last executing test programs: 18m12.079523727s ago: executing program 3 (id=1540): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) capset(&(0x7f0000000040)={0x20080522}, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/user\x00') open_by_handle_at(r3, &(0x7f0000000000)=ANY=[], 0x20201) r4 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x68) fallocate(r4, 0x0, 0x0, 0x1001ed) 18m10.790707106s ago: executing program 3 (id=1546): socket(0x10, 0x80002, 0xfffffffa) socket(0x10, 0x2, 0x40002) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'geneve0\x00'}) socket$igmp6(0xa, 0x3, 0x2) socket(0x1, 0x5, 0x9) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r3, r3, 0x0, 0x2000fb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 18m8.885530883s ago: executing program 3 (id=1553): socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f0000000000)='cifs\x00', 0x0) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$update(0x2, r3, &(0x7f0000000140)="c4", 0x1) 18m7.325047291s ago: executing program 3 (id=1556): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) setregid(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r3, 0x5421, &(0x7f0000000100)=0x9) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r3) 18m5.901453376s ago: executing program 3 (id=1560): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r1, 0x0, 0x0) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) r2 = socket(0x15, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r3, 0xda90) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) pipe(0x0) 18m2.491985257s ago: executing program 3 (id=1568): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) close(r3) io_uring_enter(0xffffffffffffffff, 0x1f85, 0x40110a, 0x4d, 0x0, 0xa6) recvmmsg$unix(r2, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)=""/227, 0xe3}], 0x1}}], 0x1, 0x40000000, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 17m45.769020765s ago: executing program 32 (id=1568): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) close(r3) io_uring_enter(0xffffffffffffffff, 0x1f85, 0x40110a, 0x4d, 0x0, 0xa6) recvmmsg$unix(r2, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)=""/227, 0xe3}], 0x1}}], 0x1, 0x40000000, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 17m45.444790983s ago: executing program 1 (id=1607): socket$inet6(0xa, 0x1, 0x84) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17m43.939074713s ago: executing program 1 (id=1615): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @loopback, 0x0, 0x3}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x12, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x24000801, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = dup(r4) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a32000000000500010007000000140007800800134000000000080012"], 0x64}}, 0x0) 17m41.800353192s ago: executing program 1 (id=1619): syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb000000010902"], 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000af000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0x30}], 0x1, 0x50, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) pipe(&(0x7f0000000240)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17m40.234438729s ago: executing program 1 (id=1632): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x220c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80000000}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x7) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r7, 0x0) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) recvmsg(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x2) 17m38.679574332s ago: executing program 1 (id=1636): socket$netlink(0x10, 0x3, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x100) modify_ldt$write(0x1, 0x0, 0x0) r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 17m36.45549526s ago: executing program 1 (id=1645): socket$inet6_tcp(0xa, 0x1, 0x0) openat$binfmt_format(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x18) 17m21.336856429s ago: executing program 33 (id=1645): socket$inet6_tcp(0xa, 0x1, 0x0) openat$binfmt_format(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x18) 15.034224217s ago: executing program 5 (id=9403): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) write$P9_RGETLOCK(r0, &(0x7f0000000640)=ANY=[], 0x200002e6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x80) setsockopt$inet_tcp_int(r6, 0x6, 0xa88b70278d424ced, 0x0, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000001c00), 0x12) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x4a8, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x47c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x6b831d334fa62afd}, @TCA_TBF_RATE64={0xc, 0x4, 0xa50eb01c46e5c50e}, @TCA_TBF_BURST={0x8, 0x6, 0x9}, @TCA_TBF_PRATE64={0xc, 0x5, 0x60661c3ab779d695}, @TCA_TBF_PARMS={0x28, 0x1, {{0xd3, 0x2, 0x86, 0x93, 0x7, 0x3}, {0x9, 0x2, 0x1, 0xfff9, 0x0, 0x8}, 0x9, 0xb0, 0x5b3}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x8de62221e0745a92}, @TCA_TBF_RATE64={0xc, 0x4, 0x587d37f9ff5367ff}, @TCA_TBF_PTAB={0x404, 0x3, [0x7, 0x8, 0x6, 0x588, 0x0, 0x6, 0x8, 0x1000, 0x7, 0xcc9, 0x6ea9, 0x72b4, 0x1, 0x2, 0x884d, 0x40, 0x3, 0xffffffff, 0x9, 0xedc6, 0x2, 0x0, 0x7, 0x7, 0x8, 0x80, 0x4, 0x8, 0xb, 0x558, 0xa, 0x200, 0x80000000, 0x0, 0x29e23545, 0x1, 0x9, 0x200, 0x1, 0x1, 0x17, 0x5, 0x10000, 0x8, 0x8, 0x1ff, 0x401, 0x80da, 0x0, 0x5, 0x40, 0x693ce487, 0x6, 0x6, 0x2, 0x7ff, 0x7fffffff, 0x3dccc518, 0x9, 0x9, 0x9, 0x8, 0x3, 0x8, 0x7, 0xfffffff7, 0x625, 0x0, 0x8e3, 0x6, 0x80000000, 0xb, 0x6, 0x4b1, 0x8dd, 0x1, 0x3, 0x400, 0x67, 0x1000000, 0xca, 0x7, 0x80000000, 0x3, 0x3, 0x10001, 0xbb, 0x80000000, 0xe378, 0x6, 0x1, 0x8, 0x1ff, 0x37b84196, 0x7, 0x824, 0x2d6, 0x9, 0xfe, 0xe3b, 0x3, 0x0, 0x1, 0x0, 0xf, 0x6, 0x5, 0x7, 0x3, 0xd908, 0x3, 0x8, 0x3, 0x4, 0x8, 0x3587c8ec, 0x7, 0xffff, 0x6, 0xd9, 0x6, 0x0, 0x2, 0x4, 0x7, 0xf, 0x3, 0x9, 0x5, 0xe, 0x5, 0x0, 0x6, 0x28000000, 0x8, 0x9, 0x1, 0x6, 0x1, 0x4, 0x2, 0x9, 0x2, 0x2800000, 0x4, 0x1, 0x8, 0xf4c, 0x9, 0xc7, 0x7fffffff, 0x16c, 0x1, 0x5, 0x0, 0x5, 0x5, 0x4, 0x6, 0x3, 0x0, 0x3, 0x10000, 0x3, 0x80, 0x3, 0x3, 0xfffffffa, 0x6, 0x54, 0x8, 0x7fff, 0xa8, 0x8, 0x10, 0x0, 0x800, 0x1, 0x8, 0x0, 0x0, 0x52f, 0x847, 0x1, 0x3, 0x7, 0x80000000, 0x64d, 0x7, 0x4, 0x3, 0x1, 0x8001, 0x2, 0x5, 0x80, 0x6299, 0x2, 0x9, 0x4, 0x9, 0x6, 0x3, 0x8, 0x3, 0x36, 0x8, 0x1, 0x2, 0x80000001, 0x6, 0x100, 0xfffffff3, 0x10, 0xd, 0xe, 0x5, 0x8, 0x83c, 0x8, 0x9, 0x7790, 0x2, 0x4, 0x7ee, 0x6e4e2f11, 0x200, 0xe, 0x4f19, 0x9, 0xff, 0x9, 0x83, 0x1, 0x8, 0x6, 0x7, 0xfffffff8, 0x0, 0x0, 0x80, 0x5, 0xffff831a, 0xe37, 0xfffffdff, 0xb3324a, 0x3, 0x6, 0x5, 0x6, 0xb, 0x6e80, 0x5, 0xb, 0x8, 0x8]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1d88}]}}]}, 0x4a8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00'}) 12.794971878s ago: executing program 5 (id=9407): socket$nl_route(0x10, 0x3, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000005880)={0x0, 0x0, &(0x7f0000005840)={&(0x7f0000000000)=@getsa={0x28, 0x12, 0x1, 0x70bd2b, 0x25dfdbfd, {@in6=@mcast1, 0x4d4, 0x2, 0xff}}, 0x28}, 0x1, 0x0, 0x0, 0x4001090}, 0x40080) setfsgid(0xee00) socket$kcm(0x10, 0x2, 0x0) 9.218514387s ago: executing program 4 (id=9428): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4}, 0x0) 9.034671508s ago: executing program 4 (id=9432): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x1, 0x5001) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x1, 0x5004) ptrace$getregset(0x4204, r0, 0x204, 0x0) ptrace(0x11, r0) 8.827595309s ago: executing program 4 (id=9435): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2a140, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000540)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket(0x9, 0x803, 0xb57) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) r6 = socket$kcm(0x25, 0x1, 0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40012103) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRESHEX=r6, @ANYRES16=r4, @ANYRESHEX=r7], 0x34}, 0x1, 0x0, 0x0, 0x2000090d}, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) 8.60670426s ago: executing program 4 (id=9438): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xd, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@map_fd={0x18, 0x5, 0x1, 0x0, r0}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) symlinkat(0x0, 0xffffffffffffff9c, 0x0) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80)) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001b80), 0x2, 0x0) write$vga_arbiter(r5, &(0x7f0000001bc0)=@other={'unlock', ' ', 'none'}, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x25dfdbfb, {0xa, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3001a}, [@FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x30}}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0xfe, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0xff}}]}}}]}, 0x48}}, 0x0) syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0xdcb8, 0x10, 0x1, 0x89}, &(0x7f00000003c0), &(0x7f0000000200)) 7.043965509s ago: executing program 4 (id=9447): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000580)={{0x80}, 'port1\x00', 0x71, 0x100c75, 0x7, 0x3, 0x1ff, 0x3, 0xb597, 0x0, 0x1}) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4620, @empty}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)={0x2, 0x400000000000003, 0x0, 0x0, 0x16, 0x0, 0x70bd2b, 0x0, [@sadb_lifetime={0x4, 0x3, 0x0, 0x1, 0x7}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0xfffffffe, @private1, 0xfffffffc}}, @sadb_lifetime={0x4, 0x4, 0x0, 0x7}, @sadb_sa={0x2, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x6}, @sadb_address={0x5, 0x5, 0x0, 0x80, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x6dc6}}]}, 0xb0}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0xfe, 0xa, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc0", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}, 0x50) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x20) 6.861217409s ago: executing program 5 (id=9450): io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000200)=[@ioring_restriction_register_op={0x0, 0x1e}], 0x1) io_uring_enter(0xffffffffffffffff, 0x6eb1, 0x30a, 0x45, &(0x7f0000000100)={[0x14]}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000500)={'wlan0\x00'}) sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000080)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[], 0x120}, 0x1, 0x0, 0x0, 0x3bebd9462d7aa7f0}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x3000000000002}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x20, 0x11, 0xa01, 0x0, 0x0, {0xe0}, [@typed={0xc, 0x54, 0x0, 0x0, @u64=0x5}]}, 0x20}}, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x1) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r5 = syz_io_uring_setup(0x43, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x1a4, 0x0, r4}, &(0x7f00000004c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 6.814526681s ago: executing program 2 (id=9451): getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x0) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x202408) keyctl$chown(0x4, r0, 0xee01, 0x0) 6.257460267s ago: executing program 2 (id=9454): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8042) r1 = socket(0xa, 0x5, 0x0) listen(r1, 0x100) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x800d, 0x8, 0x100}}], 0x20, 0x4000000}, 0x8010) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0xffffffff, 0x81, 0xfffffffb}) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x0, 0x2, 0x0, 0x5a6c103, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffd, 0x4}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000001c0)={0x0, 0x8d9, 0x403, 0x9, 0xf, 0x8000}) r2 = syz_open_dev$loop(&(0x7f0000000240), 0x100000000000007, 0x0) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8074, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x6}}], [{@fsmagic={'fsmagic', 0x3d, 0x2}}]}}) 6.156955892s ago: executing program 5 (id=9455): unshare(0x2c020400) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f0000000340)) r1 = socket$unix(0x1, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000003c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0xfa, &(0x7f0000000140)=""/250, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) pipe(&(0x7f0000000000)) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)="5c00000013006bec9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc004000202080003000300000007000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 6.095316017s ago: executing program 2 (id=9457): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xd, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@map_fd={0x18, 0x5, 0x1, 0x0, r0}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) symlinkat(0x0, 0xffffffffffffff9c, 0x0) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80)) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001b80), 0x2, 0x0) write$vga_arbiter(r5, &(0x7f0000001bc0)=@other={'unlock', ' ', 'none'}, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x25dfdbfb, {0xa, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3001a}, [@FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x30}}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0xfe, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0xff}}]}}}]}, 0x48}}, 0x0) syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0xdcb8, 0x10, 0x1, 0x89}, &(0x7f00000003c0), &(0x7f0000000200)) 5.795389911s ago: executing program 4 (id=9461): socket$nl_route(0x10, 0x3, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000005880)={0x0, 0x0, &(0x7f0000005840)={&(0x7f0000000000)=@getsa={0x28, 0x12, 0x1, 0x70bd2b, 0x25dfdbfd, {@in6=@mcast1, 0x4d4, 0x2, 0xff}}, 0x28}, 0x1, 0x0, 0x0, 0x4001090}, 0x40080) setfsgid(0xee00) socket$kcm(0x10, 0x2, 0x0) 4.754333089s ago: executing program 2 (id=9466): getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x0) add_key$keyring(0x0, &(0x7f0000000480)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x202408) keyctl$chown(0x4, r0, 0xee01, 0x0) 4.743482306s ago: executing program 5 (id=9467): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001800090200000000000000000200"], 0x2c}}, 0x8000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @private=0xa010102}, 0x10) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='uid_map\x00') socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e21, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, 0x1c) connect$inet6(r6, &(0x7f00000006c0)={0xa, 0x4e1e, 0x18, @private0, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000280)={0x0, 0x3}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000240), 0x8) socket(0x1e, 0x805, 0x0) mknod$loop(0x0, 0x6000, 0x0) r7 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000000)={'\x00', 0x40, 0xe, 0x1, 0x5, 0x10}) 4.43177703s ago: executing program 2 (id=9470): sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40009}, 0x40800) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000100)={0xf, 0x1f, 0x2, 0xc522}, 0xf) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20044881) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x24) 4.282927853s ago: executing program 2 (id=9471): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000580)={{0x80}, 'port1\x00', 0x71, 0x100c75, 0x7, 0x3, 0x1ff, 0x3, 0xb597, 0x0, 0x1}) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4620, @empty}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)={0x2, 0x400000000000003, 0x0, 0x0, 0x16, 0x0, 0x70bd2b, 0x0, [@sadb_lifetime={0x4, 0x3, 0x0, 0x1, 0x7}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0xfffffffe, @private1, 0xfffffffc}}, @sadb_lifetime={0x4, 0x4, 0x0, 0x7}, @sadb_sa={0x2, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x6}, @sadb_address={0x5, 0x5, 0x0, 0x80, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x6dc6}}]}, 0xb0}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0xfe, 0xa, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc0", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}, 0x50) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x20) 3.120860684s ago: executing program 5 (id=9475): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001380)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000001400)=ANY=[@ANYBLOB='\x00\x00\x00\x00']) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x600001, 0x28) r1 = open(&(0x7f0000000340)='./file0\x00', 0x40502, 0x12) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20, 0x0, 0x0, {0x0, 0x0, 0xc85e}}, 0x20) capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000001c0)={0x0, 0x8d9, 0x403, 0x9, 0xf, 0x8000}) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", 0x0, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0}) open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r4, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x54}}, 0x4004044) fanotify_init(0xf00, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_ERRQUEUE(r6, 0x6b, 0x3, 0x0, &(0x7f0000000040)) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r7, 0x4068aea3, &(0x7f0000000240)) r8 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0) recvmsg(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20023) r9 = socket$kcm(0x2a, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r8, 0x1, 0x23, &(0x7f0000000a40)=0x2, 0x4) sendmsg$kcm(r9, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 1.679592763s ago: executing program 6 (id=9486): openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x7, 0x2, 0x0, 0x0, @msi={0xd420, 0x5, 0xa3b, 0xfffffff5}}]}) r0 = eventfd2(0x8, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r0, 0x4}) semctl$SEM_INFO(0x0, 0x2, 0x13, &(0x7f0000000000)=""/4080) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000010c0), 0x10841, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, 0x0, 0x0) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x36) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000001100)=ANY=[@ANYRESDEC=r2], 0x38}, 0x1, 0x0, 0x0, 0x8810}, 0x4c804) r5 = semget$private(0x0, 0x1, 0x100) semctl$SETVAL(r5, 0x2, 0x10, &(0x7f00000002c0)) semctl$SEM_STAT(r5, 0x2, 0x12, &(0x7f0000002000)=""/4110) 1.395595903s ago: executing program 6 (id=9488): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000001000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0369e269b6, 0x8031, 0xffffffffffffffff, 0xfffff000) r0 = syz_io_uring_setup(0x57a7, &(0x7f0000000000)={0x0, 0xb246, 0x20000, 0x0, 0x3d0}, &(0x7f00000000c0), &(0x7f0000000180)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, &(0x7f0000000180)={0x1, 0x0, [{0x0, 0x6}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = io_uring_setup(0x46eb, &(0x7f0000000100)={0x0, 0x103934, 0x4, 0x10000003, 0x339, 0x0, r0}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4082, 0xff2}], 0x0, 0x1}, 0x20) setrlimit(0xd, &(0x7f0000000200)={0x400000000000, 0x4}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) 1.071887913s ago: executing program 0 (id=9489): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x61c0, 0x700) symlinkat(&(0x7f00000001c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00') r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x1000000) linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000600)='./file7\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000640)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000680)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000740)='./file7\x00', 0xc1c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000800)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000840)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000880)='./file7\x00', 0x11c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000940)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000980)='./file7\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000009c0)='./file7\x00', 0x61c0, 0x700) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000a40)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000a80)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000ac0)='./file7\x00', 0x0) symlinkat(&(0x7f0000000b00)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000b40)='./file7\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file7\x00', 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000c00)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000c40)='./file7\x00', 0x0) 847.913427ms ago: executing program 6 (id=9490): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2a140, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000540)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket(0x9, 0x803, 0xb57) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) r6 = socket$kcm(0x25, 0x1, 0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40012103) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r7 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRESHEX=r6, @ANYRES16=r4, @ANYRESHEX=r7], 0x34}, 0x1, 0x0, 0x0, 0x2000090d}, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) 770.257048ms ago: executing program 0 (id=9491): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000200)=0x1c) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'erspan0\x00', &(0x7f0000000380)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x5, 0x800, {{0x19, 0x4, 0x1, 0x7, 0x64, 0x64, 0x0, 0xf2, 0x2f, 0x0, @multicast2, @empty, {[@generic={0x82, 0x8, "0d10dd617ab4"}, @ssrr={0x89, 0x7, 0x96, [@empty]}, @lsrr={0x83, 0xb, 0xdb, [@empty, @broadcast]}, @ssrr={0x89, 0x23, 0x19, [@empty, @broadcast, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @rand_addr=0x64010100, @broadcast, @private=0xa010102]}, @timestamp={0x44, 0x10, 0x9e, 0x0, 0x5, [0xd8f8, 0xfffffffd, 0x5]}]}}}}}) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff) add_key$user(&(0x7f0000000700), &(0x7f0000000740)={'syz', 0x2}, &(0x7f0000000800)="8dc5347bb8ce15888e8f2e5bb5d830da03051c8f8585b7656748455e00ea78ee1667161f045e939b7a26d7c80b058d296375e08281fb78f7709683c9d94f44b530267d611ad54a772275465c936980082f9210eaf91a9f064f7f3caeeb77f2fe38d81b646c0afea5b657de164fb6166f9926b4ab60d3f3a9798675b88445e667c10b30ead9300b41d288b44ccdb42bcf04c554418a45195f2341bdb75beec999", 0xa0, r3) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r4, 0x202408) keyctl$setperm(0x5, r4, 0x20925) ftruncate(r2, 0x3292e291) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff2, 0x4}, {0xfff1, 0x9}, {0x4, 0x5}}, [@TCA_RATE={0x6, 0x5, {0x4c, 0x4}}]}, 0x2c}}, 0x40000) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x101000, 0x97) r5 = openat$binfmt_register(0xffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r5, &(0x7f00000004c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x9, 0x3a, '\xbd\xb5$\\x0', 0x3a, ':dev/bus/usbF30#/00#\x00', 0x3a, './file0'}, 0x42) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000004000000711037000000000095"], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0xffffff1f, 0x70bd27, 0x1, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r9}, @IFLA_GRE_FLAGS={0x8, 0xd, 0x3}, @IFLA_GRE_FLOWINFO={0x8}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x24046010) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 631.837159ms ago: executing program 6 (id=9492): io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000200)=[@ioring_restriction_register_op={0x0, 0x1e}], 0x1) io_uring_enter(0xffffffffffffffff, 0x6eb1, 0x30a, 0x45, &(0x7f0000000100)={[0x14]}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000500)={'wlan0\x00'}) sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000080)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[], 0x120}, 0x1, 0x0, 0x0, 0x3bebd9462d7aa7f0}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x3000000000002}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4, 0x0, 0xb51b, 0x10}, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x1) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r5 = syz_io_uring_setup(0x43, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x1a4, 0x0, r4}, &(0x7f00000004c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 587.075671ms ago: executing program 0 (id=9493): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000200)=0x1c) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'erspan0\x00', &(0x7f0000000380)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x5, 0x800, {{0x19, 0x4, 0x1, 0x7, 0x64, 0x64, 0x0, 0xf2, 0x2f, 0x0, @multicast2, @empty, {[@generic={0x82, 0x8, "0d10dd617ab4"}, @ssrr={0x89, 0x7, 0x96, [@empty]}, @lsrr={0x83, 0xb, 0xdb, [@empty, @broadcast]}, @ssrr={0x89, 0x23, 0x19, [@empty, @broadcast, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @rand_addr=0x64010100, @broadcast, @private=0xa010102]}, @timestamp={0x44, 0x10, 0x9e, 0x0, 0x5, [0xd8f8, 0xfffffffd, 0x5]}]}}}}}) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff) add_key$user(&(0x7f0000000700), &(0x7f0000000740)={'syz', 0x2}, &(0x7f0000000800)="8dc5347bb8ce15888e8f2e5bb5d830da03051c8f8585b7656748455e00ea78ee1667161f045e939b7a26d7c80b058d296375e08281fb78f7709683c9d94f44b530267d611ad54a772275465c936980082f9210eaf91a9f064f7f3caeeb77f2fe38d81b646c0afea5b657de164fb6166f9926b4ab60d3f3a9798675b88445e667c10b30ead9300b41d288b44ccdb42bcf04c554418a45195f2341bdb75beec999", 0xa0, r3) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r4, 0x202408) keyctl$chown(0x4, r4, 0xee01, 0x0) ftruncate(r2, 0x3292e291) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x200, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff2, 0x4}, {0xfff1, 0x9}, {0x4, 0x5}}, [@TCA_RATE={0x6, 0x5, {0x4c, 0x4}}]}, 0x2c}}, 0x40000) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x101000, 0x97) r5 = openat$binfmt_register(0xffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r5, &(0x7f00000004c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x9, 0x3a, '\xbd\xb5$\\x0', 0x3a, ':dev/bus/usbF30#/00#\x00', 0x3a, './file0'}, 0x42) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000004000000711037000000000095"], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0xffffff1f, 0x70bd27, 0x1, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r9}, @IFLA_GRE_FLAGS={0x8, 0xd, 0x3}, @IFLA_GRE_FLOWINFO={0x8}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x24046010) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 502.15531ms ago: executing program 6 (id=9494): r0 = socket(0x21, 0x2, 0x10000000000002) openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0xffffffffffffffff, 0x1000) close(r1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20080, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x101301) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)='#(:.', 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2) getpgrp(0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000018c0), 0x0, 0x0, 0x1) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x90, 0x1, 0x2, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}}) syz_usb_connect(0x2, 0x4a, &(0x7f0000000400)=ANY=[@ANYBLOB="120100008020f010402038b1ff0104000001090238000100000000090400000544fb2f0009054beb82c500000102000905d9"], 0x0) 331.924778ms ago: executing program 0 (id=9495): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001) ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_io_uring_complete(0x0) 241.808217ms ago: executing program 0 (id=9496): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8042) r1 = socket(0xa, 0x5, 0x0) listen(r1, 0x100) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x800d, 0x8, 0x100}}], 0x20, 0x4000000}, 0x8010) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0xffffffff, 0x81, 0xfffffffb}) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x0, 0x2, 0x0, 0x5a6c103, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffd, 0x4}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000001c0)={0x0, 0x8d9, 0x403, 0x9, 0xf, 0x8000}) syz_open_dev$loop(&(0x7f0000000240), 0x100000000000007, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8074, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@afid={'afid', 0x3d, 0x6}}], [{@fsmagic={'fsmagic', 0x3d, 0x2}}]}}) 136.942567ms ago: executing program 6 (id=9497): socket$rxrpc(0x21, 0x2, 0x2) syz_open_dev$video(&(0x7f0000000100), 0x3, 0x2000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)=0x3ff) write$dsp(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x43}, {0x0, 0x192, 0x6, 0x10001, 0x100, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) syz_emit_ethernet(0x56, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x7, 0x4, 0x0, 0x3c, 0x48, 0x67, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010100, @local, {[@ssrr={0x89, 0x3, 0x1e}, @lsrr={0x83, 0x3, 0x93}]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e22}, 0x1}, 0x3}, 0x1}}}}}}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r4, 0x0, 0x0) syz_io_uring_setup(0x10ab, &(0x7f00000000c0)={0x0, 0x7496, 0x800, 0x1, 0x411001f7}, &(0x7f0000000380)=0x0, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) 0s ago: executing program 0 (id=9498): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) write$P9_RGETLOCK(r0, &(0x7f0000000640)=ANY=[], 0x200002e6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x80) setsockopt$inet_tcp_int(r6, 0x6, 0xa88b70278d424ced, 0x0, 0x0) openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = socket(0x10, 0x3, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x4a8, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x47c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x6b831d334fa62afd}, @TCA_TBF_RATE64={0xc, 0x4, 0xa50eb01c46e5c50e}, @TCA_TBF_BURST={0x8, 0x6, 0x9}, @TCA_TBF_PRATE64={0xc, 0x5, 0x60661c3ab779d695}, @TCA_TBF_PARMS={0x28, 0x1, {{0xd3, 0x2, 0x86, 0x93, 0x7, 0x3}, {0x9, 0x2, 0x1, 0xfff9, 0x0, 0x8}, 0x9, 0xb0, 0x5b3}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x8de62221e0745a92}, @TCA_TBF_RATE64={0xc, 0x4, 0x587d37f9ff5367ff}, @TCA_TBF_PTAB={0x404, 0x3, [0x7, 0x8, 0x6, 0x588, 0x0, 0x6, 0x8, 0x1000, 0x7, 0xcc9, 0x6ea9, 0x72b4, 0x1, 0x2, 0x884d, 0x40, 0x3, 0xffffffff, 0x9, 0xedc6, 0x2, 0x0, 0x7, 0x7, 0x8, 0x80, 0x4, 0x8, 0xb, 0x558, 0xa, 0x200, 0x80000000, 0x0, 0x29e23545, 0x1, 0x9, 0x200, 0x1, 0x1, 0x17, 0x5, 0x10000, 0x8, 0x8, 0x1ff, 0x401, 0x80da, 0x0, 0x5, 0x40, 0x693ce487, 0x6, 0x6, 0x2, 0x7ff, 0x7fffffff, 0x3dccc518, 0x9, 0x9, 0x9, 0x8, 0x3, 0x8, 0x7, 0xfffffff7, 0x625, 0x0, 0x8e3, 0x6, 0x80000000, 0xb, 0x6, 0x4b1, 0x8dd, 0x1, 0x3, 0x400, 0x67, 0x1000000, 0xca, 0x7, 0x80000000, 0x3, 0x3, 0x10001, 0xbb, 0x80000000, 0xe378, 0x6, 0x1, 0x8, 0x1ff, 0x37b84196, 0x7, 0x824, 0x2d6, 0x9, 0xfe, 0xe3b, 0x3, 0x0, 0x1, 0x0, 0xf, 0x6, 0x5, 0x7, 0x3, 0xd908, 0x3, 0x8, 0x3, 0x4, 0x8, 0x3587c8ec, 0x7, 0xffff, 0x6, 0xd9, 0x6, 0x0, 0x2, 0x4, 0x7, 0xf, 0x3, 0x9, 0x5, 0xe, 0x5, 0x0, 0x6, 0x28000000, 0x8, 0x9, 0x1, 0x6, 0x1, 0x4, 0x2, 0x9, 0x2, 0x2800000, 0x4, 0x1, 0x8, 0xf4c, 0x9, 0xc7, 0x7fffffff, 0x16c, 0x1, 0x5, 0x0, 0x5, 0x5, 0x4, 0x6, 0x3, 0x0, 0x3, 0x10000, 0x3, 0x80, 0x3, 0x3, 0xfffffffa, 0x6, 0x54, 0x8, 0x7fff, 0xa8, 0x8, 0x10, 0x0, 0x800, 0x1, 0x8, 0x0, 0x0, 0x52f, 0x847, 0x1, 0x3, 0x7, 0x80000000, 0x64d, 0x7, 0x4, 0x3, 0x1, 0x8001, 0x2, 0x5, 0x80, 0x6299, 0x2, 0x9, 0x4, 0x9, 0x6, 0x3, 0x8, 0x3, 0x36, 0x8, 0x1, 0x2, 0x80000001, 0x6, 0x100, 0xfffffff3, 0x10, 0xd, 0xe, 0x5, 0x8, 0x83c, 0x8, 0x9, 0x7790, 0x2, 0x4, 0x7ee, 0x6e4e2f11, 0x200, 0xe, 0x4f19, 0x9, 0xff, 0x9, 0x83, 0x1, 0x8, 0x6, 0x7, 0xfffffff8, 0x0, 0x0, 0x80, 0x5, 0xffff831a, 0xe37, 0xfffffdff, 0xb3324a, 0x3, 0x6, 0x5, 0x6, 0xb, 0x6e80, 0x5, 0xb, 0x8, 0x8]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1d88}]}}]}, 0x4a8}}, 0x0) kernel console output (not intermixed with test programs): RDI: 0000000000000003 [ 1191.730790][T25275] RBP: 00007f4362b86090 R08: 0000000000000000 R09: 0000000000000000 [ 1191.730819][T25275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1191.730829][T25275] R13: 00007f4364ba6038 R14: 00007f4364ba5fa0 R15: 00007ffff9ac2258 [ 1191.730859][T25275] [ 1191.822598][ T2170] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.073854][ T5995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.111604][ T9] usb 6-1: reset high-speed USB device number 32 using dummy_hcd [ 1192.272886][ T9] usb 6-1: device descriptor read/64, error -71 [ 1192.313047][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1192.552325][ T9] usb 6-1: reset high-speed USB device number 32 using dummy_hcd [ 1192.682407][ T9] usb 6-1: device descriptor read/64, error -71 [ 1192.943544][ T9] usb 6-1: reset high-speed USB device number 32 using dummy_hcd [ 1192.998482][ T9] usb 6-1: device descriptor read/8, error -71 [ 1193.262440][ T9] usb 6-1: reset high-speed USB device number 32 using dummy_hcd [ 1193.290350][ T9] usb 6-1: device descriptor read/8, error -71 [ 1193.372552][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1193.456182][ T9] usb 6-1: USB disconnect, device number 32 [ 1193.889062][T25326] FAULT_INJECTION: forcing a failure. [ 1193.889062][T25326] name failslab, interval 1, probability 0, space 0, times 0 [ 1193.889102][T25326] CPU: 1 UID: 0 PID: 25326 Comm: syz.6.8018 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1193.889131][T25326] Tainted: [L]=SOFTLOCKUP [ 1193.889140][T25326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1193.889153][T25326] Call Trace: [ 1193.889162][T25326] [ 1193.889171][T25326] dump_stack_lvl+0xe8/0x150 [ 1193.889210][T25326] should_fail_ex+0x46b/0x600 [ 1193.889252][T25326] should_failslab+0xa8/0x100 [ 1193.889289][T25326] kmem_cache_alloc_noprof+0x87/0x680 [ 1193.889322][T25326] ? dst_alloc+0x105/0x170 [ 1193.889449][T25326] ? fib_lookup+0x76/0x440 [ 1193.889522][T25326] dst_alloc+0x105/0x170 [ 1193.889560][T25326] ip_route_output_key_hash_rcu+0x14d0/0x25d0 [ 1193.889586][T25326] ? ip_route_output_key_hash_rcu+0x1291/0x25d0 [ 1193.889621][T25326] ? ip_route_output_key_hash+0xd8/0x2a0 [ 1193.889648][T25326] ip_route_output_key_hash+0x18d/0x2a0 [ 1193.889678][T25326] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1193.889724][T25326] tcp_v4_connect+0x716/0x1a90 [ 1193.889801][T25326] ? __pfx_tcp_v4_connect+0x10/0x10 [ 1193.889843][T25326] __inet_stream_connect+0x25a/0xdd0 [ 1193.889931][T25326] ? __pfx___inet_stream_connect+0x10/0x10 [ 1193.889959][T25326] ? __local_bh_enable+0x1e1/0x2f0 [ 1193.890011][T25326] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 1193.890043][T25326] ? lockdep_hardirqs_on+0x7a/0x110 [ 1193.890085][T25326] inet_stream_connect+0x66/0xa0 [ 1193.890117][T25326] kernel_connect+0x141/0x1c0 [ 1193.890158][T25326] ? __pfx_kernel_connect+0x10/0x10 [ 1193.890209][T25326] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 1193.890241][T25326] ? lockdep_hardirqs_on+0x7a/0x110 [ 1193.890278][T25326] smc_connect+0x7a5/0xd90 [ 1193.890373][T25326] __sys_connect+0x315/0x450 [ 1193.890406][T25326] ? __pfx___sys_connect+0x10/0x10 [ 1193.890450][T25326] ? __pfx_ksys_write+0x10/0x10 [ 1193.890493][T25326] __x64_sys_connect+0x7a/0x90 [ 1193.890523][T25326] do_syscall_64+0x14d/0xf80 [ 1193.890552][T25326] ? trace_irq_disable+0x3b/0x150 [ 1193.890579][T25326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.890603][T25326] ? clear_bhb_loop+0x40/0x90 [ 1193.890630][T25326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.890654][T25326] RIP: 0033:0x7f338262c799 [ 1193.890695][T25326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1193.890716][T25326] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1193.890740][T25326] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1193.890756][T25326] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 1193.890769][T25326] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1193.890783][T25326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1193.890795][T25326] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1193.890833][T25326] [ 1194.322597][T25330] netlink: 104 bytes leftover after parsing attributes in process `syz.0.8017'. [ 1194.392745][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1194.563237][ T6007] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1194.692430][ T6007] usb 1-1: device descriptor read/64, error -71 [ 1194.872666][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1194.962387][ T6007] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1195.092412][ T6007] usb 1-1: device descriptor read/64, error -71 [ 1195.202848][ T6007] usb usb1-port1: attempt power cycle [ 1195.435047][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1195.552399][ T6007] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1195.573268][ T6007] usb 1-1: device descriptor read/8, error -71 [ 1195.832384][ T6007] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1195.861396][ T6007] usb 1-1: device descriptor read/8, error -71 [ 1195.963931][ T6007] usb usb1-port1: unable to enumerate USB device [ 1196.474145][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1197.512988][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1197.933975][ T2170] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1198.612654][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1199.676679][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1200.728224][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1200.992461][ T2170] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1201.272328][ T6007] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1201.371234][T25491] wireguard0: entered promiscuous mode [ 1201.371261][T25491] wireguard0: entered allmulticast mode [ 1201.445276][ T6007] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1201.446817][ T6007] usb 7-1: config 63 has an invalid interface number: 66 but max is 0 [ 1201.446847][ T6007] usb 7-1: config 63 has an invalid descriptor of length 1, skipping remainder of the config [ 1201.446869][ T6007] usb 7-1: config 63 has no interface number 0 [ 1201.446903][ T6007] usb 7-1: config 63 interface 66 has no altsetting 0 [ 1201.449859][ T6007] usb 7-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 1201.449890][ T6007] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1201.449913][ T6007] usb 7-1: Product: syz [ 1201.449929][ T6007] usb 7-1: Manufacturer: syz [ 1201.449945][ T6007] usb 7-1: SerialNumber: syz [ 1201.672497][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1201.715676][T25491] team0: Device wireguard0 is of different type [ 1201.782294][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1201.783940][ T6007] uvcvideo 7-1:63.66: probe with driver uvcvideo failed with error -22 [ 1201.869226][ T6007] usb 7-1: USB disconnect, device number 15 [ 1202.802519][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1203.344326][T25527] FAULT_INJECTION: forcing a failure. [ 1203.344326][T25527] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.344367][T25527] CPU: 1 UID: 0 PID: 25527 Comm: syz.6.8096 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1203.344398][T25527] Tainted: [L]=SOFTLOCKUP [ 1203.344407][T25527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1203.344421][T25527] Call Trace: [ 1203.344430][T25527] [ 1203.344439][T25527] dump_stack_lvl+0xe8/0x150 [ 1203.344479][T25527] should_fail_ex+0x46b/0x600 [ 1203.344533][T25527] should_failslab+0xa8/0x100 [ 1203.344573][T25527] __kmalloc_noprof+0xdf/0x7b0 [ 1203.344609][T25527] ? tomoyo_encode+0x28b/0x550 [ 1203.344714][T25527] tomoyo_encode+0x28b/0x550 [ 1203.344743][T25527] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1203.344778][T25527] ? tomoyo_path_number_perm+0x219/0x630 [ 1203.344836][T25527] tomoyo_path_number_perm+0x246/0x630 [ 1203.344871][T25527] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1203.344905][T25527] ? __lock_acquire+0x6b5/0x2cf0 [ 1203.344972][T25527] ? __fget_files+0x2a/0x420 [ 1203.345005][T25527] ? __fget_files+0x2a/0x420 [ 1203.345031][T25527] ? __fget_files+0x3a6/0x420 [ 1203.345058][T25527] ? __fget_files+0x2a/0x420 [ 1203.345091][T25527] security_file_ioctl+0xc3/0x2a0 [ 1203.345195][T25527] __se_sys_ioctl+0x47/0x170 [ 1203.345266][T25527] do_syscall_64+0x14d/0xf80 [ 1203.345298][T25527] ? trace_irq_disable+0x3b/0x150 [ 1203.345325][T25527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.345349][T25527] ? clear_bhb_loop+0x40/0x90 [ 1203.345378][T25527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.345402][T25527] RIP: 0033:0x7f338262c799 [ 1203.345424][T25527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1203.345444][T25527] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1203.345467][T25527] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1203.345483][T25527] RDX: 0000200000000240 RSI: 00000000c0189374 RDI: 0000000000000003 [ 1203.345505][T25527] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1203.345519][T25527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1203.345533][T25527] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1203.345569][T25527] [ 1203.345590][T25527] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1203.832878][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1204.072850][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1204.120096][T25535] FAULT_INJECTION: forcing a failure. [ 1204.120096][T25535] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.120124][T25535] CPU: 1 UID: 0 PID: 25535 Comm: syz.6.8098 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1204.120147][T25535] Tainted: [L]=SOFTLOCKUP [ 1204.120153][T25535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1204.120163][T25535] Call Trace: [ 1204.120170][T25535] [ 1204.120177][T25535] dump_stack_lvl+0xe8/0x150 [ 1204.120206][T25535] should_fail_ex+0x46b/0x600 [ 1204.120238][T25535] should_failslab+0xa8/0x100 [ 1204.120267][T25535] __kmalloc_noprof+0xdf/0x7b0 [ 1204.120292][T25535] ? tomoyo_encode+0x28b/0x550 [ 1204.120312][T25535] tomoyo_encode+0x28b/0x550 [ 1204.120331][T25535] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1204.120355][T25535] ? tomoyo_path_number_perm+0x219/0x630 [ 1204.120378][T25535] tomoyo_path_number_perm+0x246/0x630 [ 1204.120402][T25535] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1204.120427][T25535] ? __lock_acquire+0x6b5/0x2cf0 [ 1204.120468][T25535] ? __fget_files+0x2a/0x420 [ 1204.120490][T25535] ? __fget_files+0x2a/0x420 [ 1204.120509][T25535] ? __fget_files+0x3a6/0x420 [ 1204.120528][T25535] ? __fget_files+0x2a/0x420 [ 1204.120550][T25535] security_file_ioctl+0xc3/0x2a0 [ 1204.120576][T25535] __se_sys_ioctl+0x47/0x170 [ 1204.120603][T25535] do_syscall_64+0x14d/0xf80 [ 1204.120626][T25535] ? trace_irq_disable+0x3b/0x150 [ 1204.120646][T25535] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.120663][T25535] ? clear_bhb_loop+0x40/0x90 [ 1204.120683][T25535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.120700][T25535] RIP: 0033:0x7f338262c799 [ 1204.120715][T25535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1204.120729][T25535] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1204.120746][T25535] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1204.120758][T25535] RDX: 0000200000000000 RSI: 0000000000003b72 RDI: 0000000000000003 [ 1204.120776][T25535] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1204.120786][T25535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1204.120796][T25535] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1204.120821][T25535] [ 1204.120836][T25535] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1205.291649][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1205.782470][T25551] loop4: detected capacity change from 0 to 7 [ 1205.951996][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1205.952082][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1205.952127][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001429][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001515][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001556][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001585][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001606][T25551] ldm_validate_partition_table(): Disk read failed. [ 1206.001704][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001731][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001754][T25551] Buffer I/O error on dev loop4, logical block 0, async page read [ 1206.001787][T25551] Dev loop4: unable to read RDB block 0 [ 1206.001867][T25551] loop4: unable to read partition table [ 1206.002033][T25551] loop4: partition table beyond EOD, truncated [ 1206.002088][T25551] loop_reread_partitions: partition scan of loop4 (L/e"+Gx|7ĺ,EL*z+b Gf[mfy +4%A>7I) failed (rc=-5) [ 1206.070958][T25551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8106'. [ 1206.529262][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1207.646463][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1207.894340][ T5995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1208.227881][T25582] FAULT_INJECTION: forcing a failure. [ 1208.227881][T25582] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.227987][T25582] CPU: 0 UID: 0 PID: 25582 Comm: syz.0.8117 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1208.228019][T25582] Tainted: [L]=SOFTLOCKUP [ 1208.228028][T25582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1208.228043][T25582] Call Trace: [ 1208.228053][T25582] [ 1208.228063][T25582] dump_stack_lvl+0xe8/0x150 [ 1208.228102][T25582] should_fail_ex+0x46b/0x600 [ 1208.228146][T25582] should_failslab+0xa8/0x100 [ 1208.228186][T25582] __kmalloc_noprof+0xdf/0x7b0 [ 1208.228255][T25582] ? tomoyo_encode+0x28b/0x550 [ 1208.228283][T25582] tomoyo_encode+0x28b/0x550 [ 1208.228312][T25582] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1208.228347][T25582] ? tomoyo_path_number_perm+0x219/0x630 [ 1208.228380][T25582] tomoyo_path_number_perm+0x246/0x630 [ 1208.228409][T25582] ? irqentry_exit+0x59e/0x620 [ 1208.228444][T25582] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1208.228494][T25582] ? hook_file_ioctl+0xff/0x590 [ 1208.228627][T25582] ? __rcu_read_unlock+0x83/0xe0 [ 1208.228661][T25582] ? __fget_files+0x2a/0x420 [ 1208.228689][T25582] ? __fget_files+0x3a6/0x420 [ 1208.228716][T25582] ? __fget_files+0x2a/0x420 [ 1208.228749][T25582] security_file_ioctl+0xc3/0x2a0 [ 1208.228785][T25582] __se_sys_ioctl+0x47/0x170 [ 1208.228825][T25582] do_syscall_64+0x14d/0xf80 [ 1208.228857][T25582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.228880][T25582] ? clear_bhb_loop+0x40/0x90 [ 1208.228909][T25582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.228933][T25582] RIP: 0033:0x7f436492c799 [ 1208.228955][T25582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1208.228975][T25582] RSP: 002b:00007f4362b65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1208.228998][T25582] RAX: ffffffffffffffda RBX: 00007f4364ba6090 RCX: 00007f436492c799 [ 1208.229015][T25582] RDX: 00002000000000c0 RSI: 00000000c0045627 RDI: 0000000000000005 [ 1208.229029][T25582] RBP: 00007f4362b65090 R08: 0000000000000000 R09: 0000000000000000 [ 1208.229043][T25582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1208.229056][T25582] R13: 00007f4364ba6128 R14: 00007f4364ba6090 R15: 00007ffff9ac2258 [ 1208.229090][T25582] [ 1208.229955][T25582] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1208.712954][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.016462][T25589] veth1_macvtap: left promiscuous mode [ 1209.016488][T25589] macsec0: entered promiscuous mode [ 1209.063904][T25589] veth1_macvtap: entered promiscuous mode [ 1209.064239][T25589] macsec0: left promiscuous mode [ 1209.084941][T25589] binder: BINDER_SET_CONTEXT_MGR already set [ 1209.084960][T25589] binder: 25588:25589 ioctl 4018620d 200000004a80 returned -16 [ 1209.182383][ T5861] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1209.312338][ T5861] usb 6-1: device descriptor read/64, error -71 [ 1209.752804][T21729] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1209.802917][ T5861] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1210.722312][ T5861] usb 6-1: device descriptor read/64, error -71 [ 1210.792936][ T808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1210.832806][ T5861] usb usb6-port1: attempt power cycle [ 1210.952731][ T5776] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1211.259505][ T5861] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1211.273395][ T5861] usb 6-1: device descriptor read/8, error -71 [ 1211.306583][ T5776] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1211.433000][T25635] FAULT_INJECTION: forcing a failure. [ 1211.433000][T25635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1211.433056][T25635] CPU: 0 UID: 0 PID: 25635 Comm: syz.0.8136 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1211.433091][T25635] Tainted: [L]=SOFTLOCKUP [ 1211.433099][T25635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1211.433114][T25635] Call Trace: [ 1211.433123][T25635] [ 1211.433133][T25635] dump_stack_lvl+0xe8/0x150 [ 1211.433174][T25635] should_fail_ex+0x46b/0x600 [ 1211.433221][T25635] _copy_from_user+0x2d/0xb0 [ 1211.433253][T25635] ___sys_sendmsg+0x1c6/0x360 [ 1211.433296][T25635] ? __pfx____sys_sendmsg+0x10/0x10 [ 1211.433395][T25635] ? __fget_files+0x2a/0x420 [ 1211.433426][T25635] ? __fget_files+0x3a6/0x420 [ 1211.433466][T25635] __x64_sys_sendmsg+0x1c3/0x2a0 [ 1211.433519][T25635] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1211.433635][T25635] ? __pfx_ksys_write+0x10/0x10 [ 1211.433716][T25635] do_syscall_64+0x14d/0xf80 [ 1211.433774][T25635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.433823][T25635] ? clear_bhb_loop+0x40/0x90 [ 1211.433885][T25635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.433923][T25635] RIP: 0033:0x7f436492c799 [ 1211.433959][T25635] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1211.433995][T25635] RSP: 002b:00007f4362b44028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1211.434018][T25635] RAX: ffffffffffffffda RBX: 00007f4364ba6180 RCX: 00007f436492c799 [ 1211.434050][T25635] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008 [ 1211.434067][T25635] RBP: 00007f4362b44090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.434079][T25635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1211.434089][T25635] R13: 00007f4364ba6218 R14: 00007f4364ba6180 R15: 00007ffff9ac2258 [ 1211.434118][T25635] [ 1211.532782][ T5861] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 1211.555103][ T5861] usb 6-1: device descriptor read/8, error -71 [ 1211.669939][ T5861] usb usb6-port1: unable to enumerate USB device [ 1211.969465][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1212.159479][T25642] netlink: 64 bytes leftover after parsing attributes in process `syz.5.8139'. [ 1212.471910][T25646] FAULT_INJECTION: forcing a failure. [ 1212.471910][T25646] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1212.471939][T25646] CPU: 1 UID: 0 PID: 25646 Comm: syz.6.8140 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1212.471962][T25646] Tainted: [L]=SOFTLOCKUP [ 1212.471968][T25646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1212.471978][T25646] Call Trace: [ 1212.471983][T25646] [ 1212.471990][T25646] dump_stack_lvl+0xe8/0x150 [ 1212.472019][T25646] should_fail_ex+0x46b/0x600 [ 1212.472051][T25646] _copy_to_user+0x31/0xb0 [ 1212.472073][T25646] simple_read_from_buffer+0xe1/0x170 [ 1212.472097][T25646] proc_fail_nth_read+0x1be/0x230 [ 1212.472119][T25646] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1212.472141][T25646] ? rw_verify_area+0x2ac/0x4e0 [ 1212.472197][T25646] ? tun_chr_write_iter+0x190/0x200 [ 1212.472223][T25646] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1212.472252][T25646] vfs_read+0x212/0xa80 [ 1212.472292][T25646] ? __pfx_vfs_read+0x10/0x10 [ 1212.472326][T25646] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1212.472350][T25646] ? lockdep_hardirqs_on+0x7a/0x110 [ 1212.472374][T25646] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1212.472396][T25646] ? mutex_lock_nested+0x152/0x1d0 [ 1212.472412][T25646] ? fdget_pos+0x252/0x320 [ 1212.472439][T25646] ksys_read+0x156/0x270 [ 1212.472464][T25646] ? __pfx_ksys_read+0x10/0x10 [ 1212.472496][T25646] do_syscall_64+0x14d/0xf80 [ 1212.472517][T25646] ? trace_irq_disable+0x3b/0x150 [ 1212.472537][T25646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.472554][T25646] ? clear_bhb_loop+0x40/0x90 [ 1212.472573][T25646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.472589][T25646] RIP: 0033:0x7f33825ecfce [ 1212.472605][T25646] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1212.472619][T25646] RSP: 002b:00007f3380885fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1212.472636][T25646] RAX: ffffffffffffffda RBX: 00007f33808866c0 RCX: 00007f33825ecfce [ 1212.472647][T25646] RDX: 000000000000000f RSI: 00007f33808860a0 RDI: 0000000000000003 [ 1212.472657][T25646] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1212.472667][T25646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1212.472677][T25646] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1212.472701][T25646] [ 1213.042634][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1213.279800][T25654] FAULT_INJECTION: forcing a failure. [ 1213.279800][T25654] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1213.279841][T25654] CPU: 0 UID: 0 PID: 25654 Comm: syz.6.8144 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1213.279872][T25654] Tainted: [L]=SOFTLOCKUP [ 1213.279881][T25654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1213.279895][T25654] Call Trace: [ 1213.279904][T25654] [ 1213.279913][T25654] dump_stack_lvl+0xe8/0x150 [ 1213.279954][T25654] should_fail_ex+0x46b/0x600 [ 1213.279998][T25654] prepare_alloc_pages+0x22a/0x6b0 [ 1213.280122][T25654] __alloc_frozen_pages_noprof+0x12f/0x380 [ 1213.280150][T25654] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1213.280180][T25654] ? __pfx_policy_nodemask+0x10/0x10 [ 1213.280269][T25654] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1213.280309][T25654] ? lockdep_hardirqs_on+0x7a/0x110 [ 1213.280344][T25654] alloc_pages_mpol+0xd1/0x380 [ 1213.280371][T25654] alloc_pages_noprof+0xce/0x1e0 [ 1213.280397][T25654] get_free_pages_noprof+0xf/0x80 [ 1213.280421][T25654] __kasan_populate_vmalloc+0x38/0x1d0 [ 1213.280453][T25654] ? rt_spin_unlock+0x160/0x200 [ 1213.280482][T25654] alloc_vmap_area+0xd73/0x14b0 [ 1213.280578][T25654] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1213.280612][T25654] ? __kmalloc_cache_node_noprof+0x27d/0x6c0 [ 1213.280649][T25654] ? __get_vm_area_node+0x171/0x350 [ 1213.280680][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.280711][T25654] __get_vm_area_node+0x226/0x350 [ 1213.280751][T25654] __vmalloc_node_range_noprof+0x372/0x1730 [ 1213.280786][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.280830][T25654] ? __lock_acquire+0x6b5/0x2cf0 [ 1213.280860][T25654] ? kernel_text_address+0xa5/0xe0 [ 1213.280909][T25654] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1213.280943][T25654] ? arch_stack_walk+0xfb/0x150 [ 1213.280986][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.281012][T25654] __vmalloc_noprof+0xd2/0x120 [ 1213.281045][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.281078][T25654] bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.281114][T25654] bpf_prog_alloc+0x3c/0x1a0 [ 1213.281150][T25654] bpf_prog_load+0x7ba/0x1ae0 [ 1213.281195][T25654] ? __pfx_bpf_prog_load+0x10/0x10 [ 1213.281247][T25654] ? bpf_lsm_bpf+0x9/0x20 [ 1213.281297][T25654] ? security_bpf+0x7e/0x2d0 [ 1213.281369][T25654] __sys_bpf+0x618/0x950 [ 1213.281399][T25654] ? __pfx___sys_bpf+0x10/0x10 [ 1213.281424][T25654] ? rt_mutex_slowunlock+0x1cb/0x300 [ 1213.281466][T25654] ? ksys_write+0x248/0x270 [ 1213.281500][T25654] ? __pfx_ksys_write+0x10/0x10 [ 1213.281541][T25654] __x64_sys_bpf+0x7c/0x90 [ 1213.281567][T25654] do_syscall_64+0x14d/0xf80 [ 1213.281598][T25654] ? trace_irq_disable+0x3b/0x150 [ 1213.281624][T25654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.281648][T25654] ? clear_bhb_loop+0x40/0x90 [ 1213.281677][T25654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.281700][T25654] RIP: 0033:0x7f338262c799 [ 1213.281721][T25654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.281742][T25654] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1213.281766][T25654] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1213.281789][T25654] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 1213.281804][T25654] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.281818][T25654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.281831][T25654] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1213.281865][T25654] [ 1213.330250][T25654] syz.6.8144: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1213.331313][T25654] CPU: 1 UID: 0 PID: 25654 Comm: syz.6.8144 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1213.331414][T25654] Tainted: [L]=SOFTLOCKUP [ 1213.331434][T25654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1213.331475][T25654] Call Trace: [ 1213.331496][T25654] [ 1213.331518][T25654] dump_stack_lvl+0xe8/0x150 [ 1213.331624][T25654] warn_alloc+0x263/0x3e0 [ 1213.331695][T25654] ? kasan_quarantine_put+0xbb/0x1f0 [ 1213.331775][T25654] ? __pfx_warn_alloc+0x10/0x10 [ 1213.331839][T25654] ? __get_vm_area_node+0x23f/0x350 [ 1213.331922][T25654] ? __get_vm_area_node+0x171/0x350 [ 1213.332005][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.332089][T25654] ? __get_vm_area_node+0x23f/0x350 [ 1213.332167][T25654] __vmalloc_node_range_noprof+0x397/0x1730 [ 1213.332220][T25654] ? __lock_acquire+0x6b5/0x2cf0 [ 1213.332309][T25654] ? kernel_text_address+0xa5/0xe0 [ 1213.332394][T25654] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1213.332479][T25654] ? arch_stack_walk+0xfb/0x150 [ 1213.332571][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.332657][T25654] __vmalloc_noprof+0xd2/0x120 [ 1213.332723][T25654] ? bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.332755][T25654] bpf_prog_alloc_no_stats+0x4a/0x4f0 [ 1213.332787][T25654] bpf_prog_alloc+0x3c/0x1a0 [ 1213.332826][T25654] bpf_prog_load+0x7ba/0x1ae0 [ 1213.332939][T25654] ? __pfx_bpf_prog_load+0x10/0x10 [ 1213.333070][T25654] ? bpf_lsm_bpf+0x9/0x20 [ 1213.333125][T25654] ? security_bpf+0x7e/0x2d0 [ 1213.333220][T25654] __sys_bpf+0x618/0x950 [ 1213.333305][T25654] ? __pfx___sys_bpf+0x10/0x10 [ 1213.333363][T25654] ? rt_mutex_slowunlock+0x1cb/0x300 [ 1213.333470][T25654] ? ksys_write+0x248/0x270 [ 1213.333565][T25654] ? __pfx_ksys_write+0x10/0x10 [ 1213.333671][T25654] __x64_sys_bpf+0x7c/0x90 [ 1213.333735][T25654] do_syscall_64+0x14d/0xf80 [ 1213.333907][T25654] ? trace_irq_disable+0x3b/0x150 [ 1213.333979][T25654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.334050][T25654] ? clear_bhb_loop+0x40/0x90 [ 1213.334123][T25654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.334185][T25654] RIP: 0033:0x7f338262c799 [ 1213.334249][T25654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.334268][T25654] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1213.334290][T25654] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1213.334335][T25654] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 1213.334391][T25654] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.334432][T25654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.334471][T25654] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1213.334572][T25654] [ 1213.371852][T25654] Mem-Info: [ 1213.371902][T25654] active_anon:3121 inactive_anon:8286 isolated_anon:0 [ 1213.371902][T25654] active_file:24036 inactive_file:38494 isolated_file:0 [ 1213.371902][T25654] unevictable:768 dirty:100 writeback:0 [ 1213.371902][T25654] slab_reclaimable:12525 slab_unreclaimable:106173 [ 1213.371902][T25654] mapped:31096 shmem:4224 pagetables:1436 [ 1213.371902][T25654] sec_pagetables:0 bounce:0 [ 1213.371902][T25654] kernel_misc_reclaimable:0 [ 1213.371902][T25654] free:1299729 free_pcp:5442 free_cma:0 [ 1213.372069][T25654] Node 0 active_anon:12484kB inactive_anon:33144kB active_file:95764kB inactive_file:153976kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124204kB dirty:400kB writeback:0kB shmem:15360kB kernel_stack:12944kB pagetables:5588kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1213.372752][T25654] Node 1 active_anon:0kB inactive_anon:0kB active_file:380kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:180kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1213.372891][T25654] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.373077][T25654] lowmem_reserve[]: 0 2506 2506 2506 2506 [ 1213.373184][T25654] Node 0 DMA32 free:1249196kB boost:0kB min:3932kB low:6468kB high:9004kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12484kB inactive_anon:33144kB active_file:95764kB inactive_file:153976kB unevictable:1536kB writepending:400kB zspages:0kB present:3129332kB managed:2566624kB mlocked:0kB bounce:0kB free_pcp:21768kB local_pcp:10640kB free_cma:0kB [ 1213.373343][T25654] lowmem_reserve[]: 0 0 0 0 0 [ 1213.373379][T25654] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:420kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.373440][T25654] lowmem_reserve[]: 0 0 0 0 0 [ 1213.373503][T25654] Node 1 Normal free:3934360kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:380kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.373672][T25654] lowmem_reserve[]: 0 0 0 0 0 [ 1213.393167][T25654] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1213.393554][T25654] Node 0 DMA32: 3635*4kB (UME) 3172*8kB (UME) 2116*16kB (UME) 761*32kB (UME) 523*64kB (UME) 331*128kB (UME) 228*256kB (UME) 164*512kB (UME) 91*1024kB (UME) 12*2048kB (M) 199*4096kB (UM) = 1249164kB [ 1213.393798][T25654] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1213.394256][T25654] Node 1 Normal: 2*4kB (UE) 4*8kB (UME) 15*16kB (UE) 10*32kB (UE) 7*64kB (UME) 7*128kB (UE) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 958*4096kB (M) = 3934360kB [ 1213.394737][T25654] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1213.394788][T25654] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1213.394832][T25654] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1213.394884][T25654] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1213.394929][T25654] 66750 total pagecache pages [ 1213.394971][T25654] 0 pages in swap cache [ 1213.394993][T25654] Free swap = 124996kB [ 1213.395015][T25654] Total swap = 124996kB [ 1213.395038][T25654] 2097051 pages RAM [ 1213.395059][T25654] 0 pages HighMem/MovableOnly [ 1213.395080][T25654] 423675 pages reserved [ 1213.395102][T25654] 0 pages cma reserved [ 1213.625571][ T8866] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1214.557958][ T5861] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1214.583264][ T5776] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1214.584417][ T6007] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1214.722709][ T5861] usb 3-1: Using ep0 maxpacket: 8 [ 1214.728356][ T5861] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1214.728395][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1214.728410][ T5861] usb 3-1: Product: syz [ 1214.728420][ T5861] usb 3-1: Manufacturer: syz [ 1214.728431][ T5861] usb 3-1: SerialNumber: syz [ 1214.796563][ T5861] usb 3-1: config 0 descriptor?? [ 1214.816407][ T5861] gspca_main: se401-2.14.0 probing 047d:5003 [ 1215.451031][ T5861] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input27 [ 1215.592639][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1215.947630][T25656] can: request_module (can-proto-3) failed. [ 1215.983168][ T9] usb 3-1: USB disconnect, device number 50 [ 1216.843997][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1217.555262][ T5861] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1217.592635][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1217.712538][ T5861] usb 3-1: Using ep0 maxpacket: 16 [ 1217.720206][ T5861] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 1217.720238][ T5861] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1217.720259][ T5861] usb 3-1: config 0 has no interface number 0 [ 1217.737393][ T5861] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.17 [ 1217.737481][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.737544][ T5861] usb 3-1: Product: syz [ 1217.737586][ T5861] usb 3-1: Manufacturer: syz [ 1217.737620][ T5861] usb 3-1: SerialNumber: syz [ 1217.810012][ T5861] usb 3-1: config 0 descriptor?? [ 1218.304489][ T5861] uvcvideo 3-1:0.105: Found UVC 0.00 device syz (046d:08d3) [ 1218.304629][ T5861] uvcvideo 3-1:0.105: No valid video chain found. [ 1218.344851][ T5861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1218.473645][T25704] evm: overlay not supported [ 1218.491966][T25704] : renamed from vlan0 (while UP) [ 1218.590227][T25704] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8164'. [ 1219.319428][T25704] bridge0: port 2(bridge_slave_1) entered disabled state [ 1219.323256][T25704] bridge0: port 1(bridge_slave_0) entered disabled state [ 1220.209437][T25767] overlayfs: missing 'workdir' [ 1222.009944][T25704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1222.059725][T25704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1222.972430][ T6007] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1223.122369][ T6007] usb 6-1: Using ep0 maxpacket: 8 [ 1223.131046][ T6007] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1223.131079][ T6007] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1223.131101][ T6007] usb 6-1: Product: syz [ 1223.131117][ T6007] usb 6-1: Manufacturer: syz [ 1223.131132][ T6007] usb 6-1: SerialNumber: syz [ 1223.176943][ T6007] usb 6-1: config 0 descriptor?? [ 1223.357422][ T8866] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.365804][ T8866] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.365853][ T8866] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.365895][ T8866] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.401195][ T6007] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 1223.586935][ T9] usb 3-1: USB disconnect, device number 51 [ 1223.733885][ T6007] usb write operation failed. (-71) [ 1223.740046][ T6007] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1223.740874][ T6007] dvbdev: DVB: registering new adapter (Terratec H7) [ 1223.740930][ T6007] usb 6-1: media controller created [ 1223.773595][ T6007] usb read operation failed. (-71) [ 1223.776346][ T6007] usb write operation failed. (-71) [ 1223.818283][ T6007] dvb_usb_az6007 6-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 1223.858792][ T6007] usb 6-1: USB disconnect, device number 38 [ 1223.902674][T25809] udevd[25809]: setting mode of /dev/bus/usb/006/038 to 020664 failed: No such file or directory [ 1223.902862][T25809] udevd[25809]: setting owner of /dev/bus/usb/006/038 to uid=0, gid=0 failed: No such file or directory [ 1226.444734][T25882] netlink: 64 bytes leftover after parsing attributes in process `syz.2.8236'. [ 1227.292579][ T9] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1227.452335][ T9] usb 7-1: device descriptor read/64, error -71 [ 1227.702319][ T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 1227.802417][ T5776] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 1227.832325][ T9] usb 7-1: device descriptor read/64, error -71 [ 1227.943355][ T9] usb usb7-port1: attempt power cycle [ 1227.962323][ T5776] usb 6-1: Using ep0 maxpacket: 8 [ 1227.964796][ T5776] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1227.964855][ T5776] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1227.964883][ T5776] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1228.170523][ T5776] usb 6-1: config 0 descriptor?? [ 1228.176645][ T5776] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1228.274305][T25910] lo speed is unknown, defaulting to 1000 [ 1228.276874][T25910] lo speed is unknown, defaulting to 1000 [ 1228.292617][T25910] lo speed is unknown, defaulting to 1000 [ 1228.499765][T25910] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1228.875097][T25911] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1229.014537][T25910] lo speed is unknown, defaulting to 1000 [ 1229.019507][T25910] lo speed is unknown, defaulting to 1000 [ 1229.024380][T25910] lo speed is unknown, defaulting to 1000 [ 1229.029337][T25910] lo speed is unknown, defaulting to 1000 [ 1229.034259][T25910] lo speed is unknown, defaulting to 1000 [ 1229.076933][ T5776] gspca_vc032x: reg_r err -110 [ 1229.077026][ T5776] vc032x 6-1:0.0: probe with driver vc032x failed with error -110 [ 1229.170807][ T9] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1229.203328][ T9] usb 7-1: device descriptor read/8, error -71 [ 1229.462611][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1229.491430][ T9] usb 7-1: device descriptor read/8, error -71 [ 1229.592839][ T9] usb usb7-port1: unable to enumerate USB device [ 1231.084525][ T9] usb 6-1: USB disconnect, device number 39 [ 1231.325533][T25959] sctp: [Deprecated]: syz.0.8270 (pid 25959) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1231.325533][T25959] Use struct sctp_sack_info instead [ 1232.722339][ T808] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 1233.036249][ T808] usb 6-1: config 0 has an invalid interface number: 205 but max is 0 [ 1233.036279][ T808] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1233.036300][ T808] usb 6-1: config 0 has no interface number 0 [ 1233.036352][ T808] usb 6-1: config 0 interface 205 has no altsetting 0 [ 1233.041962][ T808] usb 6-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 1233.041994][ T808] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.042016][ T808] usb 6-1: Product: syz [ 1233.042032][ T808] usb 6-1: Manufacturer: syz [ 1233.042047][ T808] usb 6-1: SerialNumber: syz [ 1233.127206][ T808] usb 6-1: config 0 descriptor?? [ 1233.156760][ T808] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 1233.156847][ T808] dvb-usb: bulk message failed: -22 (3/0) [ 1233.187046][ T808] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1233.188181][ T808] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 1233.188255][ T808] usb 6-1: media controller created [ 1233.218157][ T808] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1233.238131][ T808] dvb-usb: bulk message failed: -22 (6/0) [ 1233.238288][ T808] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 1233.265090][ T808] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input28 [ 1233.283960][ T808] dvb-usb: schedule remote query interval to 150 msecs. [ 1233.284023][ T808] dvb-usb: bulk message failed: -22 (3/0) [ 1233.305209][ T808] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 1233.447793][ T808] dvb-usb: bulk message failed: -22 (1/0) [ 1233.447849][ T808] dvb-usb: error while querying for an remote control event. [ 1233.602745][ T808] dvb-usb: bulk message failed: -22 (1/0) [ 1233.602781][ T808] dvb-usb: error while querying for an remote control event. [ 1233.755296][ T9] usb 6-1: USB disconnect, device number 40 [ 1233.945043][ T9] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 1235.388279][T26047] FAULT_INJECTION: forcing a failure. [ 1235.388279][T26047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1235.388319][T26047] CPU: 0 UID: 0 PID: 26047 Comm: syz.0.8308 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1235.388350][T26047] Tainted: [L]=SOFTLOCKUP [ 1235.388359][T26047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1235.388373][T26047] Call Trace: [ 1235.388381][T26047] [ 1235.388391][T26047] dump_stack_lvl+0xe8/0x150 [ 1235.388432][T26047] should_fail_ex+0x46b/0x600 [ 1235.388475][T26047] _copy_to_user+0x31/0xb0 [ 1235.388506][T26047] iommufd_vfio_ioctl+0x11ce/0x1400 [ 1235.388682][T26047] ? __pfx_iommufd_vfio_ioctl+0x10/0x10 [ 1235.388718][T26047] ? tomoyo_path_number_perm+0x219/0x630 [ 1235.388753][T26047] ? do_vfs_ioctl+0x117b/0x1540 [ 1235.388793][T26047] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1235.388858][T26047] iommufd_fops_ioctl+0x13d/0x5d0 [ 1235.388886][T26047] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 1235.388920][T26047] ? __rcu_read_unlock+0x83/0xe0 [ 1235.388954][T26047] ? __fget_files+0x2a/0x420 [ 1235.388981][T26047] ? __fget_files+0x3a6/0x420 [ 1235.389007][T26047] ? __fget_files+0x2a/0x420 [ 1235.389039][T26047] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1235.389063][T26047] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 1235.389088][T26047] __se_sys_ioctl+0xff/0x170 [ 1235.389125][T26047] do_syscall_64+0x14d/0xf80 [ 1235.389157][T26047] ? trace_irq_disable+0x3b/0x150 [ 1235.389184][T26047] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.389207][T26047] ? clear_bhb_loop+0x40/0x90 [ 1235.389235][T26047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.389258][T26047] RIP: 0033:0x7f436492c799 [ 1235.389279][T26047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1235.389300][T26047] RSP: 002b:00007f4362b86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1235.389324][T26047] RAX: ffffffffffffffda RBX: 00007f4364ba5fa0 RCX: 00007f436492c799 [ 1235.389340][T26047] RDX: 0000200000000000 RSI: 0000000000003b72 RDI: 0000000000000003 [ 1235.389355][T26047] RBP: 00007f4362b86090 R08: 0000000000000000 R09: 0000000000000000 [ 1235.389368][T26047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1235.389381][T26047] R13: 00007f4364ba6038 R14: 00007f4364ba5fa0 R15: 00007ffff9ac2258 [ 1235.389416][T26047] [ 1235.749643][T26057] FAULT_INJECTION: forcing a failure. [ 1235.749643][T26057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1235.749685][T26057] CPU: 0 UID: 0 PID: 26057 Comm: syz.0.8312 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1235.749728][T26057] Tainted: [L]=SOFTLOCKUP [ 1235.749736][T26057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1235.749755][T26057] Call Trace: [ 1235.749763][T26057] [ 1235.749774][T26057] dump_stack_lvl+0xe8/0x150 [ 1235.749814][T26057] should_fail_ex+0x46b/0x600 [ 1235.749859][T26057] _copy_from_user+0x2d/0xb0 [ 1235.749890][T26057] do_fcntl+0x669/0x19e0 [ 1235.749931][T26057] ? smack_file_fcntl+0x150/0x320 [ 1235.749960][T26057] ? __pfx_do_fcntl+0x10/0x10 [ 1235.749992][T26057] ? __pfx_smack_file_fcntl+0x10/0x10 [ 1235.750023][T26057] ? __fget_files+0x2a/0x420 [ 1235.750050][T26057] ? bpf_lsm_file_fcntl+0x9/0x20 [ 1235.750072][T26057] __se_sys_fcntl+0xcb/0x160 [ 1235.750101][T26057] do_syscall_64+0x14d/0xf80 [ 1235.750126][T26057] ? trace_irq_disable+0x3b/0x150 [ 1235.750148][T26057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.750167][T26057] ? clear_bhb_loop+0x40/0x90 [ 1235.750189][T26057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.750207][T26057] RIP: 0033:0x7f436492c799 [ 1235.750226][T26057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1235.750242][T26057] RSP: 002b:00007f4362b86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1235.750262][T26057] RAX: ffffffffffffffda RBX: 00007f4364ba5fa0 RCX: 00007f436492c799 [ 1235.750275][T26057] RDX: 0000000000000000 RSI: 0000000000000410 RDI: 0000000000000003 [ 1235.750287][T26057] RBP: 00007f4362b86090 R08: 0000000000000000 R09: 0000000000000000 [ 1235.750298][T26057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1235.750309][T26057] R13: 00007f4364ba6038 R14: 00007f4364ba5fa0 R15: 00007ffff9ac2258 [ 1235.750336][T26057] [ 1236.029709][ T5861] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 1236.880215][ T5861] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1236.880977][ T5861] usb 3-1: not running at top speed; connect to a high speed hub [ 1236.886463][ T5861] usb 3-1: config 12 has an invalid descriptor of length 48, skipping remainder of the config [ 1236.886520][ T5861] usb 3-1: config 12 interface 0 altsetting 7 endpoint 0x8 has invalid maxpacket 12336, setting to 64 [ 1236.886551][ T5861] usb 3-1: config 12 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1236.886580][ T5861] usb 3-1: config 12 interface 0 has no altsetting 0 [ 1236.996624][ T5861] usb 3-1: string descriptor 0 read error: -22 [ 1236.996786][ T5861] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1236.996813][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.080027][ T5861] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1237.080104][ T5861] usb 3-1: selecting invalid altsetting 0 [ 1237.605868][ T5861] usb 3-1: USB disconnect, device number 52 [ 1238.798751][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1241.140713][T26174] FAULT_INJECTION: forcing a failure. [ 1241.140713][T26174] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.140744][T26174] CPU: 0 UID: 0 PID: 26174 Comm: syz.6.8363 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1241.140774][T26174] Tainted: [L]=SOFTLOCKUP [ 1241.140781][T26174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1241.140794][T26174] Call Trace: [ 1241.140802][T26174] [ 1241.140809][T26174] dump_stack_lvl+0xe8/0x150 [ 1241.140838][T26174] should_fail_ex+0x46b/0x600 [ 1241.140870][T26174] should_failslab+0xa8/0x100 [ 1241.140899][T26174] kmem_cache_alloc_noprof+0x87/0x680 [ 1241.140924][T26174] ? lockdep_hardirqs_on+0x7a/0x110 [ 1241.140946][T26174] ? do_getname+0x2e/0x250 [ 1241.141040][T26174] do_getname+0x2e/0x250 [ 1241.141056][T26174] ? getname_flags+0x11/0x20 [ 1241.141081][T26174] do_sys_openat2+0xca/0x200 [ 1241.141103][T26174] ? __pfx_do_sys_openat2+0x10/0x10 [ 1241.141124][T26174] ? ksys_write+0x248/0x270 [ 1241.141148][T26174] ? __pfx_ksys_write+0x10/0x10 [ 1241.141174][T26174] __x64_sys_openat+0x138/0x170 [ 1241.141198][T26174] do_syscall_64+0x14d/0xf80 [ 1241.141220][T26174] ? trace_irq_disable+0x3b/0x150 [ 1241.141239][T26174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.141255][T26174] ? clear_bhb_loop+0x40/0x90 [ 1241.141275][T26174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.141291][T26174] RIP: 0033:0x7f338262c799 [ 1241.141307][T26174] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1241.141321][T26174] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1241.141338][T26174] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1241.141350][T26174] RDX: 0000000000084540 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1241.141361][T26174] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1241.141371][T26174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1241.141380][T26174] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1241.141404][T26174] [ 1242.883797][T26185] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1242.883825][T26185] UDF-fs: Scanning with blocksize 512 failed [ 1243.014550][T26201] sctp: [Deprecated]: syz.4.8372 (pid 26201) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1243.014550][T26201] Use struct sctp_sack_info instead [ 1243.154366][T26185] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1243.154405][T26185] UDF-fs: Scanning with blocksize 1024 failed [ 1243.154922][T26185] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1243.154941][T26185] UDF-fs: Scanning with blocksize 2048 failed [ 1243.155265][T26185] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 1243.155283][T26185] UDF-fs: Scanning with blocksize 4096 failed [ 1243.352729][T26212] FAULT_INJECTION: forcing a failure. [ 1243.352729][T26212] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1243.352767][T26212] CPU: 1 UID: 0 PID: 26212 Comm: syz.6.8377 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1243.352789][T26212] Tainted: [L]=SOFTLOCKUP [ 1243.352795][T26212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1243.352805][T26212] Call Trace: [ 1243.352811][T26212] [ 1243.352818][T26212] dump_stack_lvl+0xe8/0x150 [ 1243.352848][T26212] should_fail_ex+0x46b/0x600 [ 1243.352891][T26212] _copy_to_user+0x31/0xb0 [ 1243.352914][T26212] simple_read_from_buffer+0xe1/0x170 [ 1243.352938][T26212] proc_fail_nth_read+0x1be/0x230 [ 1243.352961][T26212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1243.352982][T26212] ? rw_verify_area+0x2ac/0x4e0 [ 1243.353004][T26212] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1243.353028][T26212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1243.353048][T26212] vfs_read+0x212/0xa80 [ 1243.353078][T26212] ? __pfx_vfs_read+0x10/0x10 [ 1243.353103][T26212] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1243.353125][T26212] ? lockdep_hardirqs_on+0x7a/0x110 [ 1243.353149][T26212] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1243.353171][T26212] ? mutex_lock_nested+0x152/0x1d0 [ 1243.353188][T26212] ? fdget_pos+0x252/0x320 [ 1243.353214][T26212] ksys_read+0x156/0x270 [ 1243.353240][T26212] ? __pfx_ksys_read+0x10/0x10 [ 1243.353272][T26212] do_syscall_64+0x14d/0xf80 [ 1243.353293][T26212] ? trace_irq_disable+0x3b/0x150 [ 1243.353312][T26212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.353329][T26212] ? clear_bhb_loop+0x40/0x90 [ 1243.353349][T26212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.353365][T26212] RIP: 0033:0x7f33825ecfce [ 1243.353381][T26212] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1243.353395][T26212] RSP: 002b:00007f3380885fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1243.353412][T26212] RAX: ffffffffffffffda RBX: 00007f33808866c0 RCX: 00007f33825ecfce [ 1243.353424][T26212] RDX: 000000000000000f RSI: 00007f33808860a0 RDI: 0000000000000004 [ 1243.353434][T26212] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1243.353444][T26212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.353453][T26212] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1243.353479][T26212] [ 1244.531081][ T5883] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1244.684777][ T5883] usb 6-1: Using ep0 maxpacket: 8 [ 1244.690880][ T5883] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1244.690914][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1244.690937][ T5883] usb 6-1: Product: syz [ 1244.690954][ T5883] usb 6-1: Manufacturer: syz [ 1244.690970][ T5883] usb 6-1: SerialNumber: syz [ 1244.802524][ T5883] usb 6-1: config 0 descriptor?? [ 1244.816389][ T5883] gspca_main: se401-2.14.0 probing 047d:5003 [ 1244.979283][T18176] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1245.565481][ T5883] input: se401 as /devices/platform/dummy_hcd.5/usb6/6-1/input/input29 [ 1245.921175][T26241] can: request_module (can-proto-3) failed. [ 1245.929372][ T5861] usb 6-1: USB disconnect, device number 41 [ 1247.395733][T26327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8425'. [ 1247.493108][T26340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8425'. [ 1247.493133][T26340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8425'. [ 1247.498255][T26327] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1247.654954][T26340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1247.862300][T26340] bond2: (slave bond0): Enslaving as an active interface with a down link [ 1248.722770][T26351] FAULT_INJECTION: forcing a failure. [ 1248.722770][T26351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1248.722810][T26351] CPU: 0 UID: 0 PID: 26351 Comm: syz.6.8435 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1248.722842][T26351] Tainted: [L]=SOFTLOCKUP [ 1248.722850][T26351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1248.722865][T26351] Call Trace: [ 1248.722875][T26351] [ 1248.722884][T26351] dump_stack_lvl+0xe8/0x150 [ 1248.722926][T26351] should_fail_ex+0x46b/0x600 [ 1248.722973][T26351] _copy_to_user+0x31/0xb0 [ 1248.723005][T26351] simple_read_from_buffer+0xe1/0x170 [ 1248.723040][T26351] proc_fail_nth_read+0x1be/0x230 [ 1248.723072][T26351] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1248.723103][T26351] ? rw_verify_area+0x2ac/0x4e0 [ 1248.723154][T26351] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1248.723184][T26351] vfs_read+0x212/0xa80 [ 1248.723227][T26351] ? __pfx_vfs_read+0x10/0x10 [ 1248.723264][T26351] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1248.723298][T26351] ? lockdep_hardirqs_on+0x7a/0x110 [ 1248.723331][T26351] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1248.723364][T26351] ? mutex_lock_nested+0x152/0x1d0 [ 1248.723388][T26351] ? fdget_pos+0x252/0x320 [ 1248.723434][T26351] ksys_read+0x156/0x270 [ 1248.723469][T26351] ? __pfx_ksys_read+0x10/0x10 [ 1248.723516][T26351] do_syscall_64+0x14d/0xf80 [ 1248.723547][T26351] ? trace_irq_disable+0x3b/0x150 [ 1248.723574][T26351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.723598][T26351] ? clear_bhb_loop+0x40/0x90 [ 1248.723628][T26351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.723651][T26351] RIP: 0033:0x7f33825ecfce [ 1248.723672][T26351] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1248.723692][T26351] RSP: 002b:00007f3380885fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1248.723716][T26351] RAX: ffffffffffffffda RBX: 00007f33808866c0 RCX: 00007f33825ecfce [ 1248.723733][T26351] RDX: 000000000000000f RSI: 00007f33808860a0 RDI: 0000000000000004 [ 1248.723747][T26351] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1248.723761][T26351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1248.723774][T26351] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1248.723811][T26351] [ 1249.170123][T26365] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8441'. [ 1249.748847][ T5861] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 1249.905955][ T5861] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 1249.905987][ T5861] usb 6-1: config 0 has no interface number 0 [ 1249.906036][ T5861] usb 6-1: config 0 interface 41 has no altsetting 0 [ 1249.910595][ T5861] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1249.910627][ T5861] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.910650][ T5861] usb 6-1: Product: syz [ 1249.910666][ T5861] usb 6-1: Manufacturer: syz [ 1249.910681][ T5861] usb 6-1: SerialNumber: syz [ 1249.974844][ T5861] usb 6-1: config 0 descriptor?? [ 1251.776099][ T5861] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 1252.473903][T26446] siw: device registration error -23 [ 1253.698195][ T5861] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9 [ 1253.698651][ T5861] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9 [ 1253.698938][ T5861] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71 [ 1253.746453][ T5861] usb 6-1: USB disconnect, device number 42 [ 1254.789313][T26483] netlink: 64 bytes leftover after parsing attributes in process `syz.5.8488'. [ 1256.336777][T26515] FAULT_INJECTION: forcing a failure. [ 1256.336777][T26515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1256.336819][T26515] CPU: 0 UID: 0 PID: 26515 Comm: syz.2.8506 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1256.336849][T26515] Tainted: [L]=SOFTLOCKUP [ 1256.336858][T26515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1256.336871][T26515] Call Trace: [ 1256.336880][T26515] [ 1256.336890][T26515] dump_stack_lvl+0xe8/0x150 [ 1256.336943][T26515] should_fail_ex+0x46b/0x600 [ 1256.336989][T26515] _copy_from_user+0x2d/0xb0 [ 1256.337019][T26515] ___sys_sendmsg+0x1c6/0x360 [ 1256.337061][T26515] ? __pfx____sys_sendmsg+0x10/0x10 [ 1256.337128][T26515] ? __fget_files+0x2a/0x420 [ 1256.337156][T26515] ? __fget_files+0x3a6/0x420 [ 1256.337194][T26515] __x64_sys_sendmsg+0x1c3/0x2a0 [ 1256.337231][T26515] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1256.337273][T26515] ? __pfx_ksys_write+0x10/0x10 [ 1256.337319][T26515] do_syscall_64+0x14d/0xf80 [ 1256.337351][T26515] ? trace_irq_disable+0x3b/0x150 [ 1256.337377][T26515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.337400][T26515] ? clear_bhb_loop+0x40/0x90 [ 1256.337428][T26515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.337450][T26515] RIP: 0033:0x7fcb4afec799 [ 1256.337470][T26515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1256.337490][T26515] RSP: 002b:00007fcb4923e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1256.337513][T26515] RAX: ffffffffffffffda RBX: 00007fcb4b265fa0 RCX: 00007fcb4afec799 [ 1256.337529][T26515] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1256.337542][T26515] RBP: 00007fcb4923e090 R08: 0000000000000000 R09: 0000000000000000 [ 1256.337556][T26515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1256.337568][T26515] R13: 00007fcb4b266038 R14: 00007fcb4b265fa0 R15: 00007ffcf21c7248 [ 1256.337602][T26515] [ 1256.989577][T26522] can: request_module (can-proto-3) failed. [ 1257.151540][ T5861] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1257.303049][ T5861] usb 3-1: Using ep0 maxpacket: 32 [ 1257.310704][ T5861] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1257.310736][ T5861] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1257.310760][ T5861] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1257.310784][ T5861] usb 3-1: config 1 has no interface number 0 [ 1257.310832][ T5861] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1257.310862][ T5861] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1257.310909][ T5861] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1257.310935][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1257.434825][ T5861] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1257.620905][ T5861] snd_usb_pod 3-1:1.1: invalid control EP [ 1257.620923][ T5861] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 1257.621141][ T5861] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1257.621540][ T5861] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1257.842378][ T5883] usb 3-1: USB disconnect, device number 53 [ 1258.162372][T26577] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 1259.283361][T26612] netlink: 64 bytes leftover after parsing attributes in process `syz.5.8548'. [ 1261.136178][T26654] netlink: 'syz.4.8568': attribute type 2 has an invalid length. [ 1261.323111][T26654] : entered promiscuous mode [ 1262.759744][T26693] FAULT_INJECTION: forcing a failure. [ 1262.759744][T26693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1262.759786][T26693] CPU: 1 UID: 0 PID: 26693 Comm: syz.6.8586 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1262.759817][T26693] Tainted: [L]=SOFTLOCKUP [ 1262.759825][T26693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1262.759840][T26693] Call Trace: [ 1262.759848][T26693] [ 1262.759858][T26693] dump_stack_lvl+0xe8/0x150 [ 1262.759898][T26693] should_fail_ex+0x46b/0x600 [ 1262.759942][T26693] strncpy_from_user+0x36/0x2b0 [ 1262.759982][T26693] do_getname+0x77/0x250 [ 1262.760013][T26693] do_sys_openat2+0xca/0x200 [ 1262.760044][T26693] ? __pfx_do_sys_openat2+0x10/0x10 [ 1262.760072][T26693] ? ksys_write+0x248/0x270 [ 1262.760108][T26693] ? __pfx_ksys_write+0x10/0x10 [ 1262.760144][T26693] __x64_sys_openat+0x138/0x170 [ 1262.760178][T26693] do_syscall_64+0x14d/0xf80 [ 1262.760209][T26693] ? trace_irq_disable+0x3b/0x150 [ 1262.760235][T26693] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1262.760258][T26693] ? clear_bhb_loop+0x40/0x90 [ 1262.760286][T26693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1262.760310][T26693] RIP: 0033:0x7f338262c799 [ 1262.760330][T26693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1262.760350][T26693] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1262.760375][T26693] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1262.760392][T26693] RDX: 0000000000084540 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1262.760408][T26693] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1262.760422][T26693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1262.760435][T26693] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1262.760469][T26693] [ 1263.140199][T26696] netlink: 148 bytes leftover after parsing attributes in process `syz.5.8587'. [ 1263.140281][T26696] netlink: 'syz.5.8587': attribute type 2 has an invalid length. [ 1265.789739][T26737] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8604'. [ 1268.229125][T26765] can: request_module (can-proto-3) failed. [ 1268.669936][T21729] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1268.800567][T21729] usb 1-1: device descriptor read/64, error -71 [ 1269.045759][T21729] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1269.049160][T26800] netlink: 'syz.2.8630': attribute type 2 has an invalid length. [ 1269.450330][T26800] : entered promiscuous mode [ 1269.462056][T26804] FAULT_INJECTION: forcing a failure. [ 1269.462056][T26804] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.462096][T26804] CPU: 0 UID: 0 PID: 26804 Comm: syz.6.8631 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1269.462128][T26804] Tainted: [L]=SOFTLOCKUP [ 1269.462136][T26804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1269.462149][T26804] Call Trace: [ 1269.462158][T26804] [ 1269.462177][T26804] dump_stack_lvl+0xe8/0x150 [ 1269.462218][T26804] should_fail_ex+0x46b/0x600 [ 1269.462264][T26804] should_failslab+0xa8/0x100 [ 1269.462302][T26804] __kmalloc_cache_noprof+0x84/0x690 [ 1269.462339][T26804] ? __smc_connect+0xc15/0x2880 [ 1269.462373][T26804] __smc_connect+0xc15/0x2880 [ 1269.462410][T26804] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 1269.462444][T26804] ? lockdep_hardirqs_on+0x7a/0x110 [ 1269.462482][T26804] smc_connect+0x877/0xd90 [ 1269.462527][T26804] __sys_connect+0x315/0x450 [ 1269.462568][T26804] ? __pfx___sys_connect+0x10/0x10 [ 1269.462611][T26804] ? __pfx_ksys_write+0x10/0x10 [ 1269.462655][T26804] __x64_sys_connect+0x7a/0x90 [ 1269.462685][T26804] do_syscall_64+0x14d/0xf80 [ 1269.462715][T26804] ? trace_irq_disable+0x3b/0x150 [ 1269.462742][T26804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1269.462766][T26804] ? clear_bhb_loop+0x40/0x90 [ 1269.462801][T26804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1269.462825][T26804] RIP: 0033:0x7f338262c799 [ 1269.462846][T26804] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1269.462866][T26804] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1269.462889][T26804] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1269.462905][T26804] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 1269.462919][T26804] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1269.462933][T26804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1269.462946][T26804] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1269.462981][T26804] [ 1269.632966][T21729] usb 1-1: device descriptor read/64, error -71 [ 1269.940807][T21729] usb usb1-port1: attempt power cycle [ 1270.288939][T21729] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1270.310104][T21729] usb 1-1: device descriptor read/8, error -71 [ 1270.421910][ T5861] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1270.549198][T21729] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1270.569388][ T5861] usb 3-1: Using ep0 maxpacket: 8 [ 1270.572602][T21729] usb 1-1: device descriptor read/8, error -71 [ 1270.574663][ T5861] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1270.574692][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1270.574714][ T5861] usb 3-1: Product: syz [ 1270.574729][ T5861] usb 3-1: Manufacturer: syz [ 1270.574745][ T5861] usb 3-1: SerialNumber: syz [ 1270.601509][ T5861] usb 3-1: config 0 descriptor?? [ 1270.652699][ T5861] gspca_main: se401-2.14.0 probing 047d:5003 [ 1270.680177][T21729] usb usb1-port1: unable to enumerate USB device [ 1270.972116][T26842] FAULT_INJECTION: forcing a failure. [ 1270.972116][T26842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1270.972299][T26842] CPU: 0 UID: 0 PID: 26842 Comm: syz.6.8648 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1270.972334][T26842] Tainted: [L]=SOFTLOCKUP [ 1270.972342][T26842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1270.972357][T26842] Call Trace: [ 1270.972366][T26842] [ 1270.972376][T26842] dump_stack_lvl+0xe8/0x150 [ 1270.972415][T26842] should_fail_ex+0x46b/0x600 [ 1270.972459][T26842] _copy_to_user+0x31/0xb0 [ 1270.972492][T26842] simple_read_from_buffer+0xe1/0x170 [ 1270.972527][T26842] proc_fail_nth_read+0x1be/0x230 [ 1270.972557][T26842] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1270.972588][T26842] ? rw_verify_area+0x2ac/0x4e0 [ 1270.972628][T26842] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1270.972658][T26842] vfs_read+0x212/0xa80 [ 1270.972701][T26842] ? __pfx_vfs_read+0x10/0x10 [ 1270.972738][T26842] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1270.972771][T26842] ? lockdep_hardirqs_on+0x7a/0x110 [ 1270.972802][T26842] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1270.972835][T26842] ? mutex_lock_nested+0x152/0x1d0 [ 1270.972860][T26842] ? fdget_pos+0x252/0x320 [ 1270.972899][T26842] ksys_read+0x156/0x270 [ 1270.972935][T26842] ? __pfx_ksys_read+0x10/0x10 [ 1270.972979][T26842] do_syscall_64+0x14d/0xf80 [ 1270.973012][T26842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.973035][T26842] ? clear_bhb_loop+0x40/0x90 [ 1270.973063][T26842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.973086][T26842] RIP: 0033:0x7f33825ecfce [ 1270.973107][T26842] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1270.973124][T26842] RSP: 002b:00007f3380864fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1270.973148][T26842] RAX: ffffffffffffffda RBX: 00007f33808656c0 RCX: 00007f33825ecfce [ 1270.973165][T26842] RDX: 000000000000000f RSI: 00007f33808650a0 RDI: 0000000000000006 [ 1270.973179][T26842] RBP: 00007f3380865090 R08: 0000000000000000 R09: 0000000000000000 [ 1270.973192][T26842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1270.973205][T26842] R13: 00007f33828a6128 R14: 00007f33828a6090 R15: 00007ffcc2846668 [ 1270.973245][T26842] [ 1272.853944][ T5861] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input30 [ 1273.291019][T26850] can: request_module (can-proto-3) failed. [ 1273.302094][ T808] usb 3-1: USB disconnect, device number 54 [ 1273.656226][ T5995] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1273.813080][ T5995] usb 6-1: Using ep0 maxpacket: 32 [ 1273.815833][ T5995] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 1273.815866][ T5995] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1273.815888][ T5995] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1273.815912][ T5995] usb 6-1: config 1 has no interface number 0 [ 1273.815958][ T5995] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1273.815983][ T5995] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1273.816029][ T5995] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1273.816054][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1273.921685][ T5995] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 1274.120886][ T5995] snd_usb_pod 6-1:1.1: invalid control EP [ 1274.120919][ T5995] snd_usb_pod 6-1:1.1: cannot start listening: -22 [ 1274.121220][ T5995] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 1274.121786][ T5995] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1274.351838][ T5995] usb 6-1: USB disconnect, device number 43 [ 1276.070769][T21729] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 1276.170774][ T5776] usb 6-1: new full-speed USB device number 44 using dummy_hcd [ 1276.233769][T21729] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1276.233837][T21729] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x4B, changing to 0xB [ 1276.233866][T21729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 1276.233895][T21729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 50562, setting to 64 [ 1276.233923][T21729] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89 [ 1276.233949][T21729] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1276.233971][T21729] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1276.236661][T21729] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.ff [ 1276.236705][T21729] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1276.236728][T21729] usb 3-1: Manufacturer: syz [ 1276.285879][T21729] usb 3-1: config 0 descriptor?? [ 1276.295672][T26914] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1276.427475][ T1410] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1276.454516][ T5776] usb 6-1: config 0 has an invalid interface number: 205 but max is 0 [ 1276.454548][ T5776] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1276.454570][ T5776] usb 6-1: config 0 has no interface number 0 [ 1276.454602][ T5776] usb 6-1: config 0 interface 205 has no altsetting 0 [ 1276.460312][ T5776] usb 6-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 1276.460347][ T5776] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1276.460370][ T5776] usb 6-1: Product: syz [ 1276.460385][ T5776] usb 6-1: Manufacturer: syz [ 1276.460401][ T5776] usb 6-1: SerialNumber: syz [ 1276.578954][T21729] usb 3-1: USB disconnect, device number 55 [ 1276.603992][ T5776] usb 6-1: config 0 descriptor?? [ 1276.650223][ T5776] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 1276.650283][ T5776] dvb-usb: bulk message failed: -22 (3/0) [ 1276.687290][ T5776] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1276.688357][ T5776] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 1276.688418][ T5776] usb 6-1: media controller created [ 1276.690716][ T5776] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1276.746273][ T5776] dvb-usb: bulk message failed: -22 (6/0) [ 1276.746360][ T5776] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 1276.751897][ T5776] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input31 [ 1276.798912][ T5776] dvb-usb: schedule remote query interval to 150 msecs. [ 1276.798971][ T5776] dvb-usb: bulk message failed: -22 (3/0) [ 1276.825572][ T5776] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 1276.954828][ T5883] dvb-usb: bulk message failed: -22 (1/0) [ 1276.954863][ T5883] dvb-usb: error while querying for an remote control event. [ 1276.984600][ T5883] usb 6-1: USB disconnect, device number 44 [ 1277.209865][ T5883] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 1277.430088][T26947] loop4: detected capacity change from 0 to 7 [ 1277.430857][T26947] buffer_io_error: 24 callbacks suppressed [ 1277.430875][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.430916][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.430954][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.430986][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431039][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431103][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431138][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431158][T26947] ldm_validate_partition_table(): Disk read failed. [ 1277.431187][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431221][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431253][T26947] Buffer I/O error on dev loop4, logical block 0, async page read [ 1277.431290][T26947] Dev loop4: unable to read RDB block 0 [ 1277.431364][T26947] loop4: unable to read partition table [ 1277.431583][T26947] loop4: partition table beyond EOD, truncated [ 1277.431602][T26947] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 1279.232408][T21729] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1279.390138][T21729] usb 3-1: Using ep0 maxpacket: 32 [ 1279.392610][T21729] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1279.392641][T21729] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1279.392664][T21729] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1279.392686][T21729] usb 3-1: config 1 has no interface number 0 [ 1279.392735][T21729] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1279.392761][T21729] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1279.392806][T21729] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1279.392831][T21729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1279.508962][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1279.657119][T21729] snd_usb_pod 3-1:1.1: invalid control EP [ 1279.657136][T21729] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 1279.657351][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1279.657728][T21729] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1280.185015][ T5995] usb 3-1: USB disconnect, device number 56 [ 1280.921397][T27026] siw: device registration error -23 [ 1280.953276][T27026] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1284.281105][ T9] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 1284.445662][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 1284.448600][ T9] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 1284.448641][ T9] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1284.448664][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1284.448687][ T9] usb 6-1: config 1 has no interface number 0 [ 1284.448736][ T9] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1284.448762][ T9] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1284.448810][ T9] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1284.448837][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1284.584707][ T9] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 1284.768175][ T9] snd_usb_pod 6-1:1.1: invalid control EP [ 1284.768199][ T9] snd_usb_pod 6-1:1.1: cannot start listening: -22 [ 1284.768506][ T9] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 1284.769072][ T9] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1284.971769][ T808] usb 6-1: USB disconnect, device number 45 [ 1286.638587][T27109] can: request_module (can-proto-3) failed. [ 1288.002767][T27161] loop4: detected capacity change from 0 to 7 [ 1288.003576][T27161] buffer_io_error: 24 callbacks suppressed [ 1288.003594][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003637][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003677][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003711][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003766][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003814][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003849][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003869][T27161] ldm_validate_partition_table(): Disk read failed. [ 1288.003898][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003933][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.003967][T27161] Buffer I/O error on dev loop4, logical block 0, async page read [ 1288.004003][T27161] Dev loop4: unable to read RDB block 0 [ 1288.004075][T27161] loop4: unable to read partition table [ 1288.004298][T27161] loop4: partition table beyond EOD, truncated [ 1288.004318][T27161] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 1289.299224][ T808] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1289.487802][ T808] usb 6-1: device descriptor read/64, error -71 [ 1289.729888][ T808] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1289.859992][ T808] usb 6-1: device descriptor read/64, error -71 [ 1289.970832][ T808] usb usb6-port1: attempt power cycle [ 1290.323225][ T808] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1290.341304][ T808] usb 6-1: device descriptor read/8, error -71 [ 1290.580963][ T808] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1290.616459][ T808] usb 6-1: device descriptor read/8, error -71 [ 1290.721591][ T808] usb usb6-port1: unable to enumerate USB device [ 1293.823216][T27293] netlink: 'syz.2.8845': attribute type 21 has an invalid length. [ 1293.970384][ T9] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1294.137075][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 1294.150461][ T9] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 1294.150490][ T9] usb 7-1: config 179 has no interface number 0 [ 1294.150536][ T9] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1294.150566][ T9] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1294.150596][ T9] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1294.150624][ T9] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1294.150649][ T9] usb 7-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1294.150680][ T9] usb 7-1: config 179 interface 65 has no altsetting 0 [ 1294.150717][ T9] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1294.150742][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1294.685596][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input32 [ 1296.023478][ T808] usb 7-1: USB disconnect, device number 20 [ 1296.096784][T21729] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1296.907892][T21729] usb 3-1: Using ep0 maxpacket: 32 [ 1298.154506][T21729] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1298.154538][T21729] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1298.154561][T21729] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1298.154586][T21729] usb 3-1: config 1 has no interface number 0 [ 1298.154631][T21729] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1298.154657][T21729] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1298.154701][T21729] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1298.154727][T21729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1298.182670][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1298.317756][T27349] loop4: detected capacity change from 0 to 7 [ 1298.318448][T27349] buffer_io_error: 24 callbacks suppressed [ 1298.329314][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339459][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339511][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339612][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339681][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339803][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339838][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339857][T27349] ldm_validate_partition_table(): Disk read failed. [ 1298.339946][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.339982][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.340017][T27349] Buffer I/O error on dev loop4, logical block 0, async page read [ 1298.340114][T27349] Dev loop4: unable to read RDB block 0 [ 1298.340190][T27349] loop4: unable to read partition table [ 1298.340605][T27349] loop4: partition table beyond EOD, truncated [ 1298.340627][T27349] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 1298.478228][T21729] snd_usb_pod 3-1:1.1: invalid control EP [ 1298.478252][T21729] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 1298.478554][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1298.496174][T21729] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1298.688914][ T5995] usb 3-1: USB disconnect, device number 57 [ 1298.983492][T27362] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1299.892749][T27370] netlink: 'syz.5.8873': attribute type 2 has an invalid length. [ 1299.950211][T27370] : entered promiscuous mode [ 1301.071216][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1301.391881][T27398] netlink: 64 bytes leftover after parsing attributes in process `syz.4.8883'. [ 1303.618421][T27441] loop4: detected capacity change from 0 to 7 [ 1303.641870][T27441] buffer_io_error: 14 callbacks suppressed [ 1303.641893][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660429][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660500][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660536][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660594][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660642][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660676][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660697][T27441] ldm_validate_partition_table(): Disk read failed. [ 1303.660726][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660760][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660794][T27441] Buffer I/O error on dev loop4, logical block 0, async page read [ 1303.660831][T27441] Dev loop4: unable to read RDB block 0 [ 1303.660903][T27441] loop4: unable to read partition table [ 1303.661126][T27441] loop4: partition table beyond EOD, truncated [ 1303.661146][T27441] loop_reread_partitions: partition scan of loop4 (Sj %`ր5) failed (rc=-5) [ 1305.942388][T27474] FAULT_INJECTION: forcing a failure. [ 1305.942388][T27474] name failslab, interval 1, probability 0, space 0, times 0 [ 1305.945212][T27474] CPU: 0 UID: 0 PID: 27474 Comm: syz.6.8917 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1305.945249][T27474] Tainted: [L]=SOFTLOCKUP [ 1305.945259][T27474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1305.945273][T27474] Call Trace: [ 1305.945283][T27474] [ 1305.945293][T27474] dump_stack_lvl+0xe8/0x150 [ 1305.945335][T27474] should_fail_ex+0x46b/0x600 [ 1305.945379][T27474] should_failslab+0xa8/0x100 [ 1305.945418][T27474] kmem_cache_alloc_noprof+0x87/0x680 [ 1305.945452][T27474] ? do_getname+0x2e/0x250 [ 1305.945481][T27474] do_getname+0x2e/0x250 [ 1305.945509][T27474] ? __se_sys_renameat2+0x28/0x2c0 [ 1305.945540][T27474] __se_sys_renameat2+0x34/0x2c0 [ 1305.945570][T27474] do_syscall_64+0x14d/0xf80 [ 1305.945601][T27474] ? trace_irq_disable+0x3b/0x150 [ 1305.945627][T27474] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.945651][T27474] ? clear_bhb_loop+0x40/0x90 [ 1305.945679][T27474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.945710][T27474] RIP: 0033:0x7f338262c799 [ 1305.945731][T27474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1305.945752][T27474] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 1305.945777][T27474] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1305.945794][T27474] RDX: ffffffffffffff9c RSI: 0000200000000700 RDI: ffffffffffffff9c [ 1305.945812][T27474] RBP: 00007f3380886090 R08: 0000000000000002 R09: 0000000000000000 [ 1305.945831][T27474] R10: 0000200000000a00 R11: 0000000000000246 R12: 0000000000000001 [ 1305.945846][T27474] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1305.945882][T27474] [ 1306.277708][T27480] netlink: 'syz.5.8918': attribute type 2 has an invalid length. [ 1307.403991][T21729] usb 7-1: new full-speed USB device number 21 using dummy_hcd [ 1307.566576][T21729] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1307.569648][T21729] usb 7-1: New USB device found, idVendor=045b, idProduct=0212, bcdDevice=bd.4e [ 1307.569682][T21729] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.569706][T21729] usb 7-1: Product: syz [ 1307.569722][T21729] usb 7-1: Manufacturer: syz [ 1307.569738][T21729] usb 7-1: SerialNumber: syz [ 1307.659789][T21729] usb 7-1: config 0 descriptor?? [ 1307.676835][T21729] upd78f0730 7-1:0.0: upd78f0730 converter detected [ 1307.704967][T21656] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1307.717663][T21729] usb 7-1: upd78f0730 converter now attached to ttyUSB0 [ 1307.867432][ T5995] usb 7-1: USB disconnect, device number 21 [ 1307.873637][ T5995] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0 [ 1307.889867][ T5995] upd78f0730 7-1:0.0: device disconnected [ 1307.914506][T21729] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1308.254267][T21729] usb 3-1: Using ep0 maxpacket: 32 [ 1308.256346][T21729] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1308.256375][T21729] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1308.256398][T21729] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1308.256420][T21729] usb 3-1: config 1 has no interface number 0 [ 1308.256467][T21729] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1308.256491][T21729] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1308.256535][T21729] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1308.256559][T21729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1308.282414][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1308.471340][T21729] snd_usb_pod 3-1:1.1: invalid control EP [ 1308.471365][T21729] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 1308.471683][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1308.472280][T21729] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1308.679606][ T5995] usb 3-1: USB disconnect, device number 58 [ 1309.026450][T27542] netlink: 148 bytes leftover after parsing attributes in process `syz.4.8947'. [ 1309.026547][T27542] netlink: 'syz.4.8947': attribute type 2 has an invalid length. [ 1313.316194][T27631] FAULT_INJECTION: forcing a failure. [ 1313.316194][T27631] name failslab, interval 1, probability 0, space 0, times 0 [ 1313.316225][T27631] CPU: 1 UID: 0 PID: 27631 Comm: syz.6.8982 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1313.316248][T27631] Tainted: [L]=SOFTLOCKUP [ 1313.316253][T27631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1313.316263][T27631] Call Trace: [ 1313.316269][T27631] [ 1313.316276][T27631] dump_stack_lvl+0xe8/0x150 [ 1313.316307][T27631] should_fail_ex+0x46b/0x600 [ 1313.316339][T27631] should_failslab+0xa8/0x100 [ 1313.316367][T27631] kmem_cache_alloc_noprof+0x87/0x680 [ 1313.316392][T27631] ? alloc_empty_file+0x55/0x1d0 [ 1313.316486][T27631] alloc_empty_file+0x55/0x1d0 [ 1313.316506][T27631] path_openat+0x11b/0x38a0 [ 1313.316537][T27631] ? try_to_take_rt_mutex+0x840/0xb00 [ 1313.316556][T27631] ? arch_stack_walk+0xfb/0x150 [ 1313.316579][T27631] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 1313.316605][T27631] ? __pfx_path_openat+0x10/0x10 [ 1313.316629][T27631] ? __lock_acquire+0x6b5/0x2cf0 [ 1313.316647][T27631] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 1313.316676][T27631] ? do_raw_spin_lock+0x12b/0x2f0 [ 1313.316706][T27631] do_file_open+0x23e/0x4a0 [ 1313.316729][T27631] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1313.316755][T27631] ? __pfx_do_file_open+0x10/0x10 [ 1313.316779][T27631] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1313.316857][T27631] ? alloc_fd+0x64e/0x6c0 [ 1313.316896][T27631] do_sys_openat2+0x113/0x200 [ 1313.316925][T27631] ? __pfx_do_sys_openat2+0x10/0x10 [ 1313.316954][T27631] ? ksys_write+0x248/0x270 [ 1313.316987][T27631] ? __pfx_ksys_write+0x10/0x10 [ 1313.317023][T27631] __x64_sys_openat+0x138/0x170 [ 1313.317056][T27631] do_syscall_64+0x14d/0xf80 [ 1313.317088][T27631] ? trace_irq_disable+0x3b/0x150 [ 1313.317114][T27631] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.317139][T27631] ? clear_bhb_loop+0x40/0x90 [ 1313.317167][T27631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.317192][T27631] RIP: 0033:0x7f338262c799 [ 1313.317214][T27631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1313.317235][T27631] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1313.317259][T27631] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1313.317276][T27631] RDX: 0000000000084540 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1313.317293][T27631] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1313.317307][T27631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1313.317321][T27631] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1313.317356][T27631] [ 1314.246487][T21729] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1314.409544][T21729] usb 3-1: Using ep0 maxpacket: 32 [ 1314.412091][T21729] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 1314.412122][T21729] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1314.412146][T21729] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1314.412170][T21729] usb 3-1: config 1 has no interface number 0 [ 1314.412241][T21729] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1314.412266][T21729] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1314.412312][T21729] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1314.412336][T21729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1314.540116][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 1314.680278][T21729] snd_usb_pod 3-1:1.1: invalid control EP [ 1314.680309][T21729] snd_usb_pod 3-1:1.1: cannot start listening: -22 [ 1314.680685][T21729] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 1314.681359][T21729] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1314.741127][T27672] sch_tbf: burst 240 is lower than device lo mtu (65550) ! [ 1314.886498][ T5883] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 1314.908109][T21729] usb 3-1: USB disconnect, device number 59 [ 1315.036611][T27678] netlink: 'syz.4.9002': attribute type 2 has an invalid length. [ 1315.043446][ T5883] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1315.043484][ T5883] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1315.084603][ T5883] usb 7-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 1315.084634][ T5883] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1315.084657][ T5883] usb 7-1: Product: syz [ 1315.084672][ T5883] usb 7-1: Manufacturer: syz [ 1315.084688][ T5883] usb 7-1: SerialNumber: syz [ 1315.122396][ T5883] usb 7-1: config 0 descriptor?? [ 1316.585365][T27692] siw: device registration error -23 [ 1316.587771][T27692] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1317.087748][ T5883] usb 7-1: USB disconnect, device number 22 [ 1317.261398][T27710] siw: device registration error -23 [ 1319.938021][T21729] usb 3-1: new full-speed USB device number 60 using dummy_hcd [ 1319.938345][ T5883] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 1320.090246][T21729] usb 3-1: config 0 has an invalid interface number: 205 but max is 0 [ 1320.090278][T21729] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1320.090300][T21729] usb 3-1: config 0 has no interface number 0 [ 1320.090333][T21729] usb 3-1: config 0 interface 205 has no altsetting 0 [ 1320.093294][T21729] usb 3-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 1320.093325][T21729] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1320.093349][T21729] usb 3-1: Product: syz [ 1320.093365][T21729] usb 3-1: Manufacturer: syz [ 1320.093380][T21729] usb 3-1: SerialNumber: syz [ 1320.098503][ T5883] usb 6-1: Using ep0 maxpacket: 32 [ 1320.128506][ T5883] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 1320.128590][ T5883] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1320.128645][ T5883] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1320.128707][ T5883] usb 6-1: config 1 has no interface number 0 [ 1320.128862][ T5883] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1320.128935][ T5883] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1320.129023][ T5883] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1320.129072][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1320.253466][T21729] usb 3-1: config 0 descriptor?? [ 1320.288700][T21729] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 1320.288758][T21729] dvb-usb: bulk message failed: -22 (3/0) [ 1320.295166][ T5883] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 1320.339516][T21729] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1320.341751][T21729] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 1320.341842][T21729] usb 3-1: media controller created [ 1320.344010][T21729] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1320.391569][T21729] dvb-usb: bulk message failed: -22 (6/0) [ 1320.391657][T21729] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 1320.396885][T21729] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input33 [ 1320.441534][T21729] dvb-usb: schedule remote query interval to 150 msecs. [ 1320.441593][T21729] dvb-usb: bulk message failed: -22 (3/0) [ 1320.464504][T21729] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 1320.523880][ T5883] snd_usb_pod 6-1:1.1: invalid control EP [ 1320.523914][ T5883] snd_usb_pod 6-1:1.1: cannot start listening: -22 [ 1320.524210][ T5883] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 1320.524765][ T5883] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1320.598770][T21729] dvb-usb: bulk message failed: -22 (1/0) [ 1320.598803][T21729] dvb-usb: error while querying for an remote control event. [ 1320.701040][ T5995] usb 3-1: USB disconnect, device number 60 [ 1320.730920][ T5883] usb 6-1: USB disconnect, device number 50 [ 1320.879934][ T5995] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 1323.688335][T21729] usb 6-1: new full-speed USB device number 51 using dummy_hcd [ 1323.970577][T21729] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1323.970634][T21729] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x4B, changing to 0xB [ 1323.970663][T21729] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 1323.970692][T21729] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 50562, setting to 64 [ 1323.970721][T21729] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD9, changing to 0x89 [ 1323.970748][T21729] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1323.970772][T21729] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1323.975863][T21729] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.ff [ 1323.975898][T21729] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1323.975914][T21729] usb 6-1: Manufacturer: syz [ 1324.106271][T21729] usb 6-1: config 0 descriptor?? [ 1324.151900][T27829] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1324.395938][T21729] usb 6-1: USB disconnect, device number 51 [ 1325.857532][T27869] netlink: 64 bytes leftover after parsing attributes in process `syz.2.9084'. [ 1329.197844][T27917] siw: device registration error -23 [ 1334.339380][ T9] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1334.489343][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 1334.491382][ T9] usb 6-1: config 32 has an invalid interface number: 85 but max is 0 [ 1334.491411][ T9] usb 6-1: config 32 has no interface number 0 [ 1334.491459][ T9] usb 6-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1334.491491][ T9] usb 6-1: config 32 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1334.491509][ T9] usb 6-1: config 32 interface 85 has no altsetting 0 [ 1334.494304][ T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1334.494334][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1334.494355][ T9] usb 6-1: Product: syz [ 1334.494372][ T9] usb 6-1: Manufacturer: syz [ 1334.494383][ T9] usb 6-1: SerialNumber: syz [ 1334.716100][T27994] input: syz1 as /devices/virtual/input/input35 [ 1334.927196][T28011] tipc: Enabled bearer , priority 10 [ 1335.230846][ T9] appletouch 6-1:32.85: Failed to read mode from device. [ 1335.231081][ T9] appletouch 6-1:32.85: probe with driver appletouch failed with error -5 [ 1335.279660][ T9] usb 6-1: USB disconnect, device number 52 [ 1336.229210][ T5861] tipc: Node number set to 754974721 [ 1337.106215][T28061] netlink: 'syz.2.9163': attribute type 2 has an invalid length. [ 1338.304137][ T5861] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1338.455477][ T5861] usb 6-1: Using ep0 maxpacket: 32 [ 1338.467254][ T5861] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 1338.467283][ T5861] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1338.467306][ T5861] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1338.467328][ T5861] usb 6-1: config 1 has no interface number 0 [ 1338.467377][ T5861] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1338.467402][ T5861] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1338.467448][ T5861] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1338.467474][ T5861] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1338.611255][ T5861] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 1338.762106][ T5861] snd_usb_pod 6-1:1.1: set_interface failed [ 1338.762409][ T5861] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 1338.762623][ T5861] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 1338.869996][ T5861] usb 6-1: USB disconnect, device number 53 [ 1339.043951][ T71] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1340.418896][T28134] siw: device registration error -23 [ 1342.694886][T28164] FAULT_INJECTION: forcing a failure. [ 1342.694886][T28164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1342.694926][T28164] CPU: 0 UID: 0 PID: 28164 Comm: syz.0.9205 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1342.694958][T28164] Tainted: [L]=SOFTLOCKUP [ 1342.694967][T28164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1342.694981][T28164] Call Trace: [ 1342.694990][T28164] [ 1342.695001][T28164] dump_stack_lvl+0xe8/0x150 [ 1342.695041][T28164] should_fail_ex+0x46b/0x600 [ 1342.695086][T28164] _copy_from_user+0x2d/0xb0 [ 1342.695117][T28164] __sys_connect+0x156/0x450 [ 1342.695151][T28164] ? __pfx___sys_connect+0x10/0x10 [ 1342.695198][T28164] ? __pfx_ksys_write+0x10/0x10 [ 1342.695242][T28164] __x64_sys_connect+0x7a/0x90 [ 1342.695273][T28164] do_syscall_64+0x14d/0xf80 [ 1342.695305][T28164] ? trace_irq_disable+0x3b/0x150 [ 1342.695331][T28164] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1342.695355][T28164] ? clear_bhb_loop+0x40/0x90 [ 1342.695384][T28164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1342.695408][T28164] RIP: 0033:0x7f436492c799 [ 1342.695429][T28164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1342.695449][T28164] RSP: 002b:00007f4362b86028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1342.695474][T28164] RAX: ffffffffffffffda RBX: 00007f4364ba5fa0 RCX: 00007f436492c799 [ 1342.695490][T28164] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 1342.695504][T28164] RBP: 00007f4362b86090 R08: 0000000000000000 R09: 0000000000000000 [ 1342.695519][T28164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1342.695532][T28164] R13: 00007f4364ba6038 R14: 00007f4364ba5fa0 R15: 00007ffff9ac2258 [ 1342.695645][T28164] [ 1345.200016][ T5883] usb 6-1: new full-speed USB device number 54 using dummy_hcd [ 1345.352636][ T5883] usb 6-1: config 0 has an invalid interface number: 205 but max is 0 [ 1345.352658][ T5883] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1345.352673][ T5883] usb 6-1: config 0 has no interface number 0 [ 1345.352697][ T5883] usb 6-1: config 0 interface 205 has no altsetting 0 [ 1345.354775][ T5883] usb 6-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 1345.354796][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1345.354811][ T5883] usb 6-1: Product: syz [ 1345.354822][ T5883] usb 6-1: Manufacturer: syz [ 1345.354832][ T5883] usb 6-1: SerialNumber: syz [ 1345.441185][ T5883] usb 6-1: config 0 descriptor?? [ 1345.476959][ T5883] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 1345.476997][ T5883] dvb-usb: bulk message failed: -22 (3/0) [ 1345.511077][ T5883] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1345.513669][ T5883] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 1345.513725][ T5883] usb 6-1: media controller created [ 1345.515148][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1345.664451][ T5883] dvb-usb: bulk message failed: -22 (6/0) [ 1345.664512][ T5883] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 1345.699256][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36 [ 1345.778966][ T5883] dvb-usb: schedule remote query interval to 150 msecs. [ 1345.779008][ T5883] dvb-usb: bulk message failed: -22 (3/0) [ 1345.792789][ T5883] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 1345.814018][ T5883] usb 6-1: USB disconnect, device number 54 [ 1346.029781][ T5883] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 1346.056327][T28213] netlink: 'syz.4.9226': attribute type 2 has an invalid length. [ 1346.710067][ T5883] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1346.871744][ T5883] usb 6-1: Using ep0 maxpacket: 8 [ 1346.881082][ T5883] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1346.881167][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1346.881221][ T5883] usb 6-1: Product: syz [ 1346.881263][ T5883] usb 6-1: Manufacturer: syz [ 1346.881304][ T5883] usb 6-1: SerialNumber: syz [ 1346.923050][T28240] FAULT_INJECTION: forcing a failure. [ 1346.923050][T28240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1346.923090][T28240] CPU: 0 UID: 0 PID: 28240 Comm: syz.6.9236 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1346.923120][T28240] Tainted: [L]=SOFTLOCKUP [ 1346.923129][T28240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1346.923142][T28240] Call Trace: [ 1346.923152][T28240] [ 1346.923162][T28240] dump_stack_lvl+0xe8/0x150 [ 1346.923203][T28240] should_fail_ex+0x46b/0x600 [ 1346.923247][T28240] _copy_from_user+0x2d/0xb0 [ 1346.923277][T28240] ___sys_sendmsg+0x1c6/0x360 [ 1346.923318][T28240] ? __pfx____sys_sendmsg+0x10/0x10 [ 1346.923389][T28240] ? __fget_files+0x2a/0x420 [ 1346.923419][T28240] ? __fget_files+0x3a6/0x420 [ 1346.923458][T28240] __x64_sys_sendmsg+0x1c3/0x2a0 [ 1346.923494][T28240] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1346.923538][T28240] ? __pfx_ksys_write+0x10/0x10 [ 1346.923593][T28240] do_syscall_64+0x14d/0xf80 [ 1346.923624][T28240] ? trace_irq_disable+0x3b/0x150 [ 1346.923652][T28240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1346.923677][T28240] ? clear_bhb_loop+0x40/0x90 [ 1346.923706][T28240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1346.923729][T28240] RIP: 0033:0x7f338262c799 [ 1346.923750][T28240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1346.923770][T28240] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1346.923795][T28240] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1346.923811][T28240] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1346.923825][T28240] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1346.923839][T28240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1346.923852][T28240] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1346.923886][T28240] [ 1346.928066][ T5883] usb 6-1: config 0 descriptor?? [ 1347.079732][ T5883] gspca_main: se401-2.14.0 probing 047d:5003 [ 1349.658440][ T5883] input: se401 as /devices/platform/dummy_hcd.5/usb6/6-1/input/input37 [ 1349.737310][T28262] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1350.112399][ T5883] usb 6-1: USB disconnect, device number 55 [ 1350.667647][T28272] siw: device registration error -23 [ 1350.692239][T28272] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1356.023589][ T5861] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1356.200263][ T5861] usb 3-1: Using ep0 maxpacket: 16 [ 1356.222233][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1356.222272][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1032, setting to 1024 [ 1356.222302][ T5861] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1356.222347][ T5861] usb 3-1: New USB device found, idVendor=045e, idProduct=17da, bcdDevice= 0.00 [ 1356.222371][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1356.302418][ T5861] usb 3-1: config 0 descriptor?? [ 1356.303659][T28370] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1356.742311][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x7 [ 1356.742353][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742383][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742412][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742440][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742478][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742506][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.742534][ T5861] hid-generic 0003:045E:17DA.0029: unknown main item tag 0x0 [ 1356.822419][ T5861] hid-generic 0003:045E:17DA.0029: hidraw0: USB HID v0.00 Device [HID 045e:17da] on usb-dummy_hcd.2-1/input0 [ 1357.641891][T28407] siw: device registration error -23 [ 1357.669091][T28407] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1358.477050][ T6007] usb 3-1: USB disconnect, device number 61 [ 1358.689302][T28419] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 1361.140660][T28441] siw: device registration error -23 [ 1361.176184][T28441] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1362.191393][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.378496][T28449] netlink: 'syz.2.9324': attribute type 2 has an invalid length. [ 1362.627519][ T6007] hid-generic 0000:008B:0000.002A: unknown main item tag 0x0 [ 1362.682523][ T6007] hid-generic 0000:008B:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1363.191014][T21729] usb 3-1: new full-speed USB device number 62 using dummy_hcd [ 1363.346671][T21729] usb 3-1: config 0 has an invalid interface number: 205 but max is 0 [ 1363.346702][T21729] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1363.346723][T21729] usb 3-1: config 0 has no interface number 0 [ 1363.346757][T21729] usb 3-1: config 0 interface 205 has no altsetting 0 [ 1363.390648][T21729] usb 3-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 1363.390686][T21729] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1363.390708][T21729] usb 3-1: Product: syz [ 1363.390724][T21729] usb 3-1: Manufacturer: syz [ 1363.390740][T21729] usb 3-1: SerialNumber: syz [ 1363.436135][T21729] usb 3-1: config 0 descriptor?? [ 1363.452099][T21729] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 1363.452157][T21729] dvb-usb: bulk message failed: -22 (3/0) [ 1363.493649][T21729] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1363.494591][T21729] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 1363.494654][T21729] usb 3-1: media controller created [ 1363.499386][T21729] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1363.545671][T21729] dvb-usb: bulk message failed: -22 (6/0) [ 1363.545759][T21729] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 1363.569240][T21729] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input38 [ 1363.587224][T21729] dvb-usb: schedule remote query interval to 150 msecs. [ 1363.587284][T21729] dvb-usb: bulk message failed: -22 (3/0) [ 1363.603608][T21729] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 1363.609606][T28476] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9334'. [ 1363.828369][ T6007] dvb-usb: bulk message failed: -22 (1/0) [ 1363.828404][ T6007] dvb-usb: error while querying for an remote control event. [ 1364.848867][T21729] dvb-usb: bulk message failed: -22 (1/0) [ 1364.848902][T21729] dvb-usb: error while querying for an remote control event. [ 1365.002478][ T5861] dvb-usb: bulk message failed: -22 (1/0) [ 1365.002515][ T5861] dvb-usb: error while querying for an remote control event. [ 1365.160383][ T5861] dvb-usb: bulk message failed: -22 (1/0) [ 1365.160418][ T5861] dvb-usb: error while querying for an remote control event. [ 1365.321551][ T5861] dvb-usb: bulk message failed: -22 (1/0) [ 1365.321584][ T5861] dvb-usb: error while querying for an remote control event. [ 1365.365987][ T5861] usb 3-1: USB disconnect, device number 62 [ 1365.465478][ T5861] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 1366.296420][T28523] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1367.690453][ T9] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1367.840470][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 1367.845460][ T9] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1367.845492][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1367.845513][ T9] usb 3-1: Product: syz [ 1367.845535][ T9] usb 3-1: Manufacturer: syz [ 1367.845547][ T9] usb 3-1: SerialNumber: syz [ 1367.916602][ T9] usb 3-1: config 0 descriptor?? [ 1367.946908][ T9] gspca_main: se401-2.14.0 probing 047d:5003 [ 1368.624842][ T9] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input39 [ 1368.734797][ T9] usb 3-1: USB disconnect, device number 63 [ 1369.807985][T28590] siw: device registration error -23 [ 1370.077491][ T1145] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1373.348119][T28644] siw: device registration error -23 [ 1373.889190][T28660] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9412'. [ 1375.572144][T28694] FAULT_INJECTION: forcing a failure. [ 1375.572144][T28694] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.572174][T28694] CPU: 0 UID: 0 PID: 28694 Comm: syz.6.9421 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1375.572197][T28694] Tainted: [L]=SOFTLOCKUP [ 1375.572203][T28694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1375.572214][T28694] Call Trace: [ 1375.572220][T28694] [ 1375.572227][T28694] dump_stack_lvl+0xe8/0x150 [ 1375.572257][T28694] should_fail_ex+0x46b/0x600 [ 1375.572295][T28694] should_failslab+0xa8/0x100 [ 1375.572328][T28694] __kmalloc_noprof+0xdf/0x7b0 [ 1375.572355][T28694] ? io_cache_alloc_new+0x40/0x100 [ 1375.572449][T28694] io_cache_alloc_new+0x40/0x100 [ 1375.572471][T28694] __io_prep_rw+0x2bd/0xed0 [ 1375.572535][T28694] ? __pfx___io_prep_rw+0x10/0x10 [ 1375.572556][T28694] ? percpu_ref_get_many+0x21/0x1e0 [ 1375.572594][T28694] ? percpu_ref_get_many+0x21/0x1e0 [ 1375.572622][T28694] io_prep_rwv+0x8e/0x440 [ 1375.572644][T28694] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 1375.572670][T28694] ? __pfx_io_prep_rwv+0x10/0x10 [ 1375.572695][T28694] ? __asan_memset+0x22/0x50 [ 1375.572715][T28694] ? blk_start_plug_nr_ios+0x7e/0x1c0 [ 1375.572761][T28694] io_submit_sqes+0xb35/0x2370 [ 1375.572813][T28694] __se_sys_io_uring_enter+0x2d2/0x18c0 [ 1375.572836][T28694] ? lockdep_hardirqs_on+0x7a/0x110 [ 1375.572865][T28694] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1375.572890][T28694] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 1375.572914][T28694] ? fput+0xa0/0xd0 [ 1375.572933][T28694] ? ksys_write+0x248/0x270 [ 1375.572959][T28694] ? __pfx_ksys_write+0x10/0x10 [ 1375.572986][T28694] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 1375.573011][T28694] do_syscall_64+0x14d/0xf80 [ 1375.573033][T28694] ? trace_irq_disable+0x3b/0x150 [ 1375.573052][T28694] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.573068][T28694] ? clear_bhb_loop+0x40/0x90 [ 1375.573088][T28694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.573104][T28694] RIP: 0033:0x7f338262c799 [ 1375.573119][T28694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1375.573133][T28694] RSP: 002b:00007f3380886028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1375.573150][T28694] RAX: ffffffffffffffda RBX: 00007f33828a5fa0 RCX: 00007f338262c799 [ 1375.573163][T28694] RDX: 0000000000000000 RSI: 00000000000847ba RDI: 0000000000000007 [ 1375.573172][T28694] RBP: 00007f3380886090 R08: 0000000000000000 R09: 0000000000000000 [ 1375.573182][T28694] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001 [ 1375.573191][T28694] R13: 00007f33828a6038 R14: 00007f33828a5fa0 R15: 00007ffcc2846668 [ 1375.573216][T28694] [ 1376.559740][T28697] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1378.504953][T28748] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1379.396757][T28742] netlink: 148 bytes leftover after parsing attributes in process `syz.2.9443'. [ 1379.396841][T28742] netlink: 'syz.2.9443': attribute type 2 has an invalid length. [ 1380.872341][T28795] siw: device registration error -23 [ 1381.873534][T28809] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9467'. [ 1383.700526][ T5861] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1383.780504][ T5995] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1383.880869][ T5861] usb 3-1: Using ep0 maxpacket: 32 [ 1383.883208][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1383.883241][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1383.883297][ T5861] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1383.883322][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1383.939964][ T5861] usb 3-1: config 0 descriptor?? [ 1383.961049][ T5995] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1383.961083][ T5995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1383.961105][ T5995] usb 6-1: Product: syz [ 1383.961120][ T5995] usb 6-1: Manufacturer: syz [ 1383.961135][ T5995] usb 6-1: SerialNumber: syz [ 1384.022914][ T5861] hub 3-1:0.0: USB hub found [ 1384.049654][ T5995] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1384.173789][ T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1384.668883][T28835] tipc: Started in network mode [ 1384.669423][T28835] tipc: Node identity ac14140f, cluster identity 4711 [ 1384.732360][T28835] tipc: Enabled bearer , priority 10 [ 1385.542712][ T5861] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 1385.579772][ T5861] usbhid 3-1:0.0: can't add hid device: -71 [ 1385.579914][ T5861] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1386.030395][ T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1386.030601][ T9] ath9k_htc: Failed to initialize the device [ 1386.038689][T21729] tipc: Node number set to 2886997007 [ 1386.066117][ T5861] usb 3-1: USB disconnect, device number 64 [ 1386.585934][T28834] ------------[ cut here ]------------ [ 1386.585951][T28834] kcov->t != t [ 1386.585964][T28834] WARNING: kernel/kcov.c:483 at kcov_task_exit+0xf5/0x160, CPU#1: syz.5.9475/28834 [ 1386.586017][T28834] Modules linked in: [ 1386.586040][T28834] CPU: 1 UID: 0 PID: 28834 Comm: syz.5.9475 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1386.586072][T28834] Tainted: [L]=SOFTLOCKUP [ 1386.586081][T28834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1386.586096][T28834] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 1386.586124][T28834] Code: 10 00 00 48 8b bb 90 00 00 00 e8 e6 54 54 00 48 89 df 5b 41 5e 41 5f e9 09 2c 5a 00 7c 1c 5b 41 5e 41 5f e9 bd 69 61 09 cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 1b 03 60 09 48 89 df be 03 00 [ 1386.586146][T28834] RSP: 0018:ffffc90005857d20 EFLAGS: 00010206 [ 1386.586166][T28834] RAX: 43218d207e718000 RBX: ffff888035a8e000 RCX: 0000000000000000 [ 1386.586183][T28834] RDX: 00000000b9174e89 RSI: ffffffff8ba64a60 RDI: 00000000ffffffff [ 1386.586200][T28834] RBP: ffffc90005857e78 R08: ffffffff8b2451d0 R09: ffffffff8ddcd780 [ 1386.586217][T28834] R10: dffffc0000000000 R11: fffffbfff1ed46b7 R12: 1ffff1100503c01d [ 1386.586236][T28834] R13: 0000000000000000 R14: ffff888035a8e008 R15: ffff888028f71e80 [ 1386.586253][T28834] FS: 000055557cf16500(0000) GS:ffff888126440000(0000) knlGS:0000000000000000 [ 1386.586272][T28834] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1386.586288][T28834] CR2: 00007f43649964f0 CR3: 0000000087d72000 CR4: 00000000003526f0 [ 1386.586309][T28834] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000400 [ 1386.586323][T28834] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1386.586338][T28834] Call Trace: [ 1386.586347][T28834] [ 1386.586359][T28834] do_exit+0xd8/0x2320 [ 1386.586387][T28834] ? lockdep_hardirqs_on+0x7a/0x110 [ 1386.586422][T28834] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1386.586458][T28834] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1386.586484][T28834] ? reacquire_held_locks+0x104/0x190 [ 1386.586512][T28834] ? rt_spin_lock+0x1e0/0x400 [ 1386.586537][T28834] ? __pfx_do_exit+0x10/0x10 [ 1386.586563][T28834] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1386.586601][T28834] ? rt_spin_unlock+0x160/0x200 [ 1386.586630][T28834] do_group_exit+0x21b/0x2d0 [ 1386.586662][T28834] __x64_sys_exit_group+0x3f/0x40 [ 1386.586699][T28834] x64_sys_call+0x221a/0x2240 [ 1386.586722][T28834] do_syscall_64+0x14d/0xf80 [ 1386.586755][T28834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.586785][T28834] ? clear_bhb_loop+0x40/0x90 [ 1386.586815][T28834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.586839][T28834] RIP: 0033:0x7fb28f17c799 [ 1386.586860][T28834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1386.586880][T28834] RSP: 002b:00007ffe36c2a9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1386.586903][T28834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb28f17c799 [ 1386.586919][T28834] RDX: 0000001b31024000 RSI: 0000000000000023 RDI: 0000000000000000 [ 1386.586934][T28834] RBP: 00007ffe36c2aa5c R08: 0000000000000006 R09: 00000000000927c0 [ 1386.586949][T28834] R10: 00000000003fa490 R11: 0000000000000246 R12: 0000000000000298 [ 1386.586963][T28834] R13: 00000000000927c0 R14: 0000000000151842 R15: 00007ffe36c2aab0 [ 1386.586999][T28834] [ 1386.587016][T28834] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1386.587035][T28834] CPU: 1 UID: 0 PID: 28834 Comm: syz.5.9475 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1386.587067][T28834] Tainted: [L]=SOFTLOCKUP [ 1386.587075][T28834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1386.587088][T28834] Call Trace: [ 1386.587097][T28834] [ 1386.587106][T28834] vpanic+0x56c/0xa60 [ 1386.587173][T28834] ? __pfx__printk+0x10/0x10 [ 1386.587200][T28834] ? __pfx_vpanic+0x10/0x10 [ 1386.587233][T28834] ? is_bpf_text_address+0x292/0x2b0 [ 1386.587268][T28834] ? is_bpf_text_address+0x26/0x2b0 [ 1386.587311][T28834] panic+0xc5/0xd0 [ 1386.587346][T28834] ? __pfx_panic+0x10/0x10 [ 1386.587401][T28834] __warn+0x315/0x4f0 [ 1386.587435][T28834] ? kcov_task_exit+0xf5/0x160 [ 1386.587463][T28834] ? kcov_task_exit+0xf5/0x160 [ 1386.587492][T28834] __report_bug+0x29a/0x540 [ 1386.587594][T28834] ? kcov_task_exit+0xf5/0x160 [ 1386.587622][T28834] ? __pfx___report_bug+0x10/0x10 [ 1386.587667][T28834] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 1386.587704][T28834] ? do_raw_spin_lock+0x12b/0x2f0 [ 1386.587748][T28834] ? kcov_task_exit+0xf5/0x160 [ 1386.587774][T28834] report_bug+0x16a/0x220 [ 1386.587808][T28834] ? kcov_task_exit+0xf5/0x160 [ 1386.587834][T28834] ? kcov_task_exit+0xf7/0x160 [ 1386.587861][T28834] handle_bug+0x9c/0x200 [ 1386.587899][T28834] exc_invalid_op+0x1a/0x50 [ 1386.587949][T28834] asm_exc_invalid_op+0x1a/0x20 [ 1386.587973][T28834] RIP: 0010:kcov_task_exit+0xf5/0x160 [ 1386.588000][T28834] Code: 10 00 00 48 8b bb 90 00 00 00 e8 e6 54 54 00 48 89 df 5b 41 5e 41 5f e9 09 2c 5a 00 7c 1c 5b 41 5e 41 5f e9 bd 69 61 09 cc 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 1b 03 60 09 48 89 df be 03 00 [ 1386.588021][T28834] RSP: 0018:ffffc90005857d20 EFLAGS: 00010206 [ 1386.588041][T28834] RAX: 43218d207e718000 RBX: ffff888035a8e000 RCX: 0000000000000000 [ 1386.588058][T28834] RDX: 00000000b9174e89 RSI: ffffffff8ba64a60 RDI: 00000000ffffffff [ 1386.588074][T28834] RBP: ffffc90005857e78 R08: ffffffff8b2451d0 R09: ffffffff8ddcd780 [ 1386.588093][T28834] R10: dffffc0000000000 R11: fffffbfff1ed46b7 R12: 1ffff1100503c01d [ 1386.588111][T28834] R13: 0000000000000000 R14: ffff888035a8e008 R15: ffff888028f71e80 [ 1386.588136][T28834] ? rt_spin_lock+0x1e0/0x400 [ 1386.588173][T28834] do_exit+0xd8/0x2320 [ 1386.588197][T28834] ? lockdep_hardirqs_on+0x7a/0x110 [ 1386.588230][T28834] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1386.588265][T28834] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1386.588292][T28834] ? reacquire_held_locks+0x104/0x190 [ 1386.588319][T28834] ? rt_spin_lock+0x1e0/0x400 [ 1386.588345][T28834] ? __pfx_do_exit+0x10/0x10 [ 1386.588370][T28834] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1386.588409][T28834] ? rt_spin_unlock+0x160/0x200 [ 1386.588439][T28834] do_group_exit+0x21b/0x2d0 [ 1386.588471][T28834] __x64_sys_exit_group+0x3f/0x40 [ 1386.588498][T28834] x64_sys_call+0x221a/0x2240 [ 1386.588521][T28834] do_syscall_64+0x14d/0xf80 [ 1386.588554][T28834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.588579][T28834] ? clear_bhb_loop+0x40/0x90 [ 1386.588609][T28834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.588634][T28834] RIP: 0033:0x7fb28f17c799 [ 1386.588654][T28834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1386.588674][T28834] RSP: 002b:00007ffe36c2a9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1386.588705][T28834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb28f17c799 [ 1386.588722][T28834] RDX: 0000001b31024000 RSI: 0000000000000023 RDI: 0000000000000000 [ 1386.588737][T28834] RBP: 00007ffe36c2aa5c R08: 0000000000000006 R09: 00000000000927c0 [ 1386.588752][T28834] R10: 00000000003fa490 R11: 0000000000000246 R12: 0000000000000298 [ 1386.588768][T28834] R13: 00000000000927c0 R14: 0000000000151842 R15: 00007ffe36c2aab0 [ 1386.588804][T28834] [ 1386.589410][T28834] Kernel Offset: disabled