last executing test programs: 12.660062005s ago: executing program 2 (id=994): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x0) 12.536510498s ago: executing program 2 (id=996): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) readv(r5, &(0x7f0000000100)=[{&(0x7f0000001180)=""/4085, 0xff5}], 0x1) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)={0x50, r4, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x1}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0x20009085}, 0x40040c0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)={0x3c, r7, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}}, 0x20000000) setsockopt$sock_timeval(r2, 0x1, 0x43, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x10000, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) fsetxattr$security_ima(r2, &(0x7f0000000000), &(0x7f0000000240)=ANY=[@ANYBLOB="030306030000000018657e57f0f51dbaf018cd753c10c65f81ec1be25cbad5fee2c702bca76ece2076"], 0x21, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) accept4$llc(r10, 0x0, 0x0, 0x80800) 10.195415852s ago: executing program 3 (id=998): r0 = socket$inet6(0xa, 0x2, 0x3a) munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}]}}, 0x0, 0x26, 0x0, 0x1, 0x7ff}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x40001e0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000008850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r7}, 0xc) syz_genetlink_get_family_id$tipc2(0x0, r2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket(0xa, 0x3, 0x2) connect$inet6(r8, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @loopback, 0xd9b}, 0x1c) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$loop(&(0x7f0000000500), 0x47ffffa, 0x60500) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000100)=0x40000000) r9 = syz_open_dev$video(&(0x7f0000000000), 0xd, 0x0) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0x20, 0x0, 0x42474752, 0x0, 0x0, 0x0, 0x6, 0xfeedcb00, 0x3, 0x0, 0x1, 0x5}}) ioctl$KVM_CAP_PMU_CAPABILITY(0xffffffffffffffff, 0x4068aea3, 0x0) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x0) 10.123652265s ago: executing program 4 (id=999): syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x3f, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c5}, 0x0) 10.048718232s ago: executing program 2 (id=1000): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0) 9.88802734s ago: executing program 0 (id=1001): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0x62040200) (fail_nth: 4) 9.331510266s ago: executing program 4 (id=1002): r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r0}, 0x8) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r1, r2, 0x1a, 0x0, @val=@iter={&(0x7f0000000240)=@map_fd=r3, 0x10}}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000000c0)={r9, 0x2, 0x30}, &(0x7f00000001c0)=0xc) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000040)={r9, 0x7, 0x20}, &(0x7f00000000c0)=0xc) fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB='\t\x00\x00', @ANYRES32, @ANYRES32, @ANYBLOB], 0x48) fchdir(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 9.099425651s ago: executing program 1 (id=1003): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={0x0, @multicast1, @remote}, &(0x7f0000000180)=0xc) r7 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$can_raw(r7, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r8, 0x2000000}, 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2}, 0x10}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000001c0)={'ip6tnl0\x00', r3, 0x29, 0xea, 0xc3, 0x98d, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x8000, 0x40, 0xb, 0x1}}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000280)={0x0, @local, @dev}, &(0x7f0000000340)=0xc) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r11, 0x0, 0xffff7ffffffffffc}, 0x18) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r12 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) copy_file_range(r12, 0x0, r12, 0x0, 0x401, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000540)={&(0x7f0000000380)={0x18c, r5, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4b042d1fefb50809}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x44081}, 0x20000010) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x4000000, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=@newtaction={0x74, 0x30, 0xb, 0x5, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @private=0xa010102}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8890}, 0x40) 8.949636003s ago: executing program 3 (id=1004): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0x2, 0x80805, 0xfffffffc) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, 0x0, &(0x7f0000000b00)) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x4fc0, 0x80, 0x6, 0x0, 0x8, 0x80, 0x7}, 0xc) syz_open_dev$sg(0x0, 0xffffffff, 0x8002) syz_init_net_socket$rose(0xb, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) 8.778976165s ago: executing program 0 (id=1005): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff\xff2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\x10\xf7\xb2\xed\x8a\xdc\xa6\x8fO\xc8\xbay,\xae\xd3\xc5*\x15\xdf_\xb2_`\x92', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\r\xcc:', 0x0) r1 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x10000}) close(r1) close(0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) 8.536761582s ago: executing program 2 (id=1006): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc) r5 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) mq_open(&(0x7f0000000040)=']\x00', 0xdd326361bc84707c, 0x4, 0x0) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a"], 0x254}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') read$FUSE(r7, &(0x7f0000005200)={0x2020}, 0x2020) rmdir(&(0x7f0000000380)='./file0/../file0\x00') 8.208475547s ago: executing program 1 (id=1007): socket$inet6_sctp(0xa, 0x801, 0x84) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) mount$overlay(0x0, 0x0, 0x0, 0x40000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={'\x00', 0x4000, 0x6, 0x1, 0x2, 0xff, 0x0}) sched_setparam(r1, &(0x7f00000000c0)=0x7f) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001aa40)=""/102392, 0x18ff8) r3 = socket(0x2, 0x80805, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f0000000000)={'hsr0\x00'}) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000200)={0x1, 0x2, 0x3, 0x0}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r6, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r6, 0x1) bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty}, 0x1c) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) 8.120110646s ago: executing program 0 (id=1008): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_misc(r0, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000001800", [0x0, 0x2000000000001]}}) 6.521436378s ago: executing program 2 (id=1009): syz_open_dev$ttys(0xc, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="3a2f080000030300010000000000450a00280068000005069078ac1e0301ffffffff4e204e21", @ANYRES32=0x41424344], 0xfce) r3 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$P9_RVERSION(r3, &(0x7f0000002200)=ANY=[], 0xfffffcd9) ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000100)=0x9) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 6.146753189s ago: executing program 1 (id=1010): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) readv(r5, &(0x7f0000000100)=[{&(0x7f0000001180)=""/4085, 0xff5}], 0x1) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)={0x50, r4, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x1}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0x20009085}, 0x40040c0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)={0x3c, r7, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}}, 0x20000000) setsockopt$sock_timeval(r2, 0x1, 0x43, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x10000, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) fsetxattr$security_ima(r2, &(0x7f0000000000), &(0x7f0000000240)=ANY=[@ANYBLOB="030306030000000018657e57f0f51dbaf018cd753c10c65f81ec1be25cbad5fee2c702bca76ece2076"], 0x21, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) accept4$llc(r10, 0x0, 0x0, 0x80800) 5.907581246s ago: executing program 0 (id=1011): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x6e) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = syz_clone(0x20040200, 0x0, 0x5, 0x0, 0x0, 0x0) ptrace(0x4206, r2) ptrace(0x8, r2) ptrace$setsig(0x4207, r2, 0x200000000000005, 0x0) r3 = socket(0x1e, 0x5, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f00000002c0)=0x2, 0x4) listen(r3, 0x0) r4 = socket(0x1e, 0x805, 0x0) sendmsg$tipc(r4, &(0x7f0000000080)={&(0x7f0000000100)=@name, 0x10, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070250000000000811af8ff00000000bfa10000000000e206010000f8ffffffb702000000000000b303000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2, 0x0, 0x0, 0xfffffffc}, 0x1c) accept4$nfc_llcp(r3, 0x0, 0x0, 0x0) sendmsg$tipc(r4, &(0x7f0000000500)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x20040001) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) 5.684276432s ago: executing program 4 (id=1012): syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x3f, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c5}, 0x0) 4.949690134s ago: executing program 2 (id=1013): syz_open_dev$ttys(0xc, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="3a2f080000030300010000000000450a00280068000005069078ac1e0301ffffffff4e204e21", @ANYRES32=0x41424344], 0xfce) syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d000905"], 0x0) r3 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$P9_RVERSION(r3, &(0x7f0000002200)=ANY=[], 0xfffffcd9) ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000100)=0x9) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0xb, &(0x7f0000000580)=ANY=[@ANYRES8], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr\x00') fchdir(r4) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 4.714047307s ago: executing program 1 (id=1014): r0 = socket$inet6(0xa, 0x2, 0x3a) munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}]}}, 0x0, 0x26, 0x0, 0x1, 0x7ff}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x40001e0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000008850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r7}, 0xc) syz_genetlink_get_family_id$tipc2(0x0, r2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket(0xa, 0x3, 0x2) connect$inet6(r8, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @loopback, 0xd9b}, 0x1c) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$loop(&(0x7f0000000500), 0x47ffffa, 0x60500) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000100)=0x40000000) r9 = syz_open_dev$video(&(0x7f0000000000), 0xd, 0x0) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0x20, 0x0, 0x42474752, 0x0, 0x0, 0x0, 0x6, 0xfeedcb00, 0x3, 0x0, 0x1, 0x5}}) ioctl$KVM_CAP_PMU_CAPABILITY(0xffffffffffffffff, 0x4068aea3, 0x0) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x0) 4.675829441s ago: executing program 0 (id=1015): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x50) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x14, 0x24, 0x21}, 0x14}}, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f00000021c0)={0x2020}, 0x2020) syz_fuse_handle_req(r4, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0xb) 4.618028664s ago: executing program 4 (id=1016): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000740), 0x0, 0x0) recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0) 4.167978539s ago: executing program 3 (id=1017): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) syz_init_net_socket$llc(0x1a, 0x1, 0x0) prctl$PR_CAPBSET_READ(0x59616d61, 0xffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)={0x50, r4, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x1}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0x20009085}, 0x40040c0) 1.816243506s ago: executing program 3 (id=1018): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) 1.745696864s ago: executing program 1 (id=1019): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@local, 0x200001}, @local, 0x8, 0x0, 0x347, 0x8000080000004, 0x3ff, 0xfffd, 0x9}) 1.675627675s ago: executing program 3 (id=1020): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc) r5 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) mq_open(&(0x7f0000000040)=']\x00', 0xdd326361bc84707c, 0x4, 0x0) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a"], 0x254}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') read$FUSE(r7, &(0x7f0000005200)={0x2020}, 0x2020) rmdir(&(0x7f0000000380)='./file0/../file0\x00') 1.61665123s ago: executing program 4 (id=1021): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_misc(r0, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000001800", [0x0, 0x2000000000001]}}) 1.520887998s ago: executing program 1 (id=1022): r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180)={r0}, 0x8) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r1, r2, 0x1a, 0x0, @val=@iter={&(0x7f0000000240)=@map_fd=r3, 0x10}}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000000c0)={r9, 0x2, 0x30}, &(0x7f00000001c0)=0xc) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000040)={r9, 0x7, 0x20}, &(0x7f00000000c0)=0xc) fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB='\t\x00\x00', @ANYRES32, @ANYRES32, @ANYBLOB], 0x48) fchdir(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 1.475633519s ago: executing program 4 (id=1023): syz_open_dev$ttys(0xc, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="3a2f080000030300010000000000450a00280068000005069078ac1e0301ffffffff4e204e21", @ANYRES32=0x41424344], 0xfce) r3 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$P9_RVERSION(r3, &(0x7f0000002200)=ANY=[], 0xfffffcd9) ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000100)=0x9) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 9.503211ms ago: executing program 3 (id=1024): r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x6904, 0x0) r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r4 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0) ioctl$TIOCMGET(r4, 0x5415, &(0x7f0000001080)) writev(r4, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) close(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r8 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r8, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x44080) socket$nl_netfilter(0x10, 0x3, 0xc) r9 = dup(r2) getsockopt$inet_IP_IPSEC_POLICY(r9, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@remote, @in=@empty}}, {{@in6=@mcast2}, 0x0, @in=@empty}}, &(0x7f00000001c0)=0xe8) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r9}, @GTPA_I_TEI={0x8, 0x8, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x20008851) 0s ago: executing program 0 (id=1025): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff\xff2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\x10\xf7\xb2\xed\x8a\xdc\xa6\x8fO\xc8\xbay,\xae\xd3\xc5*\x15\xdf_\xb2_`\x92', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\r\xcc:', 0x0) r1 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x10000}) close(r1) close(0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) kernel console output (not intermixed with test programs): 70][ T8397] ? __pfx_ksys_write+0x10/0x10 [ 373.176106][ T8397] do_syscall_64+0xec/0xf80 [ 373.176125][ T8397] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.176143][ T8397] ? trace_irq_disable+0x37/0x100 [ 373.176163][ T8397] ? clear_bhb_loop+0x60/0xb0 [ 373.176185][ T8397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.176204][ T8397] RIP: 0033:0x7f2f27b5f749 [ 373.176220][ T8397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.176237][ T8397] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 373.176258][ T8397] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 373.176273][ T8397] RDX: 000000000000ffc8 RSI: 0000200000000000 RDI: 0000000000000003 [ 373.176286][ T8397] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 373.176298][ T8397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.176309][ T8397] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 373.176341][ T8397] [ 374.197396][ T5952] usb 3-1: USB disconnect, device number 15 [ 375.706391][ T8418] FAULT_INJECTION: forcing a failure. [ 375.706391][ T8418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 375.706428][ T8418] CPU: 0 UID: 0 PID: 8418 Comm: syz.4.676 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 375.706455][ T8418] Tainted: [L]=SOFTLOCKUP [ 375.706463][ T8418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 375.706474][ T8418] Call Trace: [ 375.706482][ T8418] [ 375.706490][ T8418] dump_stack_lvl+0xe8/0x150 [ 375.706519][ T8418] should_fail_ex+0x46c/0x600 [ 375.706548][ T8418] _copy_from_user+0x2d/0xb0 [ 375.706569][ T8418] ___sys_sendmsg+0x158/0x2a0 [ 375.706595][ T8418] ? __pfx____sys_sendmsg+0x10/0x10 [ 375.706652][ T8418] ? __fget_files+0x2a/0x420 [ 375.706671][ T8418] ? __fget_files+0x3a6/0x420 [ 375.706701][ T8418] __x64_sys_sendmsg+0x1a1/0x260 [ 375.706726][ T8418] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 375.706759][ T8418] ? __pfx_ksys_write+0x10/0x10 [ 375.706799][ T8418] do_syscall_64+0xec/0xf80 [ 375.706818][ T8418] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.706836][ T8418] ? trace_irq_disable+0x37/0x100 [ 375.706856][ T8418] ? clear_bhb_loop+0x60/0xb0 [ 375.706878][ T8418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.706897][ T8418] RIP: 0033:0x7fd14ff9f749 [ 375.706913][ T8418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.706936][ T8418] RSP: 002b:00007fd14e1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 375.706957][ T8418] RAX: ffffffffffffffda RBX: 00007fd1501f5fa0 RCX: 00007fd14ff9f749 [ 375.706972][ T8418] RDX: 0000000000008000 RSI: 00002000000004c0 RDI: 0000000000000004 [ 375.706985][ T8418] RBP: 00007fd14e1fe090 R08: 0000000000000000 R09: 0000000000000000 [ 375.706997][ T8418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.707008][ T8418] R13: 00007fd1501f6038 R14: 00007fd1501f5fa0 R15: 00007ffd58df2118 [ 375.707040][ T8418] [ 377.007182][ T8434] FAULT_INJECTION: forcing a failure. [ 377.007182][ T8434] name failslab, interval 1, probability 0, space 0, times 0 [ 377.007205][ T8434] CPU: 1 UID: 0 PID: 8434 Comm: syz.1.681 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 377.007220][ T8434] Tainted: [L]=SOFTLOCKUP [ 377.007224][ T8434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 377.007231][ T8434] Call Trace: [ 377.007235][ T8434] [ 377.007239][ T8434] dump_stack_lvl+0xe8/0x150 [ 377.007257][ T8434] should_fail_ex+0x46c/0x600 [ 377.007275][ T8434] should_failslab+0xa8/0x100 [ 377.007287][ T8434] __kmalloc_cache_noprof+0x84/0x6d0 [ 377.007303][ T8434] ? _copy_from_user+0x94/0xb0 [ 377.007313][ T8434] ? __se_sys_mount+0x166/0x410 [ 377.007322][ T8434] ? memdup_user+0x99/0xd0 [ 377.007336][ T8434] __se_sys_mount+0x166/0x410 [ 377.007349][ T8434] ? __pfx___se_sys_mount+0x10/0x10 [ 377.007362][ T8434] ? __x64_sys_mount+0x20/0xc0 [ 377.007374][ T8434] do_syscall_64+0xec/0xf80 [ 377.007384][ T8434] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.007394][ T8434] ? trace_irq_disable+0x37/0x100 [ 377.007405][ T8434] ? clear_bhb_loop+0x60/0xb0 [ 377.007417][ T8434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.007427][ T8434] RIP: 0033:0x7fd75267f749 [ 377.007437][ T8434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.007446][ T8434] RSP: 002b:00007fd7508de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 377.007457][ T8434] RAX: ffffffffffffffda RBX: 00007fd7528d5fa0 RCX: 00007fd75267f749 [ 377.007465][ T8434] RDX: 0000200000000040 RSI: 0000200000002080 RDI: 0000000000000000 [ 377.007472][ T8434] RBP: 00007fd7508de090 R08: 0000200000000280 R09: 0000000000000000 [ 377.007479][ T8434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 377.007485][ T8434] R13: 00007fd7528d6038 R14: 00007fd7528d5fa0 R15: 00007ffe543bb7f8 [ 377.007501][ T8434] [ 377.956406][ T5935] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 378.162685][ T5935] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 378.162720][ T5935] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 378.162745][ T5935] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 378.162771][ T5935] usb 5-1: config 0 interface 0 has no altsetting 0 [ 378.165151][ T5935] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 378.165178][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 378.165271][ T5935] usb 5-1: Product: syz [ 378.165285][ T5935] usb 5-1: Manufacturer: syz [ 378.165299][ T5935] usb 5-1: SerialNumber: syz [ 378.265771][ T5935] usb 5-1: config 0 descriptor?? [ 378.266557][ T8443] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 378.293982][ T5935] usb 5-1: selecting invalid altsetting 0 [ 378.530613][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 378.563192][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.563261][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.718125][ T8454] netlink: 208 bytes leftover after parsing attributes in process `syz.1.687'. [ 379.718167][ T8454] netlink: 208 bytes leftover after parsing attributes in process `syz.1.687'. [ 379.965211][ T5935] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 380.128596][ T5935] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 380.128625][ T5935] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 380.128643][ T5935] usb 2-1: config 0 has no interface number 0 [ 380.128688][ T5935] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 380.134372][ T5935] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 380.134400][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.134418][ T5935] usb 2-1: Product: syz [ 380.134430][ T5935] usb 2-1: Manufacturer: syz [ 380.134442][ T5935] usb 2-1: SerialNumber: syz [ 380.221160][ T5935] usb 2-1: config 0 descriptor?? [ 381.639579][ T5935] usb 5-1: USB disconnect, device number 12 [ 381.811526][ T6192] usb 2-1: USB disconnect, device number 23 [ 383.075759][ T8493] FAULT_INJECTION: forcing a failure. [ 383.075759][ T8493] name failslab, interval 1, probability 0, space 0, times 0 [ 383.075795][ T8493] CPU: 0 UID: 0 PID: 8493 Comm: syz.3.701 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 383.075822][ T8493] Tainted: [L]=SOFTLOCKUP [ 383.075829][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 383.075841][ T8493] Call Trace: [ 383.075848][ T8493] [ 383.075856][ T8493] dump_stack_lvl+0xe8/0x150 [ 383.075885][ T8493] should_fail_ex+0x46c/0x600 [ 383.075916][ T8493] should_failslab+0xa8/0x100 [ 383.075937][ T8493] __kmalloc_noprof+0xe0/0x7e0 [ 383.075963][ T8493] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 383.075991][ T8493] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 383.076018][ T8493] genl_family_rcv_msg_doit+0xb8/0x300 [ 383.076045][ T8493] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 383.076066][ T8493] ? rcu_is_watching+0x15/0xb0 [ 383.076085][ T8493] ? cap_capable+0x123/0x440 [ 383.076109][ T8493] ? safesetid_security_capable+0xa9/0x1a0 [ 383.076136][ T8493] ? bpf_lsm_capable+0x9/0x20 [ 383.076154][ T8493] ? security_capable+0x7e/0x2e0 [ 383.076201][ T8493] genl_rcv_msg+0x60e/0x790 [ 383.076226][ T8493] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.076243][ T8493] ? __pfx_nfc_genl_llc_set_params+0x10/0x10 [ 383.076267][ T8493] ? __lock_acquire+0x6b6/0x2cf0 [ 383.076303][ T8493] netlink_rcv_skb+0x208/0x470 [ 383.076328][ T8493] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.076348][ T8493] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 383.076391][ T8493] ? netlink_deliver_tap+0x2e/0x1b0 [ 383.076414][ T8493] ? netlink_deliver_tap+0x2e/0x1b0 [ 383.076441][ T8493] genl_rcv+0x28/0x40 [ 383.076457][ T8493] netlink_unicast+0x846/0xa10 [ 383.076488][ T8493] ? __pfx_netlink_unicast+0x10/0x10 [ 383.076506][ T8493] ? __alloc_skb+0x198/0x3a0 [ 383.076526][ T8493] ? netlink_sendmsg+0x642/0xb30 [ 383.076547][ T8493] ? skb_put+0x11b/0x210 [ 383.076569][ T8493] netlink_sendmsg+0x805/0xb30 [ 383.076600][ T8493] ? __pfx_netlink_sendmsg+0x10/0x10 [ 383.076629][ T8493] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 383.076651][ T8493] ? __pfx_netlink_sendmsg+0x10/0x10 [ 383.076676][ T8493] __sock_sendmsg+0x21c/0x270 [ 383.076706][ T8493] ____sys_sendmsg+0x508/0x810 [ 383.076735][ T8493] ? __pfx_____sys_sendmsg+0x10/0x10 [ 383.076767][ T8493] ? import_iovec+0x74/0xa0 [ 383.076788][ T8493] ___sys_sendmsg+0x21f/0x2a0 [ 383.076813][ T8493] ? __pfx____sys_sendmsg+0x10/0x10 [ 383.076868][ T8493] ? __fget_files+0x2a/0x420 [ 383.076887][ T8493] ? __fget_files+0x3a6/0x420 [ 383.076917][ T8493] __x64_sys_sendmsg+0x1a1/0x260 [ 383.076943][ T8493] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 383.076976][ T8493] ? __pfx_ksys_write+0x10/0x10 [ 383.077013][ T8493] do_syscall_64+0xec/0xf80 [ 383.077032][ T8493] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.077050][ T8493] ? trace_irq_disable+0x37/0x100 [ 383.077069][ T8493] ? clear_bhb_loop+0x60/0xb0 [ 383.077092][ T8493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.077111][ T8493] RIP: 0033:0x7f2f27b5f749 [ 383.077129][ T8493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.077145][ T8493] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 383.077166][ T8493] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 383.077189][ T8493] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000004 [ 383.077201][ T8493] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 383.077214][ T8493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 383.077226][ T8493] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 383.077259][ T8493] [ 385.565104][ T43] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 385.961980][ T43] usb 4-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 385.962011][ T43] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 385.962037][ T43] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 385.962062][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 385.964322][ T43] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 385.964348][ T43] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 385.964367][ T43] usb 4-1: Product: syz [ 385.964379][ T43] usb 4-1: Manufacturer: syz [ 385.964392][ T43] usb 4-1: SerialNumber: syz [ 386.053317][ T43] usb 4-1: config 0 descriptor?? [ 386.054072][ T8521] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 386.080228][ T43] usb 4-1: selecting invalid altsetting 0 [ 386.310568][ C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 389.378695][ T6890] usb 4-1: USB disconnect, device number 17 [ 389.989208][ T8563] FAULT_INJECTION: forcing a failure. [ 389.989208][ T8563] name failslab, interval 1, probability 0, space 0, times 0 [ 389.989245][ T8563] CPU: 1 UID: 0 PID: 8563 Comm: syz.0.717 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 389.989272][ T8563] Tainted: [L]=SOFTLOCKUP [ 389.989279][ T8563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 389.989291][ T8563] Call Trace: [ 389.989298][ T8563] [ 389.989307][ T8563] dump_stack_lvl+0xe8/0x150 [ 389.989337][ T8563] should_fail_ex+0x46c/0x600 [ 389.989368][ T8563] should_failslab+0xa8/0x100 [ 389.989389][ T8563] __kmalloc_noprof+0xe0/0x7e0 [ 389.989414][ T8563] ? kfree+0x4d/0x900 [ 389.989435][ T8563] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 389.989461][ T8563] tomoyo_realpath_from_path+0xe3/0x5d0 [ 389.989483][ T8563] ? tomoyo_domain+0xd9/0x130 [ 389.989510][ T8563] tomoyo_path_perm+0x213/0x4b0 [ 389.989535][ T8563] ? tomoyo_path_perm+0x1e3/0x4b0 [ 389.989559][ T8563] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 389.989615][ T8563] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 389.989643][ T8563] ? __fget_files+0x2a/0x420 [ 389.989667][ T8563] security_file_truncate+0xb1/0x270 [ 389.989695][ T8563] do_ftruncate+0x27c/0x570 [ 389.989726][ T8563] ? __pfx_do_ftruncate+0x10/0x10 [ 389.989757][ T8563] ? __fget_files+0x3a6/0x420 [ 389.989776][ T8563] ? __fget_files+0x2a/0x420 [ 389.989804][ T8563] __x64_sys_ftruncate+0x92/0xf0 [ 389.989831][ T8563] do_syscall_64+0xec/0xf80 [ 389.989851][ T8563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.989869][ T8563] ? trace_irq_disable+0x37/0x100 [ 389.989888][ T8563] ? clear_bhb_loop+0x60/0xb0 [ 389.989912][ T8563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.989930][ T8563] RIP: 0033:0x7fb3381df749 [ 389.989947][ T8563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 389.989964][ T8563] RSP: 002b:00007fb336404038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 389.989984][ T8563] RAX: ffffffffffffffda RBX: 00007fb338436180 RCX: 00007fb3381df749 [ 389.989999][ T8563] RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 000000000000000b [ 389.990012][ T8563] RBP: 00007fb336404090 R08: 0000000000000000 R09: 0000000000000000 [ 389.990024][ T8563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 389.990035][ T8563] R13: 00007fb338436218 R14: 00007fb338436180 R15: 00007ffcbb30d7c8 [ 389.990067][ T8563] [ 389.990075][ T8563] ERROR: Out of memory at tomoyo_realpath_from_path. [ 394.459180][ T8582] loop2: detected capacity change from 0 to 7 [ 394.476283][ T8582] Dev loop2: unable to read RDB block 7 [ 394.476317][ T8582] loop2: AHDI p1 p2 p3 [ 394.476345][ T8582] loop2: partition table partially beyond EOD, truncated [ 394.476715][ T8582] loop2: p1 start 1601398130 is beyond EOD, truncated [ 394.476736][ T8582] loop2: p2 start 1702059890 is beyond EOD, truncated [ 395.326620][ T805] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 395.479090][ T805] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 395.479125][ T805] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 395.479150][ T805] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 395.479176][ T805] usb 5-1: config 0 interface 0 has no altsetting 0 [ 395.481526][ T805] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 395.481555][ T805] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 395.481574][ T805] usb 5-1: Product: syz [ 395.481588][ T805] usb 5-1: Manufacturer: syz [ 395.481601][ T805] usb 5-1: SerialNumber: syz [ 395.493228][ T805] usb 5-1: config 0 descriptor?? [ 395.495223][ T8595] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 395.513184][ T805] usb 5-1: selecting invalid altsetting 0 [ 395.758459][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 396.492283][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.731'. [ 396.511685][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.731'. [ 396.543461][ T5901] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 396.546088][ T805] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 396.705167][ T5901] usb 3-1: Using ep0 maxpacket: 8 [ 396.707303][ T805] usb 4-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 396.707333][ T805] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 396.707449][ T805] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 396.707475][ T805] usb 4-1: config 0 interface 0 has no altsetting 0 [ 396.707685][ T5901] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 396.707706][ T5901] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 396.707725][ T5901] usb 3-1: config 0 has no interface number 0 [ 396.707767][ T5901] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 396.707785][ T5901] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 396.707799][ T5901] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 396.709469][ T5901] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 396.709485][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 396.709496][ T5901] usb 3-1: Product: syz [ 396.714506][ T5901] usb 3-1: config 0 descriptor?? [ 396.714668][ T805] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 396.714682][ T805] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 396.714692][ T805] usb 4-1: Product: syz [ 396.714699][ T805] usb 4-1: Manufacturer: syz [ 396.714706][ T805] usb 4-1: SerialNumber: syz [ 396.762100][ T8612] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 396.811372][ T805] usb 4-1: config 0 descriptor?? [ 396.814784][ T8617] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 396.854776][ T805] usb 4-1: selecting invalid altsetting 0 [ 397.199160][ T8627] trusted_key: encrypted_key: insufficient parameters specified [ 397.872934][ T5901] usb 3-1: USB disconnect, device number 16 [ 399.188335][ T6890] usb 5-1: USB disconnect, device number 13 [ 399.191935][ T5952] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 399.224728][ T5901] usb 4-1: USB disconnect, device number 18 [ 399.375182][ T5952] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 399.375214][ T5952] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 399.375239][ T5952] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 399.375263][ T5952] usb 1-1: config 0 interface 0 has no altsetting 0 [ 399.377595][ T5952] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 399.377631][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 399.377649][ T5952] usb 1-1: Product: syz [ 399.377662][ T5952] usb 1-1: Manufacturer: syz [ 399.377675][ T5952] usb 1-1: SerialNumber: syz [ 399.393840][ T5952] usb 1-1: config 0 descriptor?? [ 399.394655][ T8636] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 399.440493][ T5952] usb 1-1: selecting invalid altsetting 0 [ 401.505227][ T6812] usb 1-1: USB disconnect, device number 11 [ 402.026929][ T8685] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 402.027138][ T8685] CIFS mount error: No usable UNC path provided in device string! [ 402.027138][ T8685] [ 402.027591][ T8685] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 402.041373][ T8685] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 403.209859][ T8692] FAULT_INJECTION: forcing a failure. [ 403.209859][ T8692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.209896][ T8692] CPU: 1 UID: 0 PID: 8692 Comm: syz.4.750 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 403.209922][ T8692] Tainted: [L]=SOFTLOCKUP [ 403.209930][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.209942][ T8692] Call Trace: [ 403.209949][ T8692] [ 403.209957][ T8692] dump_stack_lvl+0xe8/0x150 [ 403.209987][ T8692] should_fail_ex+0x46c/0x600 [ 403.210018][ T8692] _copy_from_user+0x2d/0xb0 [ 403.210039][ T8692] __se_sys_mount+0x18b/0x410 [ 403.210065][ T8692] ? __pfx___se_sys_mount+0x10/0x10 [ 403.210091][ T8692] ? __x64_sys_mount+0x20/0xc0 [ 403.210114][ T8692] do_syscall_64+0xec/0xf80 [ 403.210132][ T8692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.210150][ T8692] ? trace_irq_disable+0x37/0x100 [ 403.210177][ T8692] ? clear_bhb_loop+0x60/0xb0 [ 403.210201][ T8692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.210219][ T8692] RIP: 0033:0x7fd14ff9f749 [ 403.210236][ T8692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.210253][ T8692] RSP: 002b:00007fd14e1fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 403.210274][ T8692] RAX: ffffffffffffffda RBX: 00007fd1501f5fa0 RCX: 00007fd14ff9f749 [ 403.210288][ T8692] RDX: 0000200000000300 RSI: 00002000000002c0 RDI: 0000000000000000 [ 403.210302][ T8692] RBP: 00007fd14e1fe090 R08: 00002000000004c0 R09: 0000000000000000 [ 403.210315][ T8692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.210327][ T8692] R13: 00007fd1501f6038 R14: 00007fd1501f5fa0 R15: 00007ffd58df2118 [ 403.210359][ T8692] [ 403.212312][ T8692] tmpfs: Bad value for 'mpol' [ 403.711943][ T8705] FAULT_INJECTION: forcing a failure. [ 403.711943][ T8705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.711979][ T8705] CPU: 1 UID: 0 PID: 8705 Comm: syz.3.754 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 403.712006][ T8705] Tainted: [L]=SOFTLOCKUP [ 403.712013][ T8705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 403.712024][ T8705] Call Trace: [ 403.712031][ T8705] [ 403.712040][ T8705] dump_stack_lvl+0xe8/0x150 [ 403.712070][ T8705] should_fail_ex+0x46c/0x600 [ 403.712101][ T8705] _copy_to_user+0x31/0xb0 [ 403.712121][ T8705] simple_read_from_buffer+0xe1/0x170 [ 403.712154][ T8705] proc_fail_nth_read+0x1b6/0x220 [ 403.712184][ T8705] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.712212][ T8705] ? rw_verify_area+0x2ac/0x4e0 [ 403.712236][ T8705] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.712263][ T8705] vfs_read+0x206/0xa30 [ 403.712295][ T8705] ? __pfx_vfs_read+0x10/0x10 [ 403.712322][ T8705] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 403.712342][ T8705] ? lockdep_hardirqs_on+0x7b/0x110 [ 403.712360][ T8705] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 403.712379][ T8705] ? mutex_lock_nested+0x154/0x1d0 [ 403.712400][ T8705] ? fdget_pos+0x253/0x320 [ 403.712428][ T8705] ksys_read+0x14b/0x260 [ 403.712454][ T8705] ? __pfx_ksys_read+0x10/0x10 [ 403.712478][ T8705] ? __pfx_snd_pcm_ioctl+0x10/0x10 [ 403.712513][ T8705] do_syscall_64+0xec/0xf80 [ 403.712531][ T8705] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.712549][ T8705] ? trace_irq_disable+0x37/0x100 [ 403.712569][ T8705] ? clear_bhb_loop+0x60/0xb0 [ 403.712591][ T8705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.712609][ T8705] RIP: 0033:0x7f2f27b5e15c [ 403.712626][ T8705] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 403.712643][ T8705] RSP: 002b:00007f2f25dc6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 403.712664][ T8705] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5e15c [ 403.712679][ T8705] RDX: 000000000000000f RSI: 00007f2f25dc60a0 RDI: 0000000000000006 [ 403.712691][ T8705] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 403.712704][ T8705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.712715][ T8705] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 403.712747][ T8705] [ 403.825125][ T7707] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 404.156805][ T7707] usb 3-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 404.156837][ T7707] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 404.156861][ T7707] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 404.156887][ T7707] usb 3-1: config 0 interface 0 has no altsetting 0 [ 404.159369][ T7707] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 404.159396][ T7707] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 404.159416][ T7707] usb 3-1: Product: syz [ 404.159429][ T7707] usb 3-1: Manufacturer: syz [ 404.159443][ T7707] usb 3-1: SerialNumber: syz [ 404.178051][ T7707] usb 3-1: config 0 descriptor?? [ 404.178874][ T8702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 404.217948][ T7707] usb 3-1: selecting invalid altsetting 0 [ 405.106977][ T8734] FAULT_INJECTION: forcing a failure. [ 405.106977][ T8734] name failslab, interval 1, probability 0, space 0, times 0 [ 405.107014][ T8734] CPU: 0 UID: 0 PID: 8734 Comm: syz.3.759 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 405.107040][ T8734] Tainted: [L]=SOFTLOCKUP [ 405.107047][ T8734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 405.107058][ T8734] Call Trace: [ 405.107065][ T8734] [ 405.107074][ T8734] dump_stack_lvl+0xe8/0x150 [ 405.107105][ T8734] should_fail_ex+0x46c/0x600 [ 405.107135][ T8734] ? skb_clone+0x212/0x3a0 [ 405.107163][ T8734] should_failslab+0xa8/0x100 [ 405.107183][ T8734] ? skb_clone+0x212/0x3a0 [ 405.107203][ T8734] kmem_cache_alloc_noprof+0x84/0x6c0 [ 405.107225][ T8734] ? __netlink_lookup+0xbd/0x8a0 [ 405.107256][ T8734] skb_clone+0x212/0x3a0 [ 405.107283][ T8734] __netlink_deliver_tap+0x404/0x850 [ 405.107319][ T8734] ? netlink_deliver_tap+0x2e/0x1b0 [ 405.107343][ T8734] netlink_deliver_tap+0x19c/0x1b0 [ 405.107368][ T8734] netlink_unicast+0x811/0xa10 [ 405.107396][ T8734] ? __pfx_netlink_unicast+0x10/0x10 [ 405.107415][ T8734] ? __alloc_skb+0x198/0x3a0 [ 405.107435][ T8734] ? netlink_sendmsg+0x642/0xb30 [ 405.107456][ T8734] ? skb_put+0x11b/0x210 [ 405.107480][ T8734] netlink_sendmsg+0x805/0xb30 [ 405.107510][ T8734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.107541][ T8734] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 405.107564][ T8734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.107588][ T8734] __sock_sendmsg+0x21c/0x270 [ 405.107618][ T8734] ____sys_sendmsg+0x508/0x810 [ 405.107645][ T8734] ? __pfx_____sys_sendmsg+0x10/0x10 [ 405.107677][ T8734] ? import_iovec+0x74/0xa0 [ 405.107699][ T8734] ___sys_sendmsg+0x21f/0x2a0 [ 405.107723][ T8734] ? __pfx____sys_sendmsg+0x10/0x10 [ 405.107780][ T8734] ? __fget_files+0x2a/0x420 [ 405.107798][ T8734] ? __fget_files+0x3a6/0x420 [ 405.107828][ T8734] __x64_sys_sendmsg+0x1a1/0x260 [ 405.107854][ T8734] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 405.107886][ T8734] ? __pfx_ksys_write+0x10/0x10 [ 405.107922][ T8734] do_syscall_64+0xec/0xf80 [ 405.107940][ T8734] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.107958][ T8734] ? trace_irq_disable+0x37/0x100 [ 405.107985][ T8734] ? clear_bhb_loop+0x60/0xb0 [ 405.108008][ T8734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.108027][ T8734] RIP: 0033:0x7f2f27b5f749 [ 405.108043][ T8734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.108061][ T8734] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 405.108081][ T8734] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 405.108095][ T8734] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 0000000000000003 [ 405.108107][ T8734] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 405.108119][ T8734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.108130][ T8734] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 405.108162][ T8734] [ 405.111078][ T8734] netlink: 168 bytes leftover after parsing attributes in process `syz.3.759'. [ 405.282539][ T37] audit: type=1326 audit(1767836513.459:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8735 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd14ff9f749 code=0x7ffc0000 [ 405.285618][ T37] audit: type=1326 audit(1767836513.489:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8735 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd14ff9f749 code=0x7ffc0000 [ 405.290983][ T37] audit: type=1326 audit(1767836513.489:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8735 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd14ff9f749 code=0x7ffc0000 [ 405.294410][ T37] audit: type=1326 audit(1767836513.489:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8735 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd14ff9f749 code=0x7ffc0000 [ 405.294802][ T37] audit: type=1326 audit(1767836513.489:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8735 comm="syz.4.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd14ff9f749 code=0x7ffc0000 [ 405.635863][ T5941] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 405.795136][ T7707] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 405.818721][ T5941] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 405.818754][ T5941] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 405.818780][ T5941] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 405.818806][ T5941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 405.840912][ T5941] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 405.840941][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 405.840967][ T5941] usb 1-1: Product: syz [ 405.840980][ T5941] usb 1-1: Manufacturer: syz [ 405.840994][ T5941] usb 1-1: SerialNumber: syz [ 405.860193][ T5941] usb 1-1: config 0 descriptor?? [ 405.860973][ T8740] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 405.900473][ T5941] usb 1-1: selecting invalid altsetting 0 [ 405.948741][ T7707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.948774][ T7707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.948795][ T7707] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 405.948834][ T7707] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 405.948855][ T7707] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.969464][ T7707] usb 5-1: config 0 descriptor?? [ 406.622849][ T7707] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 407.315926][ T805] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 407.437684][ T8699] snd-usb-audio 3-1:0.0: Runtime PM usage count underflow! [ 407.462381][ T5952] usb 3-1: USB disconnect, device number 17 [ 407.498846][ T805] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 407.500361][ T805] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.500385][ T805] usb 2-1: Product: syz [ 407.500398][ T805] usb 2-1: Manufacturer: syz [ 407.500411][ T805] usb 2-1: SerialNumber: syz [ 407.855463][ C0] plantronics 0003:047F:FFFF.0007: usb_submit_urb(ctrl) failed: -1 [ 407.939696][ T8774] netdevsim netdevsim2: Direct firmware load for  failed with error -2 [ 407.939821][ T8774] netdevsim netdevsim2: Falling back to sysfs fallback for:  [ 407.965251][ T805] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 407.965325][ T805] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 408.001738][ T7707] usb 5-1: reset high-speed USB device number 14 using dummy_hcd [ 408.125120][ T7707] usb 5-1: device descriptor read/64, error -32 [ 408.334717][ T6812] usb 1-1: USB disconnect, device number 12 [ 408.366356][ T7707] usb 5-1: reset high-speed USB device number 14 using dummy_hcd [ 408.495829][ T7707] usb 5-1: device descriptor read/64, error -32 [ 408.965183][ T7707] usb 5-1: reset high-speed USB device number 14 using dummy_hcd [ 409.175085][ T7707] usb 5-1: device not accepting address 14, error -71 [ 409.175325][ T8792] FAULT_INJECTION: forcing a failure. [ 409.175325][ T8792] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 409.175417][ T8792] CPU: 0 UID: 0 PID: 8792 Comm: syz.3.772 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 409.175444][ T8792] Tainted: [L]=SOFTLOCKUP [ 409.175452][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 409.175464][ T8792] Call Trace: [ 409.175472][ T8792] [ 409.175480][ T8792] dump_stack_lvl+0xe8/0x150 [ 409.175509][ T8792] should_fail_ex+0x46c/0x600 [ 409.175542][ T8792] prepare_alloc_pages+0x22b/0x6c0 [ 409.175569][ T8792] __alloc_frozen_pages_noprof+0x123/0x370 [ 409.175593][ T8792] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 409.175620][ T8792] ? policy_nodemask+0x27c/0x720 [ 409.175645][ T8792] alloc_pages_bulk_noprof+0x5fa/0x7d0 [ 409.175669][ T8792] ? alloc_pages_noprof+0xe4/0x1e0 [ 409.175693][ T8792] __kasan_populate_vmalloc+0xc1/0x1d0 [ 409.175718][ T8792] ? rt_spin_unlock+0x161/0x200 [ 409.175742][ T8792] alloc_vmap_area+0xdc4/0x14e0 [ 409.175782][ T8792] ? __pfx_alloc_vmap_area+0x10/0x10 [ 409.175807][ T8792] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 409.175835][ T8792] ? __get_vm_area_node+0x172/0x350 [ 409.175857][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.175893][ T8792] __get_vm_area_node+0x227/0x350 [ 409.175923][ T8792] __vmalloc_node_range_noprof+0x371/0x16a0 [ 409.175949][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.175983][ T8792] ? __rcu_read_unlock+0x84/0xe0 [ 409.176009][ T8792] ? is_bpf_text_address+0x26/0x2b0 [ 409.176035][ T8792] ? kernel_text_address+0xa5/0xe0 [ 409.176065][ T8792] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.176092][ T8792] ? __lock_acquire+0x6b6/0x2cf0 [ 409.176124][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.176144][ T8792] __vmalloc_noprof+0xd2/0x120 [ 409.176168][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.176193][ T8792] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.176219][ T8792] bpf_prog_alloc+0x3c/0x1a0 [ 409.176243][ T8792] bpf_prog_load+0x735/0x1a10 [ 409.176272][ T8792] ? get_pid_task+0x20/0x1f0 [ 409.176298][ T8792] ? __pfx_bpf_prog_load+0x10/0x10 [ 409.176319][ T8792] ? __might_fault+0xb0/0x130 [ 409.176363][ T8792] ? bpf_lsm_bpf+0x9/0x20 [ 409.176379][ T8792] ? security_bpf+0x7e/0x300 [ 409.176408][ T8792] __sys_bpf+0x507/0x860 [ 409.176430][ T8792] ? __pfx___sys_bpf+0x10/0x10 [ 409.176447][ T8792] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 409.176486][ T8792] ? ksys_write+0x230/0x260 [ 409.176513][ T8792] ? __pfx_ksys_write+0x10/0x10 [ 409.176544][ T8792] __x64_sys_bpf+0x7c/0x90 [ 409.176564][ T8792] do_syscall_64+0xec/0xf80 [ 409.176582][ T8792] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.176600][ T8792] ? trace_irq_disable+0x37/0x100 [ 409.176618][ T8792] ? clear_bhb_loop+0x60/0xb0 [ 409.176641][ T8792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.176659][ T8792] RIP: 0033:0x7f2f27b5f749 [ 409.176676][ T8792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.176694][ T8792] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 409.176715][ T8792] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 409.176730][ T8792] RDX: 0000000000000094 RSI: 0000200000000140 RDI: 0000000000000005 [ 409.176743][ T8792] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 409.176755][ T8792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.176765][ T8792] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 409.176794][ T8792] [ 409.177027][ T8792] syz.3.772: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 409.177105][ T8792] CPU: 0 UID: 0 PID: 8792 Comm: syz.3.772 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 409.177135][ T8792] Tainted: [L]=SOFTLOCKUP [ 409.177141][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 409.177153][ T8792] Call Trace: [ 409.177160][ T8792] [ 409.177168][ T8792] dump_stack_lvl+0xe8/0x150 [ 409.177194][ T8792] warn_alloc+0x22e/0x3b0 [ 409.177224][ T8792] ? kasan_quarantine_put+0xbb/0x1f0 [ 409.177252][ T8792] ? __pfx_warn_alloc+0x10/0x10 [ 409.177279][ T8792] ? __get_vm_area_node+0x240/0x350 [ 409.177301][ T8792] ? __get_vm_area_node+0x172/0x350 [ 409.177326][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.177349][ T8792] ? __get_vm_area_node+0x240/0x350 [ 409.177380][ T8792] __vmalloc_node_range_noprof+0x396/0x16a0 [ 409.177419][ T8792] ? __rcu_read_unlock+0x84/0xe0 [ 409.177445][ T8792] ? is_bpf_text_address+0x26/0x2b0 [ 409.177471][ T8792] ? kernel_text_address+0xa5/0xe0 [ 409.177501][ T8792] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 409.177530][ T8792] ? __lock_acquire+0x6b6/0x2cf0 [ 409.177562][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.177582][ T8792] __vmalloc_noprof+0xd2/0x120 [ 409.177608][ T8792] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.177628][ T8792] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 409.177652][ T8792] bpf_prog_alloc+0x3c/0x1a0 [ 409.177676][ T8792] bpf_prog_load+0x735/0x1a10 [ 409.177704][ T8792] ? get_pid_task+0x20/0x1f0 [ 409.177730][ T8792] ? __pfx_bpf_prog_load+0x10/0x10 [ 409.177751][ T8792] ? __might_fault+0xb0/0x130 [ 409.177796][ T8792] ? bpf_lsm_bpf+0x9/0x20 [ 409.177810][ T8792] ? security_bpf+0x7e/0x300 [ 409.177835][ T8792] __sys_bpf+0x507/0x860 [ 409.177855][ T8792] ? __pfx___sys_bpf+0x10/0x10 [ 409.177881][ T8792] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 409.177915][ T8792] ? ksys_write+0x230/0x260 [ 409.177940][ T8792] ? __pfx_ksys_write+0x10/0x10 [ 409.177970][ T8792] __x64_sys_bpf+0x7c/0x90 [ 409.177987][ T8792] do_syscall_64+0xec/0xf80 [ 409.178003][ T8792] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.178020][ T8792] ? trace_irq_disable+0x37/0x100 [ 409.178037][ T8792] ? clear_bhb_loop+0x60/0xb0 [ 409.178058][ T8792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.178075][ T8792] RIP: 0033:0x7f2f27b5f749 [ 409.178092][ T8792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.178108][ T8792] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 409.178127][ T8792] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 409.178141][ T8792] RDX: 0000000000000094 RSI: 0000200000000140 RDI: 0000000000000005 [ 409.178154][ T8792] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 409.178165][ T8792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.178177][ T8792] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 409.178208][ T8792] [ 409.178278][ T8792] Mem-Info: [ 409.178290][ T8792] active_anon:257 inactive_anon:9171 isolated_anon:0 [ 409.178290][ T8792] active_file:25247 inactive_file:37951 isolated_file:0 [ 409.178290][ T8792] unevictable:768 dirty:204 writeback:0 [ 409.178290][ T8792] slab_reclaimable:11987 slab_unreclaimable:100560 [ 409.178290][ T8792] mapped:33425 shmem:4247 pagetables:1276 [ 409.178290][ T8792] sec_pagetables:0 bounce:0 [ 409.178290][ T8792] kernel_misc_reclaimable:0 [ 409.178290][ T8792] free:1305913 free_pcp:6884 free_cma:0 [ 409.178342][ T8792] Node 0 active_anon:1028kB inactive_anon:36684kB active_file:100792kB inactive_file:151804kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133700kB dirty:816kB writeback:0kB shmem:15452kB kernel_stack:14012kB pagetables:4964kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 409.178441][ T8792] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 409.178484][ T8792] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 409.178595][ T8792] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 409.178629][ T8792] Node 0 DMA32 free:1311772kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1028kB inactive_anon:36684kB active_file:100792kB inactive_file:151804kB unevictable:1536kB writepending:816kB zspages:0kB present:3129332kB managed:2574688kB mlocked:0kB bounce:0kB free_pcp:27204kB local_pcp:11184kB free_cma:0kB [ 409.178687][ T8792] lowmem_reserve[]: 0 0 1 1 1 [ 409.178770][ T8792] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 409.178824][ T8792] lowmem_reserve[]: 0 0 0 0 0 [ 409.178853][ T8792] Node 1 Normal free:3896520kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:332kB local_pcp:332kB free_cma:0kB [ 409.178968][ T8792] lowmem_reserve[]: 0 0 0 0 0 [ 409.179000][ T8792] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 409.179162][ T8792] Node 0 DMA32: 657*4kB (UME) 869*8kB (UME) 904*16kB (UME) 214*32kB (UME) 295*64kB (UME) 231*128kB (UME) 120*256kB (UME) 41*512kB (UME) 27*1024kB (UME) 19*2048kB (UME) 272*4096kB (UM) = 1311724kB [ 409.179378][ T8792] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 409.179610][ T8792] Node 1 Normal: 218*4kB (U) 46*8kB (UME) 37*16kB (UME) 211*32kB (UME) 115*64kB (UME) 29*128kB (UME) 12*256kB (UME) 10*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 943*4096kB (M) = 3896520kB [ 409.179811][ T8792] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 409.179827][ T8792] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 409.179843][ T8792] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 409.179931][ T8792] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 409.179946][ T8792] 67441 total pagecache pages [ 409.179959][ T8792] 0 pages in swap cache [ 409.179966][ T8792] Free swap = 124996kB [ 409.179973][ T8792] Total swap = 124996kB [ 409.179980][ T8792] 2097051 pages RAM [ 409.179986][ T8792] 0 pages HighMem/MovableOnly [ 409.179993][ T8792] 421353 pages reserved [ 409.179999][ T8792] 0 pages cma reserved [ 410.118249][ T5941] usb 5-1: USB disconnect, device number 14 [ 410.881468][ T8811] netlink: 300 bytes leftover after parsing attributes in process `syz.3.777'. [ 411.701017][ T805] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000080. ret = -EPROTO [ 411.701075][ T805] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 411.702470][ T805] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 411.755153][ T5952] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 411.795156][ T8817] FAULT_INJECTION: forcing a failure. [ 411.795156][ T8817] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 411.795191][ T8817] CPU: 0 UID: 0 PID: 8817 Comm: syz.1.780 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 411.795218][ T8817] Tainted: [L]=SOFTLOCKUP [ 411.795224][ T8817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.795237][ T8817] Call Trace: [ 411.795244][ T8817] [ 411.795252][ T8817] dump_stack_lvl+0xe8/0x150 [ 411.795282][ T8817] should_fail_ex+0x46c/0x600 [ 411.795312][ T8817] prepare_alloc_pages+0x22b/0x6c0 [ 411.795340][ T8817] __alloc_frozen_pages_noprof+0x123/0x370 [ 411.795364][ T8817] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 411.795393][ T8817] ? policy_nodemask+0x27c/0x720 [ 411.795425][ T8817] alloc_pages_bulk_noprof+0x5fa/0x7d0 [ 411.795450][ T8817] ? alloc_pages_noprof+0xe4/0x1e0 [ 411.795474][ T8817] __kasan_populate_vmalloc+0xc1/0x1d0 [ 411.795499][ T8817] ? rt_spin_unlock+0x161/0x200 [ 411.795527][ T8817] alloc_vmap_area+0xdc4/0x14e0 [ 411.795570][ T8817] ? __pfx_alloc_vmap_area+0x10/0x10 [ 411.795596][ T8817] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 411.795630][ T8817] ? __get_vm_area_node+0x172/0x350 [ 411.795652][ T8817] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 411.795681][ T8817] __get_vm_area_node+0x227/0x350 [ 411.795713][ T8817] __vmalloc_node_range_noprof+0x371/0x16a0 [ 411.795739][ T8817] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 411.795779][ T8817] ? is_bpf_text_address+0x26/0x2b0 [ 411.795804][ T8817] ? kernel_text_address+0xa5/0xe0 [ 411.795834][ T8817] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 411.795863][ T8817] ? __lock_acquire+0x6b6/0x2cf0 [ 411.795900][ T8817] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 411.795920][ T8817] __vmalloc_noprof+0xd2/0x120 [ 411.795945][ T8817] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 411.795969][ T8817] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 411.795995][ T8817] bpf_prog_alloc+0x3c/0x1a0 [ 411.796019][ T8817] bpf_prog_load+0x735/0x1a10 [ 411.796048][ T8817] ? get_pid_task+0x20/0x1f0 [ 411.796074][ T8817] ? __pfx_bpf_prog_load+0x10/0x10 [ 411.796095][ T8817] ? __might_fault+0xb0/0x130 [ 411.796141][ T8817] ? bpf_lsm_bpf+0x9/0x20 [ 411.796157][ T8817] ? security_bpf+0x7e/0x300 [ 411.796186][ T8817] __sys_bpf+0x507/0x860 [ 411.796209][ T8817] ? __pfx___sys_bpf+0x10/0x10 [ 411.796227][ T8817] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 411.796267][ T8817] ? ksys_write+0x230/0x260 [ 411.796294][ T8817] ? __pfx_ksys_write+0x10/0x10 [ 411.796325][ T8817] __x64_sys_bpf+0x7c/0x90 [ 411.796345][ T8817] do_syscall_64+0xec/0xf80 [ 411.796363][ T8817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.796381][ T8817] ? trace_irq_disable+0x37/0x100 [ 411.796400][ T8817] ? clear_bhb_loop+0x60/0xb0 [ 411.796423][ T8817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.796441][ T8817] RIP: 0033:0x7fd75267f749 [ 411.796458][ T8817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.796475][ T8817] RSP: 002b:00007fd7508de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 411.796500][ T8817] RAX: ffffffffffffffda RBX: 00007fd7528d5fa0 RCX: 00007fd75267f749 [ 411.796515][ T8817] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 411.796527][ T8817] RBP: 00007fd7508de090 R08: 0000000000000000 R09: 0000000000000000 [ 411.796539][ T8817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.796551][ T8817] R13: 00007fd7528d6038 R14: 00007fd7528d5fa0 R15: 00007ffe543bb7f8 [ 411.796583][ T8817] [ 411.875267][ T5941] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 412.167008][ T5941] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 412.167041][ T5941] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 412.167067][ T5941] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 412.167092][ T5941] usb 5-1: config 0 interface 0 has no altsetting 0 [ 412.169522][ T5941] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 412.169553][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 412.169572][ T5941] usb 5-1: Product: syz [ 412.169586][ T5941] usb 5-1: Manufacturer: syz [ 412.169600][ T5941] usb 5-1: SerialNumber: syz [ 412.181660][ T5941] usb 5-1: config 0 descriptor?? [ 412.182461][ T8803] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 412.190652][ T5941] usb 5-1: selecting invalid altsetting 0 [ 412.233669][ T5952] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 412.233701][ T5952] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 412.233726][ T5952] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 412.233750][ T5952] usb 1-1: config 0 interface 0 has no altsetting 0 [ 412.310309][ T5952] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 412.310333][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 412.310344][ T5952] usb 1-1: Product: syz [ 412.310351][ T5952] usb 1-1: Manufacturer: syz [ 412.310358][ T5952] usb 1-1: SerialNumber: syz [ 412.313955][ T5952] usb 1-1: config 0 descriptor?? [ 412.314708][ T8809] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 412.369873][ T5952] usb 1-1: selecting invalid altsetting 0 [ 412.449143][ T805] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 412.484675][ T805] usb 2-1: USB disconnect, device number 24 [ 413.016419][ T5941] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 413.167237][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.167268][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.167287][ T5941] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 413.167321][ T5941] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 413.167339][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.185305][ T5941] usb 4-1: config 0 descriptor?? [ 413.517381][ T5952] usb 5-1: USB disconnect, device number 15 [ 413.684234][ T5941] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 414.327498][ T805] usb 1-1: USB disconnect, device number 13 [ 414.911729][ C1] plantronics 0003:047F:FFFF.0008: usb_submit_urb(ctrl) failed: -1 [ 414.948733][ T5952] usb 4-1: USB disconnect, device number 19 [ 415.033659][ T8873] netlink: 12 bytes leftover after parsing attributes in process `syz.4.798'. [ 415.060621][ T8873] 9p: Bad value for 'wfdno' [ 415.405146][ T5935] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 415.637020][ T5935] usb 2-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 415.637052][ T5935] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 415.637077][ T5935] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 415.637149][ T5935] usb 2-1: config 0 interface 0 has no altsetting 0 [ 415.639617][ T5935] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 415.639643][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 415.639662][ T5935] usb 2-1: Product: syz [ 415.639676][ T5935] usb 2-1: Manufacturer: syz [ 415.639688][ T5935] usb 2-1: SerialNumber: syz [ 415.668493][ T5935] usb 2-1: config 0 descriptor?? [ 415.669315][ T8876] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 415.687259][ T5935] usb 2-1: selecting invalid altsetting 0 [ 416.223091][ T8897] netlink: 300 bytes leftover after parsing attributes in process `syz.3.805'. [ 417.349735][ T7707] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 417.497205][ T7707] usb 4-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 417.497238][ T7707] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 417.497264][ T7707] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 417.497291][ T7707] usb 4-1: config 0 interface 0 has no altsetting 0 [ 417.500101][ T7707] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 417.500127][ T7707] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 417.500148][ T7707] usb 4-1: Product: syz [ 417.500162][ T7707] usb 4-1: Manufacturer: syz [ 417.500176][ T7707] usb 4-1: SerialNumber: syz [ 417.585511][ T7707] usb 4-1: config 0 descriptor?? [ 417.586279][ T8903] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 417.613453][ T7707] usb 4-1: selecting invalid altsetting 0 [ 418.755579][ T8869] snd-usb-audio 2-1:0.0: Runtime PM usage count underflow! [ 418.759770][ T7707] usb 2-1: USB disconnect, device number 25 [ 418.836919][ T8914] FAULT_INJECTION: forcing a failure. [ 418.836919][ T8914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.836950][ T8914] CPU: 0 UID: 0 PID: 8914 Comm: syz.1.810 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 418.836969][ T8914] Tainted: [L]=SOFTLOCKUP [ 418.836974][ T8914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 418.836982][ T8914] Call Trace: [ 418.836988][ T8914] [ 418.836995][ T8914] dump_stack_lvl+0xe8/0x150 [ 418.837017][ T8914] should_fail_ex+0x46c/0x600 [ 418.837041][ T8914] _copy_from_user+0x2d/0xb0 [ 418.837055][ T8914] dev_ethtool+0xd0/0x19c0 [ 418.837083][ T8914] ? kasan_quarantine_put+0xbb/0x1f0 [ 418.837104][ T8914] ? __pfx_dev_ethtool+0x10/0x10 [ 418.837122][ T8914] ? dev_load+0x21/0x1f0 [ 418.837145][ T8914] ? dev_load+0x21/0x1f0 [ 418.837167][ T8914] ? dev_load+0x21/0x1f0 [ 418.837182][ T8914] dev_ioctl+0x392/0x1150 [ 418.837200][ T8914] sock_do_ioctl+0x22c/0x300 [ 418.837223][ T8914] ? __pfx_sock_do_ioctl+0x10/0x10 [ 418.837246][ T8914] ? __asan_memset+0x22/0x50 [ 418.837263][ T8914] ? smack_file_ioctl+0x24d/0x340 [ 418.837285][ T8914] sock_ioctl+0x579/0x790 [ 418.837312][ T8914] ? __pfx_sock_ioctl+0x10/0x10 [ 418.837333][ T8914] ? __fget_files+0x2a/0x420 [ 418.837348][ T8914] ? __fget_files+0x3a6/0x420 [ 418.837363][ T8914] ? __fget_files+0x2a/0x420 [ 418.837379][ T8914] ? bpf_lsm_file_ioctl+0x9/0x20 [ 418.837400][ T8914] ? __pfx_sock_ioctl+0x10/0x10 [ 418.837419][ T8914] __se_sys_ioctl+0xff/0x170 [ 418.837440][ T8914] do_syscall_64+0xec/0xf80 [ 418.837455][ T8914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.837470][ T8914] ? trace_irq_disable+0x37/0x100 [ 418.837484][ T8914] ? clear_bhb_loop+0x60/0xb0 [ 418.837501][ T8914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.837514][ T8914] RIP: 0033:0x7fd75267f749 [ 418.837528][ T8914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.837543][ T8914] RSP: 002b:00007fd7508de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.837563][ T8914] RAX: ffffffffffffffda RBX: 00007fd7528d5fa0 RCX: 00007fd75267f749 [ 418.837576][ T8914] RDX: 0000200000000300 RSI: 0000000000008946 RDI: 0000000000000003 [ 418.837587][ T8914] RBP: 00007fd7508de090 R08: 0000000000000000 R09: 0000000000000000 [ 418.837598][ T8914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.837609][ T8914] R13: 00007fd7528d6038 R14: 00007fd7528d5fa0 R15: 00007ffe543bb7f8 [ 418.837646][ T8914] [ 419.448964][ T8921] netlink: 300 bytes leftover after parsing attributes in process `syz.0.812'. [ 420.461158][ T43] usb 4-1: USB disconnect, device number 20 [ 421.286505][ T8941] netlink: 20 bytes leftover after parsing attributes in process `syz.3.817'. [ 422.775183][ T5952] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 422.927214][ T5952] usb 4-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 422.927249][ T5952] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 422.927275][ T5952] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 422.927301][ T5952] usb 4-1: config 0 interface 0 has no altsetting 0 [ 422.929684][ T5952] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 422.929711][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 422.929731][ T5952] usb 4-1: Product: syz [ 422.929744][ T5952] usb 4-1: Manufacturer: syz [ 422.929758][ T5952] usb 4-1: SerialNumber: syz [ 423.008669][ T5952] usb 4-1: config 0 descriptor?? [ 423.009477][ T8947] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 423.015277][ T43] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 423.047967][ T5952] usb 4-1: selecting invalid altsetting 0 [ 423.167766][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.167798][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 423.167819][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 423.167859][ T43] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 423.167880][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.185485][ T43] usb 3-1: config 0 descriptor?? [ 423.266770][ C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 423.694455][ T43] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 425.085764][ C0] plantronics 0003:047F:FFFF.0009: usb_submit_urb(ctrl) failed: -1 [ 425.225241][ T6812] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 425.355079][ T6812] usb 3-1: device descriptor read/64, error -32 [ 425.595122][ T6812] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 425.729872][ T6812] usb 3-1: device descriptor read/64, error -32 [ 425.965223][ T31] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 425.966632][ T6812] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 425.985409][ T6812] usb 3-1: device descriptor read/8, error -32 [ 426.126763][ T31] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 426.126796][ T31] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 426.126822][ T31] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 426.126849][ T31] usb 1-1: config 0 interface 0 has no altsetting 0 [ 426.129698][ T31] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 426.129724][ T31] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 426.129744][ T31] usb 1-1: Product: syz [ 426.129758][ T31] usb 1-1: Manufacturer: syz [ 426.129772][ T31] usb 1-1: SerialNumber: syz [ 426.146021][ T31] usb 1-1: config 0 descriptor?? [ 426.146830][ T8971] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 426.257981][ T6296] usb 4-1: USB disconnect, device number 21 [ 426.315455][ T31] usb 1-1: selecting invalid altsetting 0 [ 426.470871][ T8981] netlink: 12 bytes leftover after parsing attributes in process `syz.3.829'. [ 427.780962][ T804] usb 3-1: USB disconnect, device number 18 [ 428.387179][ T9002] netlink: 20 bytes leftover after parsing attributes in process `syz.4.832'. [ 429.553666][ T5963] usb 1-1: USB disconnect, device number 14 [ 429.632009][ T9004] FAULT_INJECTION: forcing a failure. [ 429.632009][ T9004] name failslab, interval 1, probability 0, space 0, times 0 [ 429.632042][ T9004] CPU: 0 UID: 0 PID: 9004 Comm: syz.3.834 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 429.632068][ T9004] Tainted: [L]=SOFTLOCKUP [ 429.632075][ T9004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 429.632086][ T9004] Call Trace: [ 429.632093][ T9004] [ 429.632100][ T9004] dump_stack_lvl+0xe8/0x150 [ 429.632129][ T9004] should_fail_ex+0x46c/0x600 [ 429.632157][ T9004] ? skb_clone+0x212/0x3a0 [ 429.632179][ T9004] should_failslab+0xa8/0x100 [ 429.632198][ T9004] ? skb_clone+0x212/0x3a0 [ 429.632218][ T9004] kmem_cache_alloc_noprof+0x84/0x6c0 [ 429.632241][ T9004] ? __netlink_lookup+0xbd/0x8a0 [ 429.632273][ T9004] skb_clone+0x212/0x3a0 [ 429.632300][ T9004] __netlink_deliver_tap+0x404/0x850 [ 429.632335][ T9004] ? netlink_deliver_tap+0x2e/0x1b0 [ 429.632360][ T9004] netlink_deliver_tap+0x19c/0x1b0 [ 429.632385][ T9004] netlink_unicast+0x811/0xa10 [ 429.632415][ T9004] ? __pfx_netlink_unicast+0x10/0x10 [ 429.632436][ T9004] ? __alloc_skb+0x198/0x3a0 [ 429.632456][ T9004] ? netlink_sendmsg+0x642/0xb30 [ 429.632477][ T9004] ? skb_put+0x11b/0x210 [ 429.632502][ T9004] netlink_sendmsg+0x805/0xb30 [ 429.632534][ T9004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 429.632566][ T9004] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 429.632588][ T9004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 429.632613][ T9004] __sock_sendmsg+0x21c/0x270 [ 429.632643][ T9004] ____sys_sendmsg+0x508/0x810 [ 429.632672][ T9004] ? __pfx_____sys_sendmsg+0x10/0x10 [ 429.632703][ T9004] ? import_iovec+0x74/0xa0 [ 429.632725][ T9004] ___sys_sendmsg+0x21f/0x2a0 [ 429.632751][ T9004] ? __pfx____sys_sendmsg+0x10/0x10 [ 429.632811][ T9004] ? __fget_files+0x2a/0x420 [ 429.632828][ T9004] ? __fget_files+0x3a6/0x420 [ 429.632863][ T9004] __x64_sys_sendmsg+0x1a1/0x260 [ 429.632889][ T9004] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 429.632920][ T9004] ? __pfx_ksys_write+0x10/0x10 [ 429.632953][ T9004] do_syscall_64+0xec/0xf80 [ 429.632971][ T9004] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.632987][ T9004] ? trace_irq_disable+0x37/0x100 [ 429.633006][ T9004] ? clear_bhb_loop+0x60/0xb0 [ 429.633028][ T9004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.633045][ T9004] RIP: 0033:0x7f2f27b5f749 [ 429.633061][ T9004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.633077][ T9004] RSP: 002b:00007f2f25dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 429.633097][ T9004] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b5f749 [ 429.633111][ T9004] RDX: 0000000024040810 RSI: 0000200000000000 RDI: 0000000000000003 [ 429.633124][ T9004] RBP: 00007f2f25dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 429.633136][ T9004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.633148][ T9004] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 429.633180][ T9004] [ 429.633217][ T9004] netlink: 'syz.3.834': attribute type 1 has an invalid length. [ 429.633229][ T9004] netlink: 64 bytes leftover after parsing attributes in process `syz.3.834'. [ 430.668420][ T9013] kernel read not supported for file /!selinuxwk1ÐmÃ9Éž*T“ýâ‘ïª#j—¼ÞYÌÅmVËvm(pÉ-QZ#Ò{„¿ (pid: 9013 comm: syz.3.838) [ 432.452939][ T9018] netlink: 300 bytes leftover after parsing attributes in process `syz.4.837'. [ 434.216036][ T5807] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 434.434025][ T5807] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 434.435082][ T5807] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 434.435108][ T5807] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 434.435132][ T5807] usb 1-1: config 0 interface 0 has no altsetting 0 [ 434.437630][ T5807] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 434.437656][ T5807] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 434.437675][ T5807] usb 1-1: Product: syz [ 434.437688][ T5807] usb 1-1: Manufacturer: syz [ 434.437702][ T5807] usb 1-1: SerialNumber: syz [ 434.529199][ T5807] usb 1-1: config 0 descriptor?? [ 434.530001][ T9028] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 434.554450][ T5807] usb 1-1: selecting invalid altsetting 0 [ 436.050088][ T6890] usb 1-1: USB disconnect, device number 15 [ 436.302193][ T9046] block nbd0: shutting down sockets [ 436.482390][ T9057] netlink: 20 bytes leftover after parsing attributes in process `syz.4.847'. [ 437.856662][ T9082] Driver unsupported XDP return value 0 on prog (id 204) dev N/A, expect packet loss! [ 439.045090][ T6890] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 439.197561][ T6890] usb 2-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 439.197596][ T6890] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 439.197621][ T6890] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 439.197647][ T6890] usb 2-1: config 0 interface 0 has no altsetting 0 [ 439.200811][ T6890] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 439.200838][ T6890] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 439.200866][ T6890] usb 2-1: Product: syz [ 439.200880][ T6890] usb 2-1: Manufacturer: syz [ 439.200893][ T6890] usb 2-1: SerialNumber: syz [ 439.307069][ T6890] usb 2-1: config 0 descriptor?? [ 439.313217][ T9086] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 439.341998][ T6890] usb 2-1: selecting invalid altsetting 0 [ 439.607464][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.612373][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.612627][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.612851][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.613170][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.613384][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.613842][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.685122][ T43] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 439.693277][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.693738][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.693951][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.861'. [ 439.971221][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.971294][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.199827][ T43] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 440.199856][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.207706][ T43] usb 5-1: config 0 descriptor?? [ 440.227262][ T43] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 440.422325][ T43] gp8psk: usb in 128 operation failed. [ 440.897717][ T43] gp8psk: usb in 146 operation failed. [ 440.897738][ T43] gp8psk: failed to get FW version [ 440.941316][ T43] gp8psk: usb in 149 operation failed. [ 440.941338][ T43] gp8psk: failed to get FPGA version [ 440.943585][ T43] gp8psk: usb in 138 operation failed. [ 440.943619][ T43] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 440.943654][ T43] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 441.019319][ T9126] FAULT_INJECTION: forcing a failure. [ 441.019319][ T9126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 441.019356][ T9126] CPU: 0 UID: 0 PID: 9126 Comm: syz.2.867 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 441.019383][ T9126] Tainted: [L]=SOFTLOCKUP [ 441.019390][ T9126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.019401][ T9126] Call Trace: [ 441.019408][ T9126] [ 441.019416][ T9126] dump_stack_lvl+0xe8/0x150 [ 441.019447][ T9126] should_fail_ex+0x46c/0x600 [ 441.019477][ T9126] _copy_from_user+0x2d/0xb0 [ 441.019497][ T9126] ___sys_sendmsg+0x158/0x2a0 [ 441.019524][ T9126] ? __pfx____sys_sendmsg+0x10/0x10 [ 441.019581][ T9126] ? __fget_files+0x2a/0x420 [ 441.019601][ T9126] ? __fget_files+0x3a6/0x420 [ 441.019630][ T9126] __x64_sys_sendmsg+0x1a1/0x260 [ 441.019663][ T9126] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 441.019696][ T9126] ? __pfx_ksys_write+0x10/0x10 [ 441.019732][ T9126] do_syscall_64+0xec/0xf80 [ 441.019751][ T9126] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.019770][ T9126] ? clear_bhb_loop+0x60/0xb0 [ 441.019793][ T9126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.019811][ T9126] RIP: 0033:0x7f458bdff749 [ 441.019829][ T9126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.019846][ T9126] RSP: 002b:00007f458a01c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.019867][ T9126] RAX: ffffffffffffffda RBX: 00007f458c056180 RCX: 00007f458bdff749 [ 441.019882][ T9126] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 441.019894][ T9126] RBP: 00007f458a01c090 R08: 0000000000000000 R09: 0000000000000000 [ 441.019906][ T9126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.019918][ T9126] R13: 00007f458c056218 R14: 00007f458c056180 R15: 00007fff504638f8 [ 441.019949][ T9126] [ 441.091945][ T43] usb 5-1: USB disconnect, device number 16 [ 441.851397][ T5935] usb 2-1: USB disconnect, device number 26 [ 442.080112][ T9137] FAULT_INJECTION: forcing a failure. [ 442.080112][ T9137] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.080149][ T9137] CPU: 1 UID: 0 PID: 9137 Comm: syz.0.874 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 442.080176][ T9137] Tainted: [L]=SOFTLOCKUP [ 442.080183][ T9137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 442.080195][ T9137] Call Trace: [ 442.080202][ T9137] [ 442.080210][ T9137] dump_stack_lvl+0xe8/0x150 [ 442.080239][ T9137] should_fail_ex+0x46c/0x600 [ 442.080270][ T9137] _copy_from_iter+0x1cd/0x1630 [ 442.080298][ T9137] ? kmalloc_reserve+0xbd/0x290 [ 442.080319][ T9137] ? rcu_is_watching+0x15/0xb0 [ 442.080344][ T9137] ? __pfx__copy_from_iter+0x10/0x10 [ 442.080370][ T9137] ? __build_skb_around+0x22d/0x3c0 [ 442.080393][ T9137] ? __alloc_skb+0x198/0x3a0 [ 442.080413][ T9137] ? netlink_sendmsg+0x642/0xb30 [ 442.080436][ T9137] ? skb_put+0x11b/0x210 [ 442.080460][ T9137] netlink_sendmsg+0x6b2/0xb30 [ 442.080493][ T9137] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.080524][ T9137] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 442.080554][ T9137] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.080579][ T9137] __sock_sendmsg+0x21c/0x270 [ 442.080626][ T9137] ____sys_sendmsg+0x508/0x810 [ 442.080655][ T9137] ? __pfx_____sys_sendmsg+0x10/0x10 [ 442.080687][ T9137] ? import_iovec+0x74/0xa0 [ 442.080709][ T9137] ___sys_sendmsg+0x21f/0x2a0 [ 442.080734][ T9137] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.080793][ T9137] ? __fget_files+0x2a/0x420 [ 442.080813][ T9137] ? __fget_files+0x3a6/0x420 [ 442.080843][ T9137] __x64_sys_sendmsg+0x1a1/0x260 [ 442.080869][ T9137] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 442.080902][ T9137] ? __pfx_ksys_write+0x10/0x10 [ 442.080939][ T9137] do_syscall_64+0xec/0xf80 [ 442.080958][ T9137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.080977][ T9137] ? trace_irq_disable+0x37/0x100 [ 442.080997][ T9137] ? clear_bhb_loop+0x60/0xb0 [ 442.081019][ T9137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.081037][ T9137] RIP: 0033:0x7fb3381df749 [ 442.081054][ T9137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.081071][ T9137] RSP: 002b:00007fb336446038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 442.081092][ T9137] RAX: ffffffffffffffda RBX: 00007fb338435fa0 RCX: 00007fb3381df749 [ 442.081107][ T9137] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 442.081120][ T9137] RBP: 00007fb336446090 R08: 0000000000000000 R09: 0000000000000000 [ 442.081132][ T9137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.081144][ T9137] R13: 00007fb338436038 R14: 00007fb338435fa0 R15: 00007ffcbb30d7c8 [ 442.081176][ T9137] [ 442.950077][ T9142] netlink: 'syz.4.872': attribute type 1 has an invalid length. [ 444.362855][ T9152] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 444.391285][ T9152] fuse: Unknown parameter '' [ 445.765103][ T37] audit: type=1326 audit(1767836553.159:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765163][ T37] audit: type=1326 audit(1767836553.159:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765206][ T37] audit: type=1326 audit(1767836553.159:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765247][ T37] audit: type=1326 audit(1767836553.159:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765290][ T37] audit: type=1326 audit(1767836553.159:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765331][ T37] audit: type=1326 audit(1767836553.159:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765372][ T37] audit: type=1326 audit(1767836553.159:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765414][ T37] audit: type=1326 audit(1767836553.159:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765454][ T37] audit: type=1326 audit(1767836553.159:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3381df749 code=0x7ffc0000 [ 445.765496][ T37] audit: type=1326 audit(1767836553.159:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9158 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3381ddf90 code=0x7ffc0000 [ 446.205203][ T6890] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 447.936381][ T9187] __nla_validate_parse: 25 callbacks suppressed [ 447.936402][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.890'. [ 448.931504][ T9207] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 450.627686][ T9216] netlink: 300 bytes leftover after parsing attributes in process `syz.2.898'. [ 451.696781][ T9223] FAULT_INJECTION: forcing a failure. [ 451.696781][ T9223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.696818][ T9223] CPU: 0 UID: 0 PID: 9223 Comm: syz.0.902 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 451.696845][ T9223] Tainted: [L]=SOFTLOCKUP [ 451.696853][ T9223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 451.696865][ T9223] Call Trace: [ 451.696872][ T9223] [ 451.696880][ T9223] dump_stack_lvl+0xe8/0x150 [ 451.696910][ T9223] should_fail_ex+0x46c/0x600 [ 451.696941][ T9223] _copy_from_iter+0x1cd/0x1630 [ 451.696970][ T9223] ? kmalloc_reserve+0xbd/0x290 [ 451.696990][ T9223] ? rcu_is_watching+0x15/0xb0 [ 451.697014][ T9223] ? __pfx__copy_from_iter+0x10/0x10 [ 451.697040][ T9223] ? __build_skb_around+0x22d/0x3c0 [ 451.697063][ T9223] ? __alloc_skb+0x198/0x3a0 [ 451.697083][ T9223] ? netlink_sendmsg+0x642/0xb30 [ 451.697105][ T9223] ? skb_put+0x11b/0x210 [ 451.697129][ T9223] netlink_sendmsg+0x6b2/0xb30 [ 451.697167][ T9223] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.697200][ T9223] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 451.697223][ T9223] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.697248][ T9223] __sock_sendmsg+0x21c/0x270 [ 451.697278][ T9223] ____sys_sendmsg+0x508/0x810 [ 451.697307][ T9223] ? __pfx_____sys_sendmsg+0x10/0x10 [ 451.697339][ T9223] ? import_iovec+0x74/0xa0 [ 451.697368][ T9223] ___sys_sendmsg+0x21f/0x2a0 [ 451.697393][ T9223] ? __pfx____sys_sendmsg+0x10/0x10 [ 451.697451][ T9223] ? __fget_files+0x2a/0x420 [ 451.697470][ T9223] ? __fget_files+0x3a6/0x420 [ 451.697500][ T9223] __x64_sys_sendmsg+0x1a1/0x260 [ 451.697526][ T9223] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 451.697558][ T9223] ? __pfx_ksys_write+0x10/0x10 [ 451.697595][ T9223] do_syscall_64+0xec/0xf80 [ 451.697614][ T9223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.697632][ T9223] ? trace_irq_disable+0x37/0x100 [ 451.697652][ T9223] ? clear_bhb_loop+0x60/0xb0 [ 451.697675][ T9223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.697693][ T9223] RIP: 0033:0x7fb3381df749 [ 451.697710][ T9223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.697728][ T9223] RSP: 002b:00007fb336446038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.697749][ T9223] RAX: ffffffffffffffda RBX: 00007fb338435fa0 RCX: 00007fb3381df749 [ 451.697764][ T9223] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 451.697777][ T9223] RBP: 00007fb336446090 R08: 0000000000000000 R09: 0000000000000000 [ 451.697789][ T9223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.697800][ T9223] R13: 00007fb338436038 R14: 00007fb338435fa0 R15: 00007ffcbb30d7c8 [ 451.697832][ T9223] [ 451.943444][ T9225] netlink: 300 bytes leftover after parsing attributes in process `syz.3.899'. [ 453.030338][ T9230] FAULT_INJECTION: forcing a failure. [ 453.030338][ T9230] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 453.030374][ T9230] CPU: 0 UID: 0 PID: 9230 Comm: syz.2.901 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 453.030401][ T9230] Tainted: [L]=SOFTLOCKUP [ 453.030407][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 453.030419][ T9230] Call Trace: [ 453.030425][ T9230] [ 453.030433][ T9230] dump_stack_lvl+0xe8/0x150 [ 453.030461][ T9230] should_fail_ex+0x46c/0x600 [ 453.030497][ T9230] prepare_alloc_pages+0x22b/0x6c0 [ 453.030523][ T9230] __alloc_frozen_pages_noprof+0x123/0x370 [ 453.030546][ T9230] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 453.030575][ T9230] ? policy_nodemask+0x27c/0x720 [ 453.030607][ T9230] alloc_pages_bulk_noprof+0x5fa/0x7d0 [ 453.030631][ T9230] ? alloc_pages_noprof+0xe4/0x1e0 [ 453.030654][ T9230] __kasan_populate_vmalloc+0xc1/0x1d0 [ 453.030681][ T9230] ? rt_spin_unlock+0x161/0x200 [ 453.030707][ T9230] alloc_vmap_area+0xdc4/0x14e0 [ 453.030751][ T9230] ? __pfx_alloc_vmap_area+0x10/0x10 [ 453.030777][ T9230] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 453.030804][ T9230] ? __get_vm_area_node+0x172/0x350 [ 453.030827][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.030852][ T9230] __get_vm_area_node+0x227/0x350 [ 453.030883][ T9230] __vmalloc_node_range_noprof+0x371/0x16a0 [ 453.030909][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.030951][ T9230] ? is_bpf_text_address+0x26/0x2b0 [ 453.030977][ T9230] ? kernel_text_address+0xa5/0xe0 [ 453.031007][ T9230] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 453.031036][ T9230] ? __lock_acquire+0x6b6/0x2cf0 [ 453.031069][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.031089][ T9230] __vmalloc_noprof+0xd2/0x120 [ 453.031114][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.031139][ T9230] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.031166][ T9230] bpf_prog_alloc+0x3c/0x1a0 [ 453.031191][ T9230] bpf_prog_load+0x735/0x1a10 [ 453.031220][ T9230] ? get_pid_task+0x20/0x1f0 [ 453.031245][ T9230] ? __pfx_bpf_prog_load+0x10/0x10 [ 453.031267][ T9230] ? __might_fault+0xb0/0x130 [ 453.031312][ T9230] ? bpf_lsm_bpf+0x9/0x20 [ 453.031328][ T9230] ? security_bpf+0x7e/0x300 [ 453.031356][ T9230] __sys_bpf+0x507/0x860 [ 453.031379][ T9230] ? __pfx___sys_bpf+0x10/0x10 [ 453.031397][ T9230] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 453.031437][ T9230] ? ksys_write+0x230/0x260 [ 453.031465][ T9230] ? __pfx_ksys_write+0x10/0x10 [ 453.031502][ T9230] __x64_sys_bpf+0x7c/0x90 [ 453.031522][ T9230] do_syscall_64+0xec/0xf80 [ 453.031541][ T9230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.031560][ T9230] ? trace_irq_disable+0x37/0x100 [ 453.031578][ T9230] ? clear_bhb_loop+0x60/0xb0 [ 453.031601][ T9230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.031619][ T9230] RIP: 0033:0x7f458bdff749 [ 453.031636][ T9230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.031652][ T9230] RSP: 002b:00007f458a05e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 453.031673][ T9230] RAX: ffffffffffffffda RBX: 00007f458c055fa0 RCX: 00007f458bdff749 [ 453.031688][ T9230] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 453.031701][ T9230] RBP: 00007f458a05e090 R08: 0000000000000000 R09: 0000000000000000 [ 453.031714][ T9230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.031726][ T9230] R13: 00007f458c056038 R14: 00007f458c055fa0 R15: 00007fff504638f8 [ 453.031758][ T9230] [ 453.031811][ T9230] warn_alloc: 1 callbacks suppressed [ 453.031821][ T9230] syz.2.901: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 453.031881][ T9230] CPU: 0 UID: 0 PID: 9230 Comm: syz.2.901 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 453.031907][ T9230] Tainted: [L]=SOFTLOCKUP [ 453.031914][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 453.031925][ T9230] Call Trace: [ 453.031932][ T9230] [ 453.031939][ T9230] dump_stack_lvl+0xe8/0x150 [ 453.031965][ T9230] warn_alloc+0x22e/0x3b0 [ 453.031994][ T9230] ? kasan_quarantine_put+0xbb/0x1f0 [ 453.032022][ T9230] ? __pfx_warn_alloc+0x10/0x10 [ 453.032049][ T9230] ? __get_vm_area_node+0x240/0x350 [ 453.032071][ T9230] ? __get_vm_area_node+0x172/0x350 [ 453.032095][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.032119][ T9230] ? __get_vm_area_node+0x240/0x350 [ 453.032150][ T9230] __vmalloc_node_range_noprof+0x396/0x16a0 [ 453.032196][ T9230] ? is_bpf_text_address+0x26/0x2b0 [ 453.032222][ T9230] ? kernel_text_address+0xa5/0xe0 [ 453.032251][ T9230] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 453.032280][ T9230] ? __lock_acquire+0x6b6/0x2cf0 [ 453.032312][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.032333][ T9230] __vmalloc_noprof+0xd2/0x120 [ 453.032357][ T9230] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.032382][ T9230] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 453.032408][ T9230] bpf_prog_alloc+0x3c/0x1a0 [ 453.032433][ T9230] bpf_prog_load+0x735/0x1a10 [ 453.032461][ T9230] ? get_pid_task+0x20/0x1f0 [ 453.032492][ T9230] ? __pfx_bpf_prog_load+0x10/0x10 [ 453.032514][ T9230] ? __might_fault+0xb0/0x130 [ 453.032559][ T9230] ? bpf_lsm_bpf+0x9/0x20 [ 453.032574][ T9230] ? security_bpf+0x7e/0x300 [ 453.032602][ T9230] __sys_bpf+0x507/0x860 [ 453.032625][ T9230] ? __pfx___sys_bpf+0x10/0x10 [ 453.032644][ T9230] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 453.032683][ T9230] ? ksys_write+0x230/0x260 [ 453.032710][ T9230] ? __pfx_ksys_write+0x10/0x10 [ 453.032743][ T9230] __x64_sys_bpf+0x7c/0x90 [ 453.032762][ T9230] do_syscall_64+0xec/0xf80 [ 453.032780][ T9230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.032798][ T9230] ? trace_irq_disable+0x37/0x100 [ 453.032816][ T9230] ? clear_bhb_loop+0x60/0xb0 [ 453.032839][ T9230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.032857][ T9230] RIP: 0033:0x7f458bdff749 [ 453.032873][ T9230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.032889][ T9230] RSP: 002b:00007f458a05e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 453.032908][ T9230] RAX: ffffffffffffffda RBX: 00007f458c055fa0 RCX: 00007f458bdff749 [ 453.032922][ T9230] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 453.032935][ T9230] RBP: 00007f458a05e090 R08: 0000000000000000 R09: 0000000000000000 [ 453.032948][ T9230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.032959][ T9230] R13: 00007f458c056038 R14: 00007f458c055fa0 R15: 00007fff504638f8 [ 453.032992][ T9230] [ 453.032999][ T9230] Mem-Info: [ 453.033008][ T9230] active_anon:4906 inactive_anon:4409 isolated_anon:0 [ 453.033008][ T9230] active_file:25297 inactive_file:37918 isolated_file:0 [ 453.033008][ T9230] unevictable:768 dirty:94 writeback:0 [ 453.033008][ T9230] slab_reclaimable:12013 slab_unreclaimable:100775 [ 453.033008][ T9230] mapped:29949 shmem:6026 pagetables:1153 [ 453.033008][ T9230] sec_pagetables:0 bounce:0 [ 453.033008][ T9230] kernel_misc_reclaimable:0 [ 453.033008][ T9230] free:1305479 free_pcp:8267 free_cma:0 [ 453.033062][ T9230] Node 0 active_anon:19624kB inactive_anon:17636kB active_file:100992kB inactive_file:151672kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119796kB dirty:376kB writeback:0kB shmem:22568kB kernel_stack:13556kB pagetables:4472kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 453.033107][ T9230] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 453.033150][ T9230] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 453.033207][ T9230] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 453.033241][ T9230] Node 0 DMA32 free:1310004kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19624kB inactive_anon:17636kB active_file:100992kB inactive_file:151672kB unevictable:1536kB writepending:376kB zspages:0kB present:3129332kB managed:2574688kB mlocked:0kB bounce:0kB free_pcp:32736kB local_pcp:16852kB free_cma:0kB [ 453.033519][ T9230] lowmem_reserve[]: 0 0 1 1 1 [ 453.033553][ T9230] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 453.033609][ T9230] lowmem_reserve[]: 0 0 0 0 0 [ 453.033641][ T9230] Node 1 Normal free:3896552kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:332kB local_pcp:332kB free_cma:0kB [ 453.033699][ T9230] lowmem_reserve[]: 0 0 0 0 0 [ 453.033731][ T9230] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 453.033844][ T9230] Node 0 DMA32: 289*4kB (U) 1100*8kB (U) 701*16kB (UE) 295*32kB (UME) 168*64kB (UME) 257*128kB (UME) 161*256kB (UME) 49*512kB (UME) 24*1024kB (UME) 15*2048kB (UME) 272*4096kB (UM) = 1309972kB [ 453.033997][ T9230] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 453.034093][ T9230] Node 1 Normal: 218*4kB (U) 46*8kB (UME) 37*16kB (UME) 210*32kB (UME) 114*64kB (UME) 30*128kB (UME) 12*256kB (UME) 10*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 943*4096kB (M) = 3896552kB [ 453.034245][ T9230] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 453.034261][ T9230] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 453.034277][ T9230] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 453.034293][ T9230] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 453.034309][ T9230] 69239 total pagecache pages [ 453.034316][ T9230] 0 pages in swap cache [ 453.034323][ T9230] Free swap = 124996kB [ 453.034330][ T9230] Total swap = 124996kB [ 453.034337][ T9230] 2097051 pages RAM [ 453.034344][ T9230] 0 pages HighMem/MovableOnly [ 453.034351][ T9230] 421353 pages reserved [ 453.034357][ T9230] 0 pages cma reserved [ 453.115168][ T6890] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 453.277619][ T6890] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 453.277652][ T6890] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 453.277677][ T6890] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 453.277701][ T6890] usb 1-1: config 0 interface 0 has no altsetting 0 [ 453.280024][ T6890] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 453.280048][ T6890] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 453.280067][ T6890] usb 1-1: Product: syz [ 453.280080][ T6890] usb 1-1: Manufacturer: syz [ 453.280093][ T6890] usb 1-1: SerialNumber: syz [ 453.317194][ T6890] usb 1-1: config 0 descriptor?? [ 453.318038][ T9228] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 453.331108][ T6890] usb 1-1: selecting invalid altsetting 0 [ 453.421488][ T9237] libceph: resolve '4' (ret=-3): failed [ 453.999305][ T9245] netlink: 300 bytes leftover after parsing attributes in process `syz.2.909'. [ 454.694401][ T5807] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 454.757840][ T9247] FAULT_INJECTION: forcing a failure. [ 454.757840][ T9247] name failslab, interval 1, probability 0, space 0, times 0 [ 454.757876][ T9247] CPU: 0 UID: 0 PID: 9247 Comm: syz.3.904 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 454.757903][ T9247] Tainted: [L]=SOFTLOCKUP [ 454.757910][ T9247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 454.757922][ T9247] Call Trace: [ 454.757929][ T9247] [ 454.757937][ T9247] dump_stack_lvl+0xe8/0x150 [ 454.757966][ T9247] should_fail_ex+0x46c/0x600 [ 454.757996][ T9247] should_failslab+0xa8/0x100 [ 454.758016][ T9247] __kmalloc_noprof+0xe0/0x7e0 [ 454.758042][ T9247] ? sk_prot_alloc+0xe7/0x220 [ 454.758063][ T9247] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 454.758092][ T9247] sk_prot_alloc+0xe7/0x220 [ 454.758112][ T9247] ? sk_alloc+0x27/0x390 [ 454.758135][ T9247] sk_alloc+0x3a/0x390 [ 454.758160][ T9247] __netlink_create+0x65/0x260 [ 454.758184][ T9247] ? __pfx_genl_release+0x10/0x10 [ 454.758204][ T9247] netlink_create+0x3be/0x580 [ 454.758229][ T9247] ? __pfx_genl_unbind+0x10/0x10 [ 454.758244][ T9247] ? __pfx_genl_bind+0x10/0x10 [ 454.758264][ T9247] __sock_create+0x4b3/0x9d0 [ 454.758298][ T9247] __sys_socket+0xd7/0x1b0 [ 454.758321][ T9247] __x64_sys_socket+0x7a/0x90 [ 454.758341][ T9247] do_syscall_64+0xec/0xf80 [ 454.758359][ T9247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.758378][ T9247] ? trace_irq_disable+0x37/0x100 [ 454.758397][ T9247] ? clear_bhb_loop+0x60/0xb0 [ 454.758420][ T9247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.758438][ T9247] RIP: 0033:0x7f2f27b61667 [ 454.758454][ T9247] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.758471][ T9247] RSP: 002b:00007f2f25dc4fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 454.758491][ T9247] RAX: ffffffffffffffda RBX: 00007f2f27db5fa0 RCX: 00007f2f27b61667 [ 454.758506][ T9247] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 454.758517][ T9247] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 454.758529][ T9247] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000001 [ 454.758541][ T9247] R13: 00007f2f27db6038 R14: 00007f2f27db5fa0 R15: 00007ffd1722d6d8 [ 454.758574][ T9247] [ 454.908370][ T5807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.908402][ T5807] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 454.908441][ T5807] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 454.908461][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.914777][ T5807] usb 2-1: config 0 descriptor?? [ 455.352495][ T5807] hid-led 0003:1294:1320.000A: hidraw0: USB HID vff.fe Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0 [ 455.374029][ T5807] hid-led 0003:1294:1320.000A: Riso Kagaku Webmail Notifier initialized [ 456.806214][ T6890] usb 1-1: USB disconnect, device number 16 [ 456.825517][ T9262] loop2: detected capacity change from 0 to 7 [ 456.827959][ T9262] Dev loop2: unable to read RDB block 7 [ 456.827978][ T9262] loop2: AHDI p1 p2 [ 456.827993][ T9262] loop2: partition table partially beyond EOD, truncated [ 456.828060][ T9262] loop2: p1 start 1700753509 is beyond EOD, truncated [ 456.955981][ T6296] usb 2-1: USB disconnect, device number 27 [ 457.004915][ T5975] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 457.027219][ T5975] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 457.035578][ T5983] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 457.051961][ T5798] Bluetooth: hci3: unexpected event for opcode 0x2024 [ 457.115948][ T9279] pimreg: tun_chr_ioctl cmd 1076925456 [ 457.367242][ T6296] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 458.245092][ T6296] usb 3-1: Using ep0 maxpacket: 32 [ 458.254268][ T6296] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 458.285497][ T6296] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 458.285527][ T6296] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 458.285547][ T6296] usb 3-1: Product: syz [ 458.285560][ T6296] usb 3-1: Manufacturer: syz [ 458.285574][ T6296] usb 3-1: SerialNumber: syz [ 458.318344][ T6296] usb 3-1: config 0 descriptor?? [ 458.319234][ T9273] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 459.701846][ T6296] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 459.876960][ T6296] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 459.876994][ T6296] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 459.877018][ T6296] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 459.877044][ T6296] usb 5-1: config 0 interface 0 has no altsetting 0 [ 459.879370][ T6296] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 459.879394][ T6296] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 459.879413][ T6296] usb 5-1: Product: syz [ 459.879424][ T6296] usb 5-1: Manufacturer: syz [ 459.879437][ T6296] usb 5-1: SerialNumber: syz [ 459.882874][ T6296] usb 5-1: config 0 descriptor?? [ 459.883571][ T9302] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 459.987225][ T6296] usb 5-1: selecting invalid altsetting 0 [ 461.305372][ T9337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.305606][ T9337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 461.325224][ T6890] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 463.252086][ T5807] usb 5-1: USB disconnect, device number 18 [ 463.256950][ T6890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.256979][ T6890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.257000][ T6890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 463.257040][ T6890] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 463.257062][ T6890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.300427][ T6890] usb 4-1: config 0 descriptor?? [ 464.591826][ T6890] plantronics 0003:047F:FFFF.000B: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 464.805809][ T6296] usb 4-1: USB disconnect, device number 22 [ 464.948812][ T9351] overlay: Unknown parameter 'euid' [ 468.705111][ T6103] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 468.859199][ T6103] usb 1-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 468.859231][ T6103] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 468.859253][ T6103] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 468.859273][ T6103] usb 1-1: config 0 interface 0 has no altsetting 0 [ 468.924610][ T6103] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 468.924638][ T6103] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 468.924656][ T6103] usb 1-1: Product: syz [ 468.924669][ T6103] usb 1-1: Manufacturer: syz [ 468.924682][ T6103] usb 1-1: SerialNumber: syz [ 469.172697][ T6103] usb 1-1: config 0 descriptor?? [ 469.173468][ T9384] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 469.325873][ T7707] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 470.010757][ T7707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.010797][ T7707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.010819][ T7707] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 470.010858][ T7707] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 470.010879][ T7707] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.301870][ T6103] usb 1-1: selecting invalid altsetting 0 [ 470.303330][ T7707] usb 5-1: config 0 descriptor?? [ 470.321944][ T9401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 470.332541][ T9401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 470.848566][ T7707] plantronics 0003:047F:FFFF.000C: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 471.018396][ T9409] netlink: 300 bytes leftover after parsing attributes in process `syz.3.957'. [ 471.931219][ T6103] usb 1-1: USB disconnect, device number 17 [ 471.936126][ T7707] usb 5-1: USB disconnect, device number 19 [ 472.094163][ T9414] FAULT_INJECTION: forcing a failure. [ 472.094163][ T9414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.094206][ T9414] CPU: 0 UID: 0 PID: 9414 Comm: syz.0.960 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 472.094264][ T9414] Tainted: [L]=SOFTLOCKUP [ 472.094280][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 472.094305][ T9414] Call Trace: [ 472.094313][ T9414] [ 472.094321][ T9414] dump_stack_lvl+0xe8/0x150 [ 472.094351][ T9414] should_fail_ex+0x46c/0x600 [ 472.094382][ T9414] _copy_from_user+0x2d/0xb0 [ 472.094402][ T9414] do_sock_getsockopt+0x15c/0x3d0 [ 472.094428][ T9414] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 472.094452][ T9414] ? __fget_files+0x3a6/0x420 [ 472.094472][ T9414] ? __fget_files+0x2a/0x420 [ 472.094497][ T9414] __x64_sys_getsockopt+0x1ab/0x250 [ 472.094529][ T9414] do_syscall_64+0xec/0xf80 [ 472.094548][ T9414] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.094574][ T9414] ? trace_irq_disable+0x37/0x100 [ 472.094595][ T9414] ? clear_bhb_loop+0x60/0xb0 [ 472.094617][ T9414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.094635][ T9414] RIP: 0033:0x7fb3381df749 [ 472.094653][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.094670][ T9414] RSP: 002b:00007fb336446038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 472.094690][ T9414] RAX: ffffffffffffffda RBX: 00007fb338435fa0 RCX: 00007fb3381df749 [ 472.094705][ T9414] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000003 [ 472.094717][ T9414] RBP: 00007fb336446090 R08: 0000200000000600 R09: 0000000000000000 [ 472.094729][ T9414] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 472.094742][ T9414] R13: 00007fb338436038 R14: 00007fb338435fa0 R15: 00007ffcbb30d7c8 [ 472.094774][ T9414] [ 474.832665][ T37] kauditd_printk_skb: 69 callbacks suppressed [ 474.832679][ T37] audit: type=1326 audit(1767836583.029:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9452 comm="syz.3.971" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f27b5f749 code=0x0 [ 474.837000][ T9453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.837397][ T9453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.853751][ T5798] Bluetooth: hci3: unexpected subevent 0x0c length: 11 > 5 [ 474.856653][ T9453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.857053][ T9453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.985162][ T5963] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 475.065511][ T9455] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 475.069371][ T9461] FAULT_INJECTION: forcing a failure. [ 475.069371][ T9461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 475.069405][ T9461] CPU: 0 UID: 0 PID: 9461 Comm: syz.1.976 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 475.069432][ T9461] Tainted: [L]=SOFTLOCKUP [ 475.069439][ T9461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 475.069450][ T9461] Call Trace: [ 475.069458][ T9461] [ 475.069466][ T9461] dump_stack_lvl+0xe8/0x150 [ 475.069496][ T9461] should_fail_ex+0x46c/0x600 [ 475.069526][ T9461] _copy_from_user+0x2d/0xb0 [ 475.069546][ T9461] ___sys_sendmsg+0x158/0x2a0 [ 475.069574][ T9461] ? __pfx____sys_sendmsg+0x10/0x10 [ 475.069631][ T9461] ? __fget_files+0x2a/0x420 [ 475.069651][ T9461] ? __fget_files+0x3a6/0x420 [ 475.069684][ T9461] __x64_sys_sendmsg+0x1a1/0x260 [ 475.069711][ T9461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 475.069743][ T9461] ? __pfx_ksys_write+0x10/0x10 [ 475.069780][ T9461] do_syscall_64+0xec/0xf80 [ 475.069799][ T9461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.069817][ T9461] ? trace_irq_disable+0x37/0x100 [ 475.069836][ T9461] ? clear_bhb_loop+0x60/0xb0 [ 475.069859][ T9461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.069877][ T9461] RIP: 0033:0x7fd75267f749 [ 475.069894][ T9461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.069910][ T9461] RSP: 002b:00007fd7508de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 475.069931][ T9461] RAX: ffffffffffffffda RBX: 00007fd7528d5fa0 RCX: 00007fd75267f749 [ 475.069945][ T9461] RDX: 000000002c000010 RSI: 0000200000000180 RDI: 0000000000000005 [ 475.069958][ T9461] RBP: 00007fd7508de090 R08: 0000000000000000 R09: 0000000000000000 [ 475.069970][ T9461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.069982][ T9461] R13: 00007fd7528d6038 R14: 00007fd7528d5fa0 R15: 00007ffe543bb7f8 [ 475.070014][ T9461] [ 475.138921][ T5963] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 475.138954][ T5963] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 475.138979][ T5963] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 475.139005][ T5963] usb 5-1: config 0 interface 0 has no altsetting 0 [ 475.141385][ T5963] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 475.141410][ T5963] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 475.141430][ T5963] usb 5-1: Product: syz [ 475.141443][ T5963] usb 5-1: Manufacturer: syz [ 475.141457][ T5963] usb 5-1: SerialNumber: syz [ 475.169518][ T5963] usb 5-1: config 0 descriptor?? [ 475.170292][ T9445] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 475.267016][ T5963] usb 5-1: selecting invalid altsetting 0 [ 476.437402][ T9396] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 476.559205][ T9481] FAULT_INJECTION: forcing a failure. [ 476.559205][ T9481] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 476.559228][ T9481] CPU: 1 UID: 0 PID: 9481 Comm: syz.2.984 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 476.559244][ T9481] Tainted: [L]=SOFTLOCKUP [ 476.559247][ T9481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 476.559254][ T9481] Call Trace: [ 476.559259][ T9481] [ 476.559263][ T9481] dump_stack_lvl+0xe8/0x150 [ 476.559283][ T9481] should_fail_ex+0x46c/0x600 [ 476.559300][ T9481] prepare_alloc_pages+0x22b/0x6c0 [ 476.559315][ T9481] __alloc_frozen_pages_noprof+0x123/0x370 [ 476.559327][ T9481] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 476.559343][ T9481] ? policy_nodemask+0x27c/0x720 [ 476.559361][ T9481] alloc_pages_bulk_noprof+0x5fa/0x7d0 [ 476.559374][ T9481] ? alloc_pages_noprof+0xe4/0x1e0 [ 476.559386][ T9481] __kasan_populate_vmalloc+0xc1/0x1d0 [ 476.559404][ T9481] ? rt_spin_unlock+0x161/0x200 [ 476.559420][ T9481] alloc_vmap_area+0xdc4/0x14e0 [ 476.559443][ T9481] ? __pfx_alloc_vmap_area+0x10/0x10 [ 476.559457][ T9481] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 476.559473][ T9481] ? __get_vm_area_node+0x172/0x350 [ 476.559486][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.559506][ T9481] __get_vm_area_node+0x227/0x350 [ 476.559535][ T9481] __vmalloc_node_range_noprof+0x371/0x16a0 [ 476.559560][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.559594][ T9481] ? is_bpf_text_address+0x26/0x2b0 [ 476.559609][ T9481] ? kernel_text_address+0xa5/0xe0 [ 476.559626][ T9481] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 476.559642][ T9481] ? __lock_acquire+0x6b6/0x2cf0 [ 476.559660][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.559671][ T9481] __vmalloc_noprof+0xd2/0x120 [ 476.559685][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.559699][ T9481] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.559712][ T9481] bpf_prog_alloc+0x3c/0x1a0 [ 476.559725][ T9481] bpf_prog_load+0x735/0x1a10 [ 476.559740][ T9481] ? get_pid_task+0x20/0x1f0 [ 476.559755][ T9481] ? __pfx_bpf_prog_load+0x10/0x10 [ 476.559766][ T9481] ? __might_fault+0xb0/0x130 [ 476.559791][ T9481] ? bpf_lsm_bpf+0x9/0x20 [ 476.559799][ T9481] ? security_bpf+0x7e/0x300 [ 476.559816][ T9481] __sys_bpf+0x507/0x860 [ 476.559828][ T9481] ? __pfx___sys_bpf+0x10/0x10 [ 476.559837][ T9481] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 476.559858][ T9481] ? ksys_write+0x230/0x260 [ 476.559874][ T9481] ? __pfx_ksys_write+0x10/0x10 [ 476.559898][ T9481] __x64_sys_bpf+0x7c/0x90 [ 476.559908][ T9481] do_syscall_64+0xec/0xf80 [ 476.559918][ T9481] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.559928][ T9481] ? trace_irq_disable+0x37/0x100 [ 476.559938][ T9481] ? clear_bhb_loop+0x60/0xb0 [ 476.559950][ T9481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.559960][ T9481] RIP: 0033:0x7f458bdff749 [ 476.559970][ T9481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.559979][ T9481] RSP: 002b:00007f458a05e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 476.559991][ T9481] RAX: ffffffffffffffda RBX: 00007f458c055fa0 RCX: 00007f458bdff749 [ 476.559998][ T9481] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 476.560005][ T9481] RBP: 00007f458a05e090 R08: 0000000000000000 R09: 0000000000000000 [ 476.560011][ T9481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.560017][ T9481] R13: 00007f458c056038 R14: 00007f458c055fa0 R15: 00007fff504638f8 [ 476.560033][ T9481] [ 476.560106][ T9481] syz.2.984: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 476.560146][ T9481] CPU: 1 UID: 0 PID: 9481 Comm: syz.2.984 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 476.560160][ T9481] Tainted: [L]=SOFTLOCKUP [ 476.560164][ T9481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 476.560171][ T9481] Call Trace: [ 476.560177][ T9481] [ 476.560183][ T9481] dump_stack_lvl+0xe8/0x150 [ 476.560212][ T9481] warn_alloc+0x22e/0x3b0 [ 476.560241][ T9481] ? kasan_quarantine_put+0xbb/0x1f0 [ 476.560267][ T9481] ? __pfx_warn_alloc+0x10/0x10 [ 476.560294][ T9481] ? __get_vm_area_node+0x240/0x350 [ 476.560309][ T9481] ? __get_vm_area_node+0x172/0x350 [ 476.560323][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.560336][ T9481] ? __get_vm_area_node+0x240/0x350 [ 476.560352][ T9481] __vmalloc_node_range_noprof+0x396/0x16a0 [ 476.560377][ T9481] ? is_bpf_text_address+0x26/0x2b0 [ 476.560391][ T9481] ? kernel_text_address+0xa5/0xe0 [ 476.560408][ T9481] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 476.560424][ T9481] ? __lock_acquire+0x6b6/0x2cf0 [ 476.560441][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.560452][ T9481] __vmalloc_noprof+0xd2/0x120 [ 476.560466][ T9481] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.560479][ T9481] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 476.560493][ T9481] bpf_prog_alloc+0x3c/0x1a0 [ 476.560506][ T9481] bpf_prog_load+0x735/0x1a10 [ 476.560521][ T9481] ? get_pid_task+0x20/0x1f0 [ 476.560535][ T9481] ? __pfx_bpf_prog_load+0x10/0x10 [ 476.560549][ T9481] ? __might_fault+0xb0/0x130 [ 476.560590][ T9481] ? bpf_lsm_bpf+0x9/0x20 [ 476.560605][ T9481] ? security_bpf+0x7e/0x300 [ 476.560633][ T9481] __sys_bpf+0x507/0x860 [ 476.560647][ T9481] ? __pfx___sys_bpf+0x10/0x10 [ 476.560657][ T9481] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 476.560678][ T9481] ? ksys_write+0x230/0x260 [ 476.560693][ T9481] ? __pfx_ksys_write+0x10/0x10 [ 476.560711][ T9481] __x64_sys_bpf+0x7c/0x90 [ 476.560721][ T9481] do_syscall_64+0xec/0xf80 [ 476.560730][ T9481] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.560740][ T9481] ? trace_irq_disable+0x37/0x100 [ 476.560750][ T9481] ? clear_bhb_loop+0x60/0xb0 [ 476.560762][ T9481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.560772][ T9481] RIP: 0033:0x7f458bdff749 [ 476.560781][ T9481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.560790][ T9481] RSP: 002b:00007f458a05e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 476.560800][ T9481] RAX: ffffffffffffffda RBX: 00007f458c055fa0 RCX: 00007f458bdff749 [ 476.560808][ T9481] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 476.560814][ T9481] RBP: 00007f458a05e090 R08: 0000000000000000 R09: 0000000000000000 [ 476.560821][ T9481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.560827][ T9481] R13: 00007f458c056038 R14: 00007f458c055fa0 R15: 00007fff504638f8 [ 476.560843][ T9481] [ 476.560903][ T9481] Mem-Info: [ 476.560912][ T9481] active_anon:283 inactive_anon:23718 isolated_anon:0 [ 476.560912][ T9481] active_file:25307 inactive_file:37918 isolated_file:0 [ 476.560912][ T9481] unevictable:768 dirty:173 writeback:0 [ 476.560912][ T9481] slab_reclaimable:12109 slab_unreclaimable:100506 [ 476.560912][ T9481] mapped:32860 shmem:20600 pagetables:1115 [ 476.560912][ T9481] sec_pagetables:0 bounce:0 [ 476.560912][ T9481] kernel_misc_reclaimable:0 [ 476.560912][ T9481] free:1295445 free_pcp:3993 free_cma:0 [ 476.560961][ T9481] Node 0 active_anon:1132kB inactive_anon:94872kB active_file:101032kB inactive_file:151672kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131440kB dirty:692kB writeback:0kB shmem:80864kB kernel_stack:13788kB pagetables:4320kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 476.560993][ T9481] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 476.561015][ T9481] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 476.561044][ T9481] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 476.561061][ T9481] Node 0 DMA32 free:1269868kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1132kB inactive_anon:94872kB active_file:101032kB inactive_file:151672kB unevictable:1536kB writepending:692kB zspages:0kB present:3129332kB managed:2574688kB mlocked:0kB bounce:0kB free_pcp:15608kB local_pcp:3108kB free_cma:0kB [ 476.561132][ T9481] lowmem_reserve[]: 0 0 1 1 1 [ 476.561150][ T9481] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 476.561178][ T9481] lowmem_reserve[]: 0 0 0 0 0 [ 476.561193][ T9481] Node 1 Normal free:3896552kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:364kB local_pcp:0kB free_cma:0kB [ 476.561222][ T9481] lowmem_reserve[]: 0 0 0 0 0 [ 476.561237][ T9481] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 476.561294][ T9481] Node 0 DMA32: 765*4kB (U) 1150*8kB (U) 722*16kB (UME) 260*32kB (UE) 47*64kB (UME) 24*128kB (UME) 113*256kB (UME) 51*512kB (UME) 23*1024kB (UME) 17*2048kB (UME) 273*4096kB (UM) = 1269828kB [ 476.561427][ T9481] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 476.561475][ T9481] Node 1 Normal: 218*4kB (U) 46*8kB (UME) 37*16kB (UME) 210*32kB (UME) 114*64kB (UME) 30*128kB (UME) 12*256kB (UME) 10*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 943*4096kB (M) = 3896552kB [ 476.561551][ T9481] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 476.561560][ T9481] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 476.561568][ T9481] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 476.561576][ T9481] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 476.561584][ T9481] 83821 total pagecache pages [ 476.561588][ T9481] 0 pages in swap cache [ 476.561592][ T9481] Free swap = 124996kB [ 476.561597][ T9481] Total swap = 124996kB [ 476.561605][ T9481] 2097051 pages RAM [ 476.561611][ T9481] 0 pages HighMem/MovableOnly [ 476.561618][ T9481] 421353 pages reserved [ 476.561624][ T9481] 0 pages cma reserved [ 476.595624][ T5963] usb 3-1: USB disconnect, device number 19 [ 476.735125][ T9396] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.735146][ T9396] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.735158][ T9396] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 476.735181][ T9396] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 476.735193][ T9396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.806879][ T5963] usb 5-1: USB disconnect, device number 20 [ 477.647141][ T9396] usb 4-1: config 0 descriptor?? [ 477.685205][ T5963] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 477.945177][ T5963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 477.945209][ T5963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.945229][ T5963] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 477.945270][ T5963] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 477.945292][ T5963] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.962929][ T9396] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 479.005189][ T5963] usb 1-1: config 0 descriptor?? [ 479.469656][ T5963] plantronics 0003:047F:FFFF.000E: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 479.541689][ C1] plantronics 0003:047F:FFFF.000D: usb_submit_urb(ctrl) failed: -1 [ 479.577815][ T6296] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 479.987062][ T6296] usb 2-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 479.987095][ T6296] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 479.987116][ T6296] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 479.987130][ T6296] usb 2-1: config 0 interface 0 has no altsetting 0 [ 479.989439][ T6296] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 479.989467][ T6296] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 479.989483][ T6296] usb 2-1: Product: syz [ 479.989490][ T6296] usb 2-1: Manufacturer: syz [ 479.989497][ T6296] usb 2-1: SerialNumber: syz [ 479.992608][ T6296] usb 2-1: config 0 descriptor?? [ 479.993260][ T9503] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 481.987058][ T6296] usb 2-1: selecting invalid altsetting 0 [ 482.044456][ T9513] block nbd0: shutting down sockets [ 482.172366][ T5963] usb 4-1: USB disconnect, device number 23 [ 482.323386][ T6296] usb 1-1: USB disconnect, device number 18 [ 482.374190][ T9524] FAULT_INJECTION: forcing a failure. [ 482.374190][ T9524] name failslab, interval 1, probability 0, space 0, times 0 [ 482.374223][ T9524] CPU: 0 UID: 0 PID: 9524 Comm: syz.0.1001 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 482.374245][ T9524] Tainted: [L]=SOFTLOCKUP [ 482.374249][ T9524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 482.374259][ T9524] Call Trace: [ 482.374264][ T9524] [ 482.374271][ T9524] dump_stack_lvl+0xe8/0x150 [ 482.374307][ T9524] should_fail_ex+0x46c/0x600 [ 482.374331][ T9524] should_failslab+0xa8/0x100 [ 482.374346][ T9524] __kmalloc_node_noprof+0xe7/0x820 [ 482.374367][ T9524] ? alloc_slab_obj_exts+0x3e/0x100 [ 482.374387][ T9524] alloc_slab_obj_exts+0x3e/0x100 [ 482.374405][ T9524] allocate_slab+0x1cc/0x3b0 [ 482.374425][ T9524] ___slab_alloc+0xb10/0x13e0 [ 482.374442][ T9524] ? fs_reclaim_acquire+0x7d/0x100 [ 482.374463][ T9524] ? copy_fs_struct+0x4f/0x270 [ 482.374489][ T9524] __slab_alloc+0xc6/0x1f0 [ 482.374503][ T9524] ? copy_fs_struct+0x4f/0x270 [ 482.374524][ T9524] ? copy_fs_struct+0x4f/0x270 [ 482.374543][ T9524] kmem_cache_alloc_noprof+0x101/0x6c0 [ 482.374562][ T9524] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 482.374578][ T9524] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 482.374600][ T9524] copy_fs_struct+0x4f/0x270 [ 482.374621][ T9524] ksys_unshare+0x3a2/0x8c0 [ 482.374643][ T9524] ? ksys_write+0x230/0x260 [ 482.374663][ T9524] ? __pfx_ksys_unshare+0x10/0x10 [ 482.374682][ T9524] ? __pfx_ksys_write+0x10/0x10 [ 482.374709][ T9524] __x64_sys_unshare+0x38/0x50 [ 482.374728][ T9524] do_syscall_64+0xec/0xf80 [ 482.374741][ T9524] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.374756][ T9524] ? trace_irq_disable+0x37/0x100 [ 482.374772][ T9524] ? clear_bhb_loop+0x60/0xb0 [ 482.374790][ T9524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.374805][ T9524] RIP: 0033:0x7fb3381df749 [ 482.374820][ T9524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.374832][ T9524] RSP: 002b:00007fb336446038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 482.374849][ T9524] RAX: ffffffffffffffda RBX: 00007fb338435fa0 RCX: 00007fb3381df749 [ 482.374859][ T9524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200 [ 482.374868][ T9524] RBP: 00007fb336446090 R08: 0000000000000000 R09: 0000000000000000 [ 482.374878][ T9524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 482.374888][ T9524] R13: 00007fb338436038 R14: 00007fb338435fa0 R15: 00007ffcbb30d7c8 [ 482.374915][ T9524] [ 483.022011][ T6965] usb 2-1: USB disconnect, device number 28 [ 487.320886][ T9560] block nbd0: shutting down sockets [ 487.885097][ T6812] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 488.041215][ T6812] usb 3-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x44, changing to 0x4 [ 488.041251][ T6812] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 488.041278][ T6812] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x4 has invalid maxpacket 16706, setting to 64 [ 488.041303][ T6812] usb 3-1: config 0 interface 0 has no altsetting 0 [ 488.043923][ T6812] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 488.043950][ T6812] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 488.044079][ T6812] usb 3-1: Product: syz [ 488.044094][ T6812] usb 3-1: Manufacturer: syz [ 488.044107][ T6812] usb 3-1: SerialNumber: syz [ 488.053053][ T6812] usb 3-1: config 0 descriptor?? [ 488.060818][ T9567] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 488.095987][ T6812] usb 3-1: selecting invalid altsetting 0 [ 492.230193][ T6812] usb 3-1: USB disconnect, device number 20 [ 492.312838][ T9599] usb 3-1: timeout: still 3 active urbs on EP #4 [ 492.313272][ T9599] ------------[ cut here ]------------ [ 492.313282][ T9599] URB ffff88805dd05000 submitted while active [ 492.313302][ T9599] WARNING: drivers/usb/core/urb.c:380 at usb_submit_urb+0x7b/0x18d0, CPU#1: syz.4.1023/9599 [ 492.313341][ T9599] Modules linked in: [ 492.313362][ T9599] CPU: 1 UID: 0 PID: 9599 Comm: syz.4.1023 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 492.313390][ T9599] Tainted: [L]=SOFTLOCKUP [ 492.313406][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 492.313418][ T9599] RIP: 0010:usb_submit_urb+0x7e/0x18d0 [ 492.313440][ T9599] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 77 26 a7 fb 49 83 3e 00 74 40 e8 2c ef 44 fb 48 8d 3d e5 27 6c 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 11 ef 44 fb eb 05 e8 0a ef [ 492.313459][ T9599] RSP: 0018:ffffc9000cd6f5e0 EFLAGS: 00010287 [ 492.313476][ T9599] RAX: ffffffff867abd04 RBX: ffff88805dd05000 RCX: 0000000000080000 [ 492.313492][ T9599] RDX: ffffc9000ec48000 RSI: ffff88805dd05000 RDI: ffffffff8ee6e4f0 [ 492.313508][ T9599] RBP: ffffc9000cd6f7c0 R08: 0000000000000000 R09: 0000000000000000 [ 492.313522][ T9599] R10: dffffc0000000000 R11: ffffed10065221b8 R12: 0000000000000820 [ 492.313537][ T9599] R13: 0000000000000000 R14: ffff88805dd05008 R15: dffffc0000000000 [ 492.313552][ T9599] FS: 00007fd14e1dd6c0(0000) GS:ffff888126def000(0000) knlGS:0000000000000000 [ 492.313568][ T9599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 492.313582][ T9599] CR2: 0000555575be0808 CR3: 0000000036704000 CR4: 00000000003526f0 [ 492.313600][ T9599] Call Trace: [ 492.313608][ T9599] [ 492.313618][ T9599] ? __pfx_prepare_outbound_urb+0x10/0x10 [ 492.313652][ T9599] ? snd_usb_endpoint_start_quirk+0x1f7/0x320 [ 492.313684][ T9599] snd_usb_endpoint_start+0x8a0/0x1520 [ 492.313733][ T9599] ? __pfx_snd_usb_endpoint_start+0x10/0x10 [ 492.313765][ T9599] ? rt_spin_lock+0x1c1/0x3e0 [ 492.313792][ T9599] ? rt_spin_lock+0x1c1/0x3e0 [ 492.313820][ T9599] start_endpoints+0xa1/0x280 [ 492.313842][ T9599] ? snd_usb_substream_playback_trigger+0x3ce/0x830 [ 492.313871][ T9599] snd_usb_substream_playback_trigger+0x3e0/0x830 [ 492.313903][ T9599] snd_pcm_do_drain_init+0x7d9/0xd10 [ 492.313934][ T9599] snd_pcm_action+0xe7/0x240 [ 492.313963][ T9599] snd_pcm_drain+0x261/0xdf0 [ 492.314002][ T9599] ? lockdep_hardirqs_on+0x7b/0x110 [ 492.314024][ T9599] ? __pfx_snd_pcm_drain+0x10/0x10 [ 492.314047][ T9599] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 492.314092][ T9599] snd_pcm_oss_sync+0xf6/0x9d0 [ 492.314120][ T9599] snd_pcm_oss_release+0x102/0x250 [ 492.314141][ T9599] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 492.314160][ T9599] __fput+0x45b/0xa80 [ 492.314195][ T9599] task_work_run+0x1d4/0x260 [ 492.314227][ T9599] ? __pfx_task_work_run+0x10/0x10 [ 492.314268][ T9599] get_signal+0x11c4/0x1310 [ 492.314288][ T9599] ? kick_process+0xeb/0x160 [ 492.314315][ T9599] ? task_work_add+0x391/0x440 [ 492.314345][ T9599] ? __pfx_task_work_add+0x10/0x10 [ 492.314372][ T9599] ? __pfx_vfs_write+0x10/0x10 [ 492.314413][ T9599] arch_do_signal_or_restart+0x9a/0x7a0 [ 492.314444][ T9599] ? __pfx___fput_deferred+0x10/0x10 [ 492.314468][ T9599] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 492.314507][ T9599] ? ksys_write+0x230/0x260 [ 492.314544][ T9599] exit_to_user_mode_loop+0x87/0x4e0 [ 492.314571][ T9599] ? rcu_is_watching+0x15/0xb0 [ 492.314593][ T9599] do_syscall_64+0x2c1/0xf80 [ 492.314612][ T9599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.314631][ T9599] ? trace_irq_disable+0x37/0x100 [ 492.314650][ T9599] ? clear_bhb_loop+0x60/0xb0 [ 492.314674][ T9599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.314692][ T9599] RIP: 0033:0x7fd14ff9f749 [ 492.314710][ T9599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.314727][ T9599] RSP: 002b:00007fd14e1dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 492.314746][ T9599] RAX: 0000000000003ac5 RBX: 00007fd1501f6090 RCX: 00007fd14ff9f749 [ 492.314760][ T9599] RDX: 00000000fffffcd9 RSI: 0000200000002200 RDI: 0000000000000006 [ 492.314774][ T9599] RBP: 00007fd150023f91 R08: 0000000000000000 R09: 0000000000000000 [ 492.314787][ T9599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.314800][ T9599] R13: 00007fd1501f6128 R14: 00007fd1501f6090 R15: 00007ffd58df2118 [ 492.314835][ T9599] [ 492.314856][ T9599] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 492.314873][ T9599] CPU: 1 UID: 0 PID: 9599 Comm: syz.4.1023 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 492.314900][ T9599] Tainted: [L]=SOFTLOCKUP [ 492.314908][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 492.314919][ T9599] Call Trace: [ 492.314928][ T9599] [ 492.314935][ T9599] vpanic+0x1e0/0x670 [ 492.314969][ T9599] panic+0xb9/0xc0 [ 492.314993][ T9599] ? __pfx_panic+0x10/0x10 [ 492.315038][ T9599] __warn+0x317/0x4b0 [ 492.315063][ T9599] ? usb_submit_urb+0x7b/0x18d0 [ 492.315088][ T9599] ? usb_submit_urb+0x7b/0x18d0 [ 492.315109][ T9599] __report_bug+0x288/0x500 [ 492.315136][ T9599] ? rt_spin_unlock+0x161/0x200 [ 492.315161][ T9599] ? usb_submit_urb+0x7b/0x18d0 [ 492.315190][ T9599] ? __pfx___report_bug+0x10/0x10 [ 492.315241][ T9599] report_bug_entry+0x19a/0x290 [ 492.315270][ T9599] ? usb_submit_urb+0x7e/0x18d0 [ 492.315289][ T9599] ? usb_submit_urb+0x83/0x18d0 [ 492.315308][ T9599] handle_bug+0xca/0x200 [ 492.315331][ T9599] exc_invalid_op+0x1a/0x50 [ 492.315353][ T9599] asm_exc_invalid_op+0x1a/0x20 [ 492.315371][ T9599] RIP: 0010:usb_submit_urb+0x7e/0x18d0 [ 492.315399][ T9599] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 77 26 a7 fb 49 83 3e 00 74 40 e8 2c ef 44 fb 48 8d 3d e5 27 6c 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 11 ef 44 fb eb 05 e8 0a ef [ 492.315417][ T9599] RSP: 0018:ffffc9000cd6f5e0 EFLAGS: 00010287 [ 492.315435][ T9599] RAX: ffffffff867abd04 RBX: ffff88805dd05000 RCX: 0000000000080000 [ 492.315451][ T9599] RDX: ffffc9000ec48000 RSI: ffff88805dd05000 RDI: ffffffff8ee6e4f0 [ 492.315466][ T9599] RBP: ffffc9000cd6f7c0 R08: 0000000000000000 R09: 0000000000000000 [ 492.315480][ T9599] R10: dffffc0000000000 R11: ffffed10065221b8 R12: 0000000000000820 [ 492.315496][ T9599] R13: 0000000000000000 R14: ffff88805dd05008 R15: dffffc0000000000 [ 492.315520][ T9599] ? usb_submit_urb+0x74/0x18d0 [ 492.315551][ T9599] ? __pfx_prepare_outbound_urb+0x10/0x10 [ 492.315584][ T9599] ? snd_usb_endpoint_start_quirk+0x1f7/0x320 [ 492.315616][ T9599] snd_usb_endpoint_start+0x8a0/0x1520 [ 492.315663][ T9599] ? __pfx_snd_usb_endpoint_start+0x10/0x10 [ 492.315695][ T9599] ? rt_spin_lock+0x1c1/0x3e0 [ 492.315722][ T9599] ? rt_spin_lock+0x1c1/0x3e0 [ 492.315750][ T9599] start_endpoints+0xa1/0x280 [ 492.315773][ T9599] ? snd_usb_substream_playback_trigger+0x3ce/0x830 [ 492.315802][ T9599] snd_usb_substream_playback_trigger+0x3e0/0x830 [ 492.315835][ T9599] snd_pcm_do_drain_init+0x7d9/0xd10 [ 492.315866][ T9599] snd_pcm_action+0xe7/0x240 [ 492.315894][ T9599] snd_pcm_drain+0x261/0xdf0 [ 492.315933][ T9599] ? lockdep_hardirqs_on+0x7b/0x110 [ 492.315954][ T9599] ? __pfx_snd_pcm_drain+0x10/0x10 [ 492.315977][ T9599] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 492.316022][ T9599] snd_pcm_oss_sync+0xf6/0x9d0 [ 492.316051][ T9599] snd_pcm_oss_release+0x102/0x250 [ 492.316071][ T9599] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 492.316090][ T9599] __fput+0x45b/0xa80 [ 492.316125][ T9599] task_work_run+0x1d4/0x260 [ 492.316156][ T9599] ? __pfx_task_work_run+0x10/0x10 [ 492.316196][ T9599] get_signal+0x11c4/0x1310 [ 492.316215][ T9599] ? kick_process+0xeb/0x160 [ 492.316241][ T9599] ? task_work_add+0x391/0x440 [ 492.316271][ T9599] ? __pfx_task_work_add+0x10/0x10 [ 492.316298][ T9599] ? __pfx_vfs_write+0x10/0x10 [ 492.316331][ T9599] arch_do_signal_or_restart+0x9a/0x7a0 [ 492.316361][ T9599] ? __pfx___fput_deferred+0x10/0x10 [ 492.316383][ T9599] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 492.316427][ T9599] ? ksys_write+0x230/0x260 [ 492.316464][ T9599] exit_to_user_mode_loop+0x87/0x4e0 [ 492.316491][ T9599] ? rcu_is_watching+0x15/0xb0 [ 492.316513][ T9599] do_syscall_64+0x2c1/0xf80 [ 492.316532][ T9599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.316551][ T9599] ? trace_irq_disable+0x37/0x100 [ 492.316570][ T9599] ? clear_bhb_loop+0x60/0xb0 [ 492.316594][ T9599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.316613][ T9599] RIP: 0033:0x7fd14ff9f749 [ 492.316630][ T9599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.316647][ T9599] RSP: 002b:00007fd14e1dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 492.316667][ T9599] RAX: 0000000000003ac5 RBX: 00007fd1501f6090 RCX: 00007fd14ff9f749 [ 492.316682][ T9599] RDX: 00000000fffffcd9 RSI: 0000200000002200 RDI: 0000000000000006 [ 492.316696][ T9599] RBP: 00007fd150023f91 R08: 0000000000000000 R09: 0000000000000000 [ 492.316708][ T9599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.316721][ T9599] R13: 00007fd1501f6128 R14: 00007fd1501f6090 R15: 00007ffd58df2118 [ 492.316756][ T9599] [ 492.317107][ T9599] Kernel Offset: disabled