bdev_disk_changed+0x75f/0x14b0 [ 674.086855][ T39] ? __pfx_bdev_disk_changed+0x10/0x10 [ 674.086888][ T39] blkdev_get_whole+0x2e5/0x480 [ 674.086919][ T39] bdev_open+0x31e/0xcc0 [ 674.086955][ T39] blkdev_open+0x46c/0x610 [ 674.086985][ T39] ? __pfx_blkdev_open+0x10/0x10 [ 674.087010][ T39] do_dentry_open+0x9b1/0x1350 [ 674.087047][ T39] vfs_open+0x3b/0x350 [ 674.087064][ T39] ? path_openat+0x2ed9/0x3840 [ 674.087092][ T39] path_openat+0x2ef1/0x3840 [ 674.087125][ T39] ? try_to_take_rt_mutex+0x840/0xb00 [ 674.087181][ T39] ? __pfx_path_openat+0x10/0x10 [ 674.087214][ T39] ? do_raw_spin_lock+0x121/0x290 [ 674.087256][ T39] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 674.087287][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 674.087322][ T39] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 674.087361][ T39] do_filp_open+0x1fa/0x410 [ 674.087388][ T39] ? __pfx_do_filp_open+0x10/0x10 [ 674.087409][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 674.087461][ T39] ? alloc_fd+0x64f/0x6c0 [ 674.087510][ T39] do_sys_openat2+0x121/0x1c0 [ 674.087531][ T39] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 674.087560][ T39] ? __pfx_do_sys_openat2+0x10/0x10 [ 674.087589][ T39] ? rcu_is_watching+0x15/0xb0 [ 674.087629][ T39] __x64_sys_openat+0x138/0x170 [ 674.087657][ T39] do_syscall_64+0xfa/0x3b0 [ 674.087676][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 674.087706][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.087728][ T39] ? clear_bhb_loop+0x60/0xb0 [ 674.087754][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.087774][ T39] RIP: 0033:0x7f72ad6fc407 [ 674.087794][ T39] RSP: 002b:00007fff4eafae60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 674.087817][ T39] RAX: ffffffffffffffda RBX: 00007f72ad60e880 RCX: 00007f72ad6fc407 [ 674.087833][ T39] RDX: 00000000000a0800 RSI: 00005643812930f0 RDI: ffffffffffffff9c [ 674.087847][ T39] RBP: 000056438127b910 R08: 0000000000000000 R09: 0000000000000000 [ 674.087860][ T39] R10: 0000000000000000 R11: 0000000000000202 R12: 000056438128fba0 [ 674.087875][ T39] R13: 0000564381289190 R14: 0000000000000000 R15: 000056438128fba0 [ 674.087907][ T39] [ 674.087947][ T39] [ 674.087947][ T39] Showing all locks held in the system: [ 674.087961][ T39] 4 locks held by pr/legacy/17: [ 674.087983][ T39] 3 locks held by kdevtmpfs/33: [ 674.087995][ T39] 1 lock held by khungtaskd/39: [ 674.088007][ T39] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 674.088091][ T39] 2 locks held by kworker/u8:8/1479: [ 674.088103][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 674.088161][ T39] #1: ffffc900055e7bc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 674.088239][ T39] 2 locks held by kworker/u8:10/3509: [ 674.088255][ T39] 1 lock held by udevd/5205: [ 674.088268][ T39] 2 locks held by getty/5597: [ 674.088279][ T39] #0: ffff88823bf7e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 674.088345][ T39] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 674.088401][ T39] 9 locks held by syz-executor/5850: [ 674.088422][ T39] 2 locks held by kworker/0:6/5927: [ 674.088436][ T39] 1 lock held by udevd/6054: [ 674.088446][ T39] #0: ffff888024cfa4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 674.088502][ T39] 3 locks held by kworker/0:9/10241: [ 674.088514][ T39] 5 locks held by syz.4.1237/10357: [ 674.088526][ T39] 2 locks held by syz.1.1246/10392: [ 674.088539][ T39] 4 locks held by syz.3.1248/10390: [ 674.088562][ T39] [ 674.088572][ T39] ============================================= [ 674.088572][ T39] [ 674.088592][ T39] NMI backtrace for cpu 0 [ 674.088611][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 674.088634][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 674.088646][ T39] Call Trace: [ 674.088654][ T39] [ 674.088662][ T39] dump_stack_lvl+0x189/0x250 [ 674.088701][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.088732][ T39] ? __pfx__printk+0x10/0x10 [ 674.088767][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 674.088799][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 674.088829][ T39] ? __pfx__printk+0x10/0x10 [ 674.088856][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 674.088887][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 674.088918][ T39] watchdog+0xf93/0xfe0 [ 674.088953][ T39] ? watchdog+0x1de/0xfe0 [ 674.088985][ T39] kthread+0x70e/0x8a0 [ 674.089021][ T39] ? __pfx_watchdog+0x10/0x10 [ 674.089046][ T39] ? __pfx_kthread+0x10/0x10 [ 674.089081][ T39] ? __pfx_kthread+0x10/0x10 [ 674.089114][ T39] ret_from_fork+0x436/0x7d0 [ 674.089145][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 674.089177][ T39] ? __switch_to_asm+0x39/0x70 [ 674.089195][ T39] ? __switch_to_asm+0x33/0x70 [ 674.089212][ T39] ? __pfx_kthread+0x10/0x10 [ 674.089244][ T39] ret_from_fork_asm+0x1a/0x30 [ 674.089280][ T39] [ 674.089287][ T39] Sending NMI from CPU 0 to CPUs 1: [ 674.089328][ C1] NMI backtrace for cpu 1 [ 674.089341][ C1] CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 674.089359][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 674.089367][ C1] RIP: 0010:io_serial_in+0x77/0xc0 [ 674.089396][ C1] Code: e8 2e 3b 7f fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 9f 81 de fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f e9 5a 8d bb 05 cc 44 89 f9 80 e1 07 [ 674.089410][ C1] RSP: 0018:ffffc90000167890 EFLAGS: 00000202 [ 674.089423][ C1] RAX: 1ffffffff3275c00 RBX: 00000000000003fd RCX: 0000000000000000 [ 674.089433][ C1] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000 [ 674.089443][ C1] RBP: ffffffff993ae890 R08: 0000000000000000 R09: 0000000000000000 [ 674.089452][ C1] R10: dffffc0000000000 R11: ffffffff853f32c0 R12: dffffc0000000000 [ 674.089464][ C1] R13: 0000000000000000 R14: ffffffff993ae600 R15: 0000000000000000 [ 674.089474][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 674.089488][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 674.089499][ C1] CR2: 00007f5b80ae56c0 CR3: 0000000032fdc000 CR4: 00000000003526f0 [ 674.089512][ C1] Call Trace: [ 674.089518][ C1] [ 674.089525][ C1] wait_for_lsr+0x1a7/0x2f0 [ 674.089550][ C1] serial8250_console_write+0x11bd/0x1b40 [ 674.089579][ C1] ? __pfx_serial8250_console_write+0x10/0x10 [ 674.089596][ C1] ? console_flush_all+0x13a/0xcd0 [ 674.089618][ C1] ? console_flush_all+0x476/0xcd0 [ 674.089636][ C1] console_flush_all+0x695/0xcd0 [ 674.089655][ C1] ? console_flush_all+0x13a/0xcd0 [ 674.089675][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 674.089692][ C1] ? __lock_acquire+0xab9/0xd20 [ 674.089719][ C1] __console_flush_and_unlock+0xa4/0x240 [ 674.089743][ C1] ? __pfx___console_flush_and_unlock+0x10/0x10 [ 674.089766][ C1] legacy_kthread_func+0x13b/0x1a0 [ 674.089786][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 674.089806][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 674.089828][ C1] ? __kthread_parkme+0x7b/0x200 [ 674.089848][ C1] ? __kthread_parkme+0x1a1/0x200 [ 674.089872][ C1] kthread+0x70e/0x8a0 [ 674.089900][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 674.089920][ C1] ? __pfx_kthread+0x10/0x10 [ 674.089945][ C1] ? __pfx_kthread+0x10/0x10 [ 674.089968][ C1] ret_from_fork+0x436/0x7d0 [ 674.089989][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 674.090012][ C1] ? __switch_to_asm+0x39/0x70 [ 674.090027][ C1] ? __switch_to_asm+0x33/0x70 [ 674.090041][ C1] ? __pfx_kthread+0x10/0x10 [ 674.090065][ C1] ret_from_fork_asm+0x1a/0x30 [ 674.090087][ C1] [ 674.090321][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 674.090339][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 674.090367][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 674.090382][ T39] Call Trace: [ 674.090392][ T39] [ 674.090401][ T39] dump_stack_lvl+0x99/0x250 [ 674.090438][ T39] ? __asan_memcpy+0x40/0x70 [ 674.090468][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.090514][ T39] ? __pfx__printk+0x10/0x10 [ 674.090555][ T39] vpanic+0x281/0x750 [ 674.090596][ T39] ? __pfx_vpanic+0x10/0x10 [ 674.090628][ T39] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 674.090655][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 674.090706][ T39] panic+0xb9/0xc0 [ 674.090739][ T39] ? __pfx_panic+0x10/0x10 [ 674.090778][ T39] ? irq_work_queue+0xc3/0x140 [ 674.090818][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 674.090854][ T39] watchdog+0xfd2/0xfe0 [ 674.090891][ T39] ? watchdog+0x1de/0xfe0 [ 674.090930][ T39] kthread+0x70e/0x8a0 [ 674.090971][ T39] ? __pfx_watchdog+0x10/0x10 [ 674.091007][ T39] ? __pfx_kthread+0x10/0x10 [ 674.091049][ T39] ? __pfx_kthread+0x10/0x10 [ 674.091089][ T39] ret_from_fork+0x436/0x7d0 [ 674.091123][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 674.091163][ T39] ? __switch_to_asm+0x39/0x70 [ 674.091184][ T39] ? __switch_to_asm+0x33/0x70 [ 674.091208][ T39] ? __pfx_kthread+0x10/0x10 [ 674.091261][ T39] ret_from_fork_asm+0x1a/0x30 [ 674.091303][ T39] [ 674.091846][ T39] Kernel Offset: disabled