last executing test programs: 2m52.083316559s ago: executing program 4 (id=2802): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c2000000080600010800", @ANYRES32=r1, @ANYBLOB="960348df10f28bae08de72a12414d6558ade2d2bc49bd081a5bd6994859fa6d84051380cc8a49cf0b83e90a6c6136fb184212ac65119315e58a020ccbf58d86d7bd42b4d7601b29a788be2626b7f", @ANYRES64=r0], 0x0) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) accept4$tipc(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x800) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'comedi_bond\x00', [0xd00, 0x2, 0xfffffffe, 0x0, 0x4, 0x2, 0x200, 0x7, 0x5, 0x40, 0x2, 0x1, 0x8, 0x2, 0x3, 0x9, 0x1, 0x5, 0x7, 0x40081803, 0x5, 0xffff, 0x2, 0x6, 0x800b, 0x8, 0x40005, 0x6, 0x4, 0xfffe, 0xfffffff7]}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'vlan0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000100)={r5, 0x3, 0x6}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x2000, {0x0, 0x0, 0x74, r5, {0xfffd, 0x10}, {0x1, 0xfff1}, {0x2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x34004804}, 0x840) 2m50.641952367s ago: executing program 4 (id=2805): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$P9_RSTATu(r0, &(0x7f0000000580)={0x237, 0x7d, 0x2, {{0x500, 0xf6, 0x0, 0x5000000, {0x96346fe8a85d2583, 0x0, 0x8}, 0x41400000, 0x0, 0xe5e0, 0x5, 0x1b, '\x04nodev{evoo~\x05E\xc6\x00\x05\b\x007\xd9:\x8b\x92\x00\x00\x00', 0x33, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x37, '\xcf\xc3m\a\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e^\x98\x9c\xd5\xefMQ\xf6\r\xa7X,J\x05\xc8\xf8(\xf6\x8d\xc1wM]\xe2\xe8 \x86#\x81\xf6hm\xd1\xbb\x8f\xd7\x00\x00\x00', 0x3e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c<;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0w\xdct\x00\x00\x00\x00\x00\x00\x00\x00\a\xec!\xca\xbf\xf2\x0f\x9c\x00\x89\xf9\x06\x00\x00\x00\x00\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x13r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x237) 2m50.060788519s ago: executing program 4 (id=2806): socket$inet_udp(0x2, 0x2, 0x0) r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x104) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) write$P9_RVERSION(r0, &(0x7f0000000c40)=ANY=[], 0x13) syz_clone(0x80804000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x3c) 2m49.566896415s ago: executing program 4 (id=2808): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) close(r1) 2m49.36681095s ago: executing program 4 (id=2810): r0 = syz_open_dev$evdev(&(0x7f00000005c0), 0x1, 0x80200) ioctl$EVIOCGREP(r0, 0x80084503, 0x0) r1 = userfaultfd(0x801) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x20) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x58) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="2002000010000100002545e11494c8a7701414bb00000000000000000000000000000000000000000000000000000001000200004e2000500000208016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aafffffffc33000000ac1414aa0000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000805600000000000000000000000000000000000000000001000000000001040000090000000000000000000000000000000a000100900000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001700010000002dbd700028bd70002bbd70002bbd700008000000080000009c001100ffffffff000000000000000000000000fe880000000000000000000000000101ff0100000000000000000000000000010a0101010000000000000000000000003201000002350000020002007f000001000000000000000000000000fe880000000000000000000000000001ac14141b000000000000000000000000fc000000000000000000000000000000ff01000000000000020000001c0004"], 0x220}}, 0x24000058) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r3, &(0x7f00000004c0)='./file0\x00', 0x2) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) recvfrom$packet(r2, &(0x7f0000000140)=""/132, 0x84, 0x40, &(0x7f0000000300)={0x11, 0x16, r5, 0x1, 0x2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00005cf000/0x400000)=nil) 2m49.174202503s ago: executing program 4 (id=2811): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5014, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, "", [{{0x9, 0x4, 0x0, 0x81, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x27}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0xa, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x40, 0xc, 0x5, "cd4b1bab8a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x7}}) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) 2m40.948654978s ago: executing program 1 (id=2838): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c2000000080600010800", @ANYRES32=r1, @ANYBLOB="960348df10f28bae08de72a12414d6558ade2d2bc49bd081a5bd6994859fa6d84051380cc8a49cf0b83e90a6c6136fb184212ac65119315e58a020ccbf58d86d7bd42b4d7601b29a788be2626b7f", @ANYRES64=r0], 0x0) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) accept4$tipc(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x800) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'comedi_bond\x00', [0xd00, 0x2, 0xfffffffe, 0x0, 0x4, 0x2, 0x200, 0x7, 0x5, 0x40, 0x2, 0x1, 0x8, 0x2, 0x3, 0x9, 0x1, 0x5, 0x7, 0x40081803, 0x5, 0xffff, 0x2, 0x6, 0x800b, 0x8, 0x40005, 0x6, 0x4, 0xfffe, 0xfffffff7]}) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'vlan0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x2000, {0x0, 0x0, 0x74, r4, {0xfffd, 0x10}, {0x1, 0xfff1}, {0x2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x34004804}, 0x840) 2m39.647607424s ago: executing program 1 (id=2841): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) openat$smackfs_cipsonum(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d40000001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000008000000000000000000000000000000000000000000000000000000000000000000d000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000fdffffff0000000001010000"], 0xd4}, 0x1, 0x0, 0x0, 0x48081}, 0x0) r1 = fsopen(0x0, 0x1) fsmount(r1, 0x0, 0x1) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000040)=0x8) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') exit(0xffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) close(0xffffffffffffffff) openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000b0e0000000000000000800018150000", @ANYRES32, @ANYBLOB="0000000700000000b7080000030000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005400000095"], &(0x7f00000002c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2m38.627367668s ago: executing program 1 (id=2848): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$cgroup_type(r0, &(0x7f0000000040), 0x9) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x6, 0x0, 0x80, 0x5, 0xb6e, 0xffffffffffffffff}) write$cgroup_pid(r0, &(0x7f0000000140)=r1, 0x12) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x2, 0x300}, {0x6e, 0x0, 0xd}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9, 0x0, 0x0, 0x20000f15}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x6) 2m38.311879579s ago: executing program 1 (id=2851): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0) 2m36.963821577s ago: executing program 1 (id=2853): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x13}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x40000010) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000003a40), 0x2, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f00000004c0)={0x781519edd4a4c428, 0x251, "0aa8f4b7011dc302f48b6c2fcfac136042d203de4fc3a0e2078ac3a892d9506e", 0xfffffffffffffff9, 0x1, 0x2, 0x5, 0xe3, 0x4, 0x8, 0x8131, [0x401, 0x6, 0x3, 0x9]}) (async) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000007a0000009c0000000000000024000000000000009500200d00000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x8, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xffffffffffffff6c}, 0x3f) 2m36.481567863s ago: executing program 1 (id=2856): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000007f00000000000000c554000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000fbffffffbf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000e308fa5b2fa82cba62970533efcc8a42f972b04f94ea844e614aaef3afea360ec64ce2a34d90f171573389da6cd05100514b48a275a5ae80d1b65259bb32e1c2c41da6cad08760f151b818eb8acbcce7436856db73ca2ee802"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0xfa, &(0x7f0000000240)=""/250, 0x41100, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x1, 0x9, 0x0, 0xcbf}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x13, 0x0, &(0x7f0000000440)="cc0000000021760fc6ae7ef1558f29b200d0b5", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x402100) fsopen(0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "dc3044bfb24d3527ce571607e5cbf0bce2f40aa5f5fe91992f231e868a0a22129f62abb663544e9d682cfcb952cb7c9e38e492f5efbc9270dfc138ec6580e40c1748816a25d0a45ba99eaf61281b2d5fee0f249f73945dc2b98af8ea9c8fb1cb93d0d6f71dfa54faa06e1c2cb5dc4a4a8c0efcb37fa382be71831bb4bab5829d2baa4ec952a1fc17de6da1f2f78c1713b8007b4407b1d0e68a1e5cd38716141dbd56198182ed139e2001134d723dc7652c9a5ddb454afa9e2e9d3fc98ea787496f94891113cc045411b469cdfa9541a5c1c97b651f3f11c099fadb4029077dd839038809683b203dd4071cc361d77e9313a2871a114354d769b1908a65443307"}) syz_usb_connect(0x2, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000009a65d0860040800dec30102030109021b050000000000090400000178eaf500090584"], 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r3 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x2, &(0x7f0000000580)) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000000)=ANY=[@ANYBLOB='b *:*\t\n'], 0xa) sendfile(r4, r2, &(0x7f00000000c0)=0x58, 0xa) 2m34.054944698s ago: executing program 32 (id=2811): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5014, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, "", [{{0x9, 0x4, 0x0, 0x81, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x27}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0xa, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x40, 0xc, 0x5, "cd4b1bab8a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x7}}) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) 2m21.370266851s ago: executing program 33 (id=2856): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000007f00000000000000c554000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000fbffffffbf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000e308fa5b2fa82cba62970533efcc8a42f972b04f94ea844e614aaef3afea360ec64ce2a34d90f171573389da6cd05100514b48a275a5ae80d1b65259bb32e1c2c41da6cad08760f151b818eb8acbcce7436856db73ca2ee802"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0xfa, &(0x7f0000000240)=""/250, 0x41100, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x1, 0x9, 0x0, 0xcbf}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x13, 0x0, &(0x7f0000000440)="cc0000000021760fc6ae7ef1558f29b200d0b5", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x402100) fsopen(0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "dc3044bfb24d3527ce571607e5cbf0bce2f40aa5f5fe91992f231e868a0a22129f62abb663544e9d682cfcb952cb7c9e38e492f5efbc9270dfc138ec6580e40c1748816a25d0a45ba99eaf61281b2d5fee0f249f73945dc2b98af8ea9c8fb1cb93d0d6f71dfa54faa06e1c2cb5dc4a4a8c0efcb37fa382be71831bb4bab5829d2baa4ec952a1fc17de6da1f2f78c1713b8007b4407b1d0e68a1e5cd38716141dbd56198182ed139e2001134d723dc7652c9a5ddb454afa9e2e9d3fc98ea787496f94891113cc045411b469cdfa9541a5c1c97b651f3f11c099fadb4029077dd839038809683b203dd4071cc361d77e9313a2871a114354d769b1908a65443307"}) syz_usb_connect(0x2, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000009a65d0860040800dec30102030109021b050000000000090400000178eaf500090584"], 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r3 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, r3, 0x2, &(0x7f0000000580)) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000000)=ANY=[@ANYBLOB='b *:*\t\n'], 0xa) sendfile(r4, r2, &(0x7f00000000c0)=0x58, 0xa) 33.847257249s ago: executing program 0 (id=3190): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000000208", @ANYRES64=0x0, @ANYRES64=0x0], 0x80}}, 0x800) close(0x3) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_getlink={0x28, 0x12, 0x301, 0x70bd2c, 0x25dfdbfb, {0x7, 0x0, 0x0, 0x0, 0x8a6b, 0x11530}, [@IFLA_EXT_MASK={0x8, 0x1d, 0xffffff80}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r3, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x1100000000000000, 0x6, 0x109e93, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0x7fffffffffffffff, 0x5, 0x401, 0x6, 0x5, 0x20000001, 0xfffffffffffffffc], 0xd5d5c004, 0x1354}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0xffffffffffffff6f, &(0x7f0000000940)={&(0x7f00000003c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}, {0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000001c0)=@x86={0x80, 0x4, 0x5, 0x0, 0x8, 0x5, 0x40, 0x7, 0x6, 0x4, 0xf9, 0x8, 0x0, 0x0, 0x5, 0x2, 0x84, 0x3, 0x4, '\x00', 0x4, 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 33.155581132s ago: executing program 0 (id=3198): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a78000000060a010400000000000000000200000038000480340001800a0001006d617463680000002400028008000100756470000e0003007acc6338a900020000d9000008000240000000000900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x20002841}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9) 30.243923828s ago: executing program 0 (id=3203): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) openat$smackfs_cipsonum(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d40000001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000008000000000000000000000000000000000000000000000000000000000000000000d000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000fdffffff0000000001010000"], 0xd4}, 0x1, 0x0, 0x0, 0x48081}, 0x0) r1 = fsopen(0x0, 0x1) fsmount(r1, 0x0, 0x1) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000040)=0x8) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') exit(0xffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) close(0xffffffffffffffff) openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 27.440486594s ago: executing program 0 (id=3207): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) timer_create(0x0, &(0x7f0000000100)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d1, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x115) socket$inet6(0xa, 0x3, 0x84) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 26.775376673s ago: executing program 0 (id=3211): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(serpent)\x00'}, 0x58) syz_emit_ethernet(0x30, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@arp={0x806, @generic={0x337, 0x884c, 0x6, 0x4, 0x9, @random="e5bb0c621127", "456047be", @empty, "922dcfb5cceb43eead57"}}}}, &(0x7f0000000040)={0x1, 0x2, [0xb46, 0x215, 0xd9a, 0xd99]}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6", 0x3) syz_emit_ethernet(0x11, &(0x7f0000000280)={@local, @local, @void, {@x25={0x805, {0x1, 0xc5, 0xfb}}}}, 0x0) 26.411332066s ago: executing program 0 (id=3212): syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000d00)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) bind$inet(r4, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) splice(r3, 0x0, r4, 0x0, 0x714f, 0x0) ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r3, 0x4068aea3, &(0x7f0000000200)={0xdb, 0x0, 0x7}) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r1}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) 13.900144376s ago: executing program 2 (id=3236): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000000), 0x4) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$int_in(r2, 0x5421, &(0x7f0000000000)=0x5) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) close(r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x63) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ptrace(0x10, r3) ptrace$poke(0x5, r3, &(0x7f0000000200), 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$isdn(0x22, 0x3, 0x21) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000004000000080000000c0000000075a900", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x7, 0xc, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000004c0)='GPL\x00', 0xc, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) 11.10821105s ago: executing program 34 (id=3212): syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000d00)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) bind$inet(r4, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) splice(r3, 0x0, r4, 0x0, 0x714f, 0x0) ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r3, 0x4068aea3, &(0x7f0000000200)={0xdb, 0x0, 0x7}) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r1}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) 11.089083603s ago: executing program 2 (id=3246): ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000200)={{0xffffffffffffffff, &(0x7f0000000000)='k+][$+.\xc9){$[++#%.^+\x00', 0x40000, &(0x7f0000000080)={@_ha_fsid={[0x2a16, 0x80000001]}, {0x90, 0x2, 0x3}}, 0x3, &(0x7f00000000c0), &(0x7f0000000180)=0x9}, {[0xa, 0x2, 0x1, 0x80000001]}, 0x7ff, 0x11, &(0x7f00000001c0)=""/17}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x48}}, 0x0) getpid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c000900080000", @ANYRES32=r6], 0x4c}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@local, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r4}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001900110100000000000000000a"], 0x1c}, 0x1, 0x0, 0x0, 0x24000010}, 0x0) process_madvise(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="15", 0x1}], 0x1, 0x8, 0x0) r8 = socket$inet(0x2, 0x3, 0x30) ioctl$sock_inet_SIOCGIFBRDADDR(r8, 0x8919, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x0, @multicast2}}) r9 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r9, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) r10 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r10, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r10, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000240007012ebd7000fddbdf25027c00000c0001800800020001"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeefffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 8.687098888s ago: executing program 2 (id=3250): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x60bd27, 0x25dfdbfc, {0x2, 0x20, 0x0, 0xff, r3}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010100}, @IFA_FLAGS={0x8, 0x8, 0x100}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_FLAGS={0x8, 0x8, 0x132}, @IFA_FLAGS={0x8, 0x8, 0x83}, @IFA_RT_PRIORITY={0x8, 0x9, 0x107}]}, 0x48}, 0x1, 0x0, 0x0, 0x40014}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x884) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0xa, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.975205311s ago: executing program 2 (id=3254): r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000105804165000000000000109022400010000c04009040000010300000009210900000122a00009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xe00, 0x2}, 0x80, 0x0}, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x300, 0xffffffff, 0x210, 0x210, 0x210, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xc0, 0xe8, 0x0, {0x100000000000000}, [@common=@inet=@socket2={{0x28}, 0x2}, @common=@ttl={{0x28}, {0x2, 0x4}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x2, 0x4, 0x6, 0x2, 0x4, 0x6], 0x6, 0x4}, {0x1, [0x1, 0x2, 0x1, 0x1, 0x2, 0x4], 0x3, 0x7}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8, 0x5}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001"], 0x64}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x3, 0x200000180, 0x2, 0x29, 0xf1, 0x100000001, 0x10, 0x5, 0x0, 0x29, 0x0, 0x3, 0x9, 0xbd9], 0x9000, 0x4f100}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee3001, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x33000, 0x3, 0x0, 0x3f, 0x5, 0x75, 0x6, 0x36, 0xd, 0x6, 0x89}, {0x0, 0xd000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x3, 0x5}, {0x60000, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0x0, 0x8, 0x7, 0xe}, {0x1, 0xd000, 0xf, 0x3, 0x16, 0x7, 0x4, 0x8, 0x6, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x0, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0xff, 0x9, 0x2, 0x2c, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0xf000, 0x7}, 0x80000021, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x5, 0x2, 0x8]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r7) sendmsg$NL80211_CMD_GET_REG(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001600)={0x1c, r8, 0x2bbf3947e058553b, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x6c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x2400d044) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000640)={0x14, &(0x7f0000000540)={0x0, 0x10, 0x84, {0x84, 0x3, "88bccd849a2bad67f6f74a99a9f591ea662ea6bbd3d1c1a9c7be9bbdd05bbe6bea974cc9fa68118e5e46b89af01c12597a9e5cf359d26bd96ffb9d8122a37bf5f592d02dd51f025851bd0e2138726439f2f9d78fd4dd2b92b9f79d7bbee19627ae7129fb9f3aa4237bd670745866f157fd9ffaf32fcd14368d9b454e308707387345"}}, &(0x7f0000000600)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000940)={0x44, &(0x7f0000000680)={0x20, 0x7, 0xdc, "934ff643c0365cc07a105960e37c2a2574dd949e48668de10f09e357114f0a092a4bd44b76bc24f581aeaf86490304091b01c1b8d662dbb2cec0d62910ed2a6b451e51f94a520b1c4a58f2b4ced3b536cc7aa37a8e5fd66d5880653927c1a06429de258f6c1a319c02aa9fa0b65fd1e4beac4787ea63e29a46f80e05f41fd2b65b0c59262c18ecebbea85c1089e5d18f319c8e85a6bf7c9a0dea1b2cb1809b694af2c0c3cb3e4267f6c358624e3e3f13f4fc1943ab60776713b5a6162fe6e14bdfe38aed6f091bae042976c899aa53c83b80376585625ddcdce97b0a"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0xe}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000800)={0x20, 0x80, 0x1c, {0x7, 0xc000, 0x3, 0x5, 0x6, 0x0, 0x1ff, 0x2bce, 0x3, 0x4, 0x2, 0x9}}, &(0x7f0000000840)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000880)={0x20, 0x83, 0x2, 0x1}, &(0x7f00000008c0)={0x20, 0x87, 0x2, 0x400}, &(0x7f0000000900)={0x20, 0x89, 0x2}}) ioctl$HIDIOCSUSAGES(r3, 0x501c4814, 0x0) 6.777594983s ago: executing program 6 (id=3256): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x871a15abc695fb3d, 0x70bd28, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_mpls={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2, 0xffffffffffffffff}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a40)={r4, &(0x7f0000000a00)}, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() setpgid(r5, r5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f0000000040), 0x0, 0x2120, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) unshare(0x6a040000) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xfffffffe, 0x7ffe}, 0xc) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) 6.684378925s ago: executing program 5 (id=3257): bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) r2 = socket$inet6(0xa, 0x800, 0x4) sendmsg$inet6(r2, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000000000029000000", @ANYRES16=r2], 0x18}, 0x2000c8d0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffc6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) 5.791414581s ago: executing program 5 (id=3259): ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000200)={{0xffffffffffffffff, &(0x7f0000000000)='k+][$+.\xc9){$[++#%.^+\x00', 0x40000, &(0x7f0000000080)={@_ha_fsid={[0x2a16, 0x80000001]}, {0x90, 0x2, 0x3}}, 0x3, &(0x7f00000000c0), &(0x7f0000000180)=0x9}, {[0xa, 0x2, 0x1, 0x80000001]}, 0x7ff, 0x11, &(0x7f00000001c0)=""/17}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x48}}, 0x0) getpid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r5], 0x4c}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001900110100000000000000000a"], 0x1c}, 0x1, 0x0, 0x0, 0x24000010}, 0x0) process_madvise(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="15", 0x1}], 0x1, 0x8, 0x0) r7 = socket$inet(0x2, 0x3, 0x30) ioctl$sock_inet_SIOCGIFBRDADDR(r7, 0x8919, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x0, @multicast2}}) r8 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r8, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) r9 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r9, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r9, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000240007012ebd7000fddbdf25027c00000c0001800800020001"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeefffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 5.779479372s ago: executing program 3 (id=3260): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) openat$smackfs_cipsonum(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d40000001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000008000000000000000000000000000000000000000000000000000000000000000000d000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000fdffffff0000000001010000"], 0xd4}, 0x1, 0x0, 0x0, 0x48081}, 0x0) r1 = fsopen(0x0, 0x1) fsmount(r1, 0x0, 0x1) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000040)=0x8) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') exit(0xffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) close(0xffffffffffffffff) openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, 0x0, &(0x7f00000002c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.484940472s ago: executing program 6 (id=3261): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x31, 0xffffffffffffffff, 0xf679000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$mouse(0x0, 0xaf, 0x8e83) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) sysinfo(&(0x7f00000000c0)=""/52) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x2000c015}, 0x2404c8c0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r3], 0x4c}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) syz_clone3(&(0x7f000000dd80)={0x120b10180, 0x0, 0x0, 0x0, {0x80000a1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffffe]}, 0x8, 0x0) ioctl$XFS_IOC_FD_TO_HANDLE(r5, 0xc038586a, &(0x7f00000021c0)={r5, &(0x7f0000000040)='.!&\x00', 0x4000, &(0x7f0000002100)={@align=0x5, {0xfffd, 0x3, 0x7, 0x7}}, 0x2f4034c9, &(0x7f0000002140)={@_ha_fsid}, &(0x7f0000002180)=0x78b8}) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r6, &(0x7f0000002200)={0x2020}, 0x2020) 4.662719939s ago: executing program 3 (id=3262): r0 = gettid() r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) read(r1, &(0x7f0000000100)=""/41, 0x29) (fail_nth: 2) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$pppoe(0x18, 0x1, 0x0) 4.619158962s ago: executing program 5 (id=3263): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x13, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x130}, 0x94) r0 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d", 0x54}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba52b", 0xc3}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90", 0x4c}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6ea5cd18ff95c871d91454240f370e0c8e2629e58605c4b29017a160709ec76547c92a21d0ec5589e228922b105d0b8b29256620c44d2118334025dedd46db5194f22b349264de22068d3d4db627db4fa827907e5bc02b69c36e94f8149f12116f75bd48aa86d41dfdf52e74b442782f530da1263fd0f699776e9459", 0xec}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x78}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r2, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000400)=r2, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000961107840000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 4.105023554s ago: executing program 3 (id=3264): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16}, 0x94) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) recvmsg$unix(r1, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0), 0x4) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40046f41, &(0x7f0000000440)=0x1f) 3.786806232s ago: executing program 6 (id=3265): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0) syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f0000000280)='s', 0x1}, {&(0x7f0000000180)='5', 0x1}], 0x2) close_range(r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) unlink(&(0x7f00000001c0)='./bus\x00') unshare(0x2c020400) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x16) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="3e2e2a6e000fc7aa0c00f20f02f4260f070f01c4670fc71e0f096764670f01cf0f019900682e0f01c9", 0x29}], 0x1, 0x0, &(0x7f0000000100)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80f6}, @dstype0={0x6, 0xd}], 0x2) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="1b1b", @ANYRES16]) 2.800260608s ago: executing program 3 (id=3266): syz_usb_connect$uac2(0x5, 0x8f, &(0x7f0000000380)=ANY=[@ANYBLOB="12010102000000208c0d0c0040000102030109027d000301008008080b0101010c20060904000000010120000924010300041d000408240a05004000030c240302070305030503000109040100000102200009040101ef6881010220000905010900040806060825018230012800090402000001022000090402010101022000090582090002e8ff05082501030006290f"], &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x1009}}, {0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="2403d8c1ee2e54e39704c727ff2b0791e5fbb6f7b50637bfd181918d1eb1667cc53865ea"]}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0xf4ff}}]}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)={0x2}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000000280)="15b2b98e48b682ed10b9cabefaef127e687dcd3dbddcf39b2f6460c3eb1500"/42, 0x200}, 0x38) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="33000000020603000000000000000000000000000500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1a, 0x0, 0x0, 0x0, 0x80000002, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @tracing=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x4000004}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) close(0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x3, 0x2], [0x0, 0x0, 0x3], [0x4000000, 0xc, 0x0, 0x4]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={r3}) ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(0xffffffffffffffff, 0xc0186445, 0x0) ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(0xffffffffffffffff, 0xc0186445, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x0) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x157) 2.555714137s ago: executing program 5 (id=3267): ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000200)={{0xffffffffffffffff, &(0x7f0000000000)='k+][$+.\xc9){$[++#%.^+\x00', 0x40000, &(0x7f0000000080)={@_ha_fsid={[0x2a16, 0x80000001]}, {0x90, 0x2, 0x3}}, 0x3, &(0x7f00000000c0), &(0x7f0000000180)=0x9}, {[0xa, 0x2, 0x1, 0x80000001]}, 0x7ff, 0x11, &(0x7f00000001c0)=""/17}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x48}}, 0x0) getpid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c000900080000", @ANYRES32=r6], 0x4c}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@local, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r4}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001900110100000000000000000a"], 0x1c}, 0x1, 0x0, 0x0, 0x24000010}, 0x0) process_madvise(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="15", 0x1}], 0x1, 0x8, 0x0) r8 = socket$inet(0x2, 0x3, 0x30) ioctl$sock_inet_SIOCGIFBRDADDR(r8, 0x8919, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x0, @multicast2}}) r9 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r9, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) r10 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r10, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r10, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000240007012ebd7000fddbdf25027c00000c0001800800020001"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeefffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 1.596348373s ago: executing program 2 (id=3268): bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) r2 = socket$inet6(0xa, 0x800, 0x4) sendmsg$inet6(r2, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000000000029000000", @ANYRES16=r2], 0x18}, 0x2000c8d0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffc6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) 1.594908583s ago: executing program 6 (id=3269): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x2df4, &(0x7f00000000c0)={0x0, 0xd88, 0x801, 0x3, 0x1d2}, 0x0, 0x0, 0x0) syz_io_uring_setup(0x378, &(0x7f0000000200)={0x0, 0x2d48, 0x40, 0x3, 0x312, 0x0, r0}, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000380)=ANY=[@ANYBLOB="46040000", @ANYRES16=r5, @ANYBLOB="9e77009191934646cdc438d81e02bfdf56a8aec2c5d50407979279cae3f4249336e90d9b2765c0976851dd6eb146911558cf333d2005477d9918f63e5a53582687d9b10cf9eea3625ba5fd3fded9c4ce028e87cc137346ec1ac3a9c5876205e9cee2ff4412670b9e6c536e18e61d99bfebfbf9f890dd2dc5f8f8b730cab4535a1f3c9281c8465cec3516719c2361af88781789760fba54ac0d0d0f3d64bc23cda90e38ad8eb816e74a42", @ANYRES8=r1], 0x4}}, 0x0) sendfile(r4, r2, 0x0, 0x100000000) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e00000000000000bdff07000800f5e0f3c40000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r7, 0x0, &(0x7f0000000200)=""/76}, 0x20) 1.571209552s ago: executing program 5 (id=3270): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x871a15abc695fb3d, 0x70bd28, 0x25dfdbfe, {}, [{0x34, 0x1, [@m_mpls={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x12, 0x6, 0x4, 0x4, 0x0, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2, 0xffffffffffffffff}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000a40)={r3, &(0x7f0000000a00)}, 0x20) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() setpgid(r4, r4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f0000000040), 0x0, 0x2120, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) unshare(0x6a040000) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xfffffffe, 0x7ffe}, 0xc) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) 1.279379869s ago: executing program 3 (id=3271): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) openat$smackfs_cipsonum(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d40000001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000008000000000000000000000000000000000000000000000000000000000000000000d000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000fdffffff0000000001010000"], 0xd4}, 0x1, 0x0, 0x0, 0x48081}, 0x0) r1 = fsopen(0x0, 0x1) fsmount(r1, 0x0, 0x1) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000040)=0x8) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') exit(0xffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) close(0xffffffffffffffff) openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, 0x0, &(0x7f00000002c0)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 783.181038ms ago: executing program 6 (id=3272): ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000200)={{0xffffffffffffffff, &(0x7f0000000000)='k+][$+.\xc9){$[++#%.^+\x00', 0x40000, &(0x7f0000000080)={@_ha_fsid={[0x2a16, 0x80000001]}, {0x90, 0x2, 0x3}}, 0x3, &(0x7f00000000c0), &(0x7f0000000180)=0x9}, {[0xa, 0x2, 0x1, 0x80000001]}, 0x7ff, 0x11, &(0x7f00000001c0)=""/17}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x301, 0xa, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x48}}, 0x0) getpid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r5], 0x4c}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001900110100000000000000000a"], 0x1c}, 0x1, 0x0, 0x0, 0x24000010}, 0x0) process_madvise(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="15", 0x1}], 0x1, 0x8, 0x0) r7 = socket$inet(0x2, 0x3, 0x30) ioctl$sock_inet_SIOCGIFBRDADDR(r7, 0x8919, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x0, @multicast2}}) r8 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r8, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) r9 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r9, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r9, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000240007012ebd7000fddbdf25027c00000c0001800800020001"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeefffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d00030000000080000000000000000000000700000000000000080000000000400005000000000000000204"], 0x78) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 569.807692ms ago: executing program 2 (id=3273): r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000105804165000000000000109022400010000c04009040000010300000009210900000122a00009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xe00, 0x2}, 0x80, 0x0}, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x300, 0xffffffff, 0x210, 0x210, 0x210, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xc0, 0xe8, 0x0, {0x100000000000000}, [@common=@inet=@socket2={{0x28}, 0x2}, @common=@ttl={{0x28}, {0x2, 0x4}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x2, 0x4, 0x6, 0x2, 0x4, 0x6], 0x6, 0x4}, {0x1, [0x1, 0x2, 0x1, 0x1, 0x2, 0x4], 0x3, 0x7}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8, 0x5}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001"], 0x64}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0}, 0x40) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee3001, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x33000, 0x3, 0x0, 0x3f, 0x5, 0x75, 0x6, 0x36, 0xd, 0x6, 0x89}, {0x0, 0xd000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x3, 0x5}, {0x60000, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0x0, 0x8, 0x7, 0xe}, {0x1, 0xd000, 0xf, 0x3, 0x16, 0x7, 0x4, 0x8, 0x6, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x0, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0xff, 0x9, 0x2, 0x2c, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0xf000, 0x7}, 0x80000021, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x5, 0x2, 0x8]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r7) sendmsg$NL80211_CMD_GET_REG(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001600)={0x1c, r8, 0x2bbf3947e058553b, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x6c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x2400d044) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000640)={0x14, &(0x7f0000000540)={0x0, 0x10, 0x84, {0x84, 0x3, "88bccd849a2bad67f6f74a99a9f591ea662ea6bbd3d1c1a9c7be9bbdd05bbe6bea974cc9fa68118e5e46b89af01c12597a9e5cf359d26bd96ffb9d8122a37bf5f592d02dd51f025851bd0e2138726439f2f9d78fd4dd2b92b9f79d7bbee19627ae7129fb9f3aa4237bd670745866f157fd9ffaf32fcd14368d9b454e308707387345"}}, &(0x7f0000000600)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000940)={0x44, &(0x7f0000000680)={0x20, 0x7, 0xdc, "934ff643c0365cc07a105960e37c2a2574dd949e48668de10f09e357114f0a092a4bd44b76bc24f581aeaf86490304091b01c1b8d662dbb2cec0d62910ed2a6b451e51f94a520b1c4a58f2b4ced3b536cc7aa37a8e5fd66d5880653927c1a06429de258f6c1a319c02aa9fa0b65fd1e4beac4787ea63e29a46f80e05f41fd2b65b0c59262c18ecebbea85c1089e5d18f319c8e85a6bf7c9a0dea1b2cb1809b694af2c0c3cb3e4267f6c358624e3e3f13f4fc1943ab60776713b5a6162fe6e14bdfe38aed6f091bae042976c899aa53c83b80376585625ddcdce97b0a"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0xe}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000800)={0x20, 0x80, 0x1c, {0x7, 0xc000, 0x3, 0x5, 0x6, 0x0, 0x1ff, 0x2bce, 0x3, 0x4, 0x2, 0x9}}, &(0x7f0000000840)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000880)={0x20, 0x83, 0x2, 0x1}, &(0x7f00000008c0)={0x20, 0x87, 0x2, 0x400}, &(0x7f0000000900)={0x20, 0x89, 0x2}}) ioctl$HIDIOCSUSAGES(r3, 0x501c4814, 0x0) 167.766053ms ago: executing program 5 (id=3274): socket$packet(0x11, 0x3, 0x300) openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'vlan0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x2000, {0x0, 0x0, 0x74, r2, {0xfffd, 0x10}, {0x1, 0xfff1}, {0x2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x34004804}, 0x840) 692.616µs ago: executing program 6 (id=3275): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x2000002, 0x3a, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 3 (id=3276): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a78000000060a010400000000000000000200000038000480340001800a0001006d617463680000002400028008000100756470000e0003007acc6338a900020000d9000008000240000000000900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x20002841}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90424fc60", 0x14}], 0x1, 0x0, 0x0, 0x600}, 0x400c000) kernel console output (not intermixed with test programs): 19 code=0x7ffc0000 [ 701.035451][ T37] audit: type=1326 audit(2000000239.960:8320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14879 comm="syz.2.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 701.035551][ T37] audit: type=1326 audit(2000000239.960:8321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14879 comm="syz.2.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 701.035664][ T37] audit: type=1326 audit(2000000239.960:8322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14879 comm="syz.2.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 701.073469][ T37] audit: type=1326 audit(2000000240.000:8323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14879 comm="syz.2.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 701.098581][ T37] audit: type=1326 audit(2000000240.020:8324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14879 comm="syz.2.2979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 701.290437][T14889] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 701.395543][T11892] usb 1-1: USB disconnect, device number 65 [ 701.397898][T11892] ch341 1-1:0.0: device disconnected [ 701.474356][T14902] FAULT_INJECTION: forcing a failure. [ 701.474356][T14902] name failslab, interval 1, probability 0, space 0, times 0 [ 701.474392][T14902] CPU: 0 UID: 0 PID: 14902 Comm: syz.6.2980 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 701.474418][T14902] Tainted: [L]=SOFTLOCKUP [ 701.474425][T14902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 701.474436][T14902] Call Trace: [ 701.474444][T14902] [ 701.474453][T14902] dump_stack_lvl+0xe8/0x150 [ 701.474485][T14902] should_fail_ex+0x46b/0x600 [ 701.474514][T14902] should_failslab+0xa8/0x100 [ 701.474536][T14902] __kmalloc_noprof+0xdf/0x7b0 [ 701.474555][T14902] ? tomoyo_encode+0x28b/0x550 [ 701.474582][T14902] tomoyo_encode+0x28b/0x550 [ 701.474607][T14902] tomoyo_realpath_from_path+0x58d/0x5d0 [ 701.474639][T14902] ? tomoyo_path_number_perm+0x219/0x630 [ 701.474659][T14902] tomoyo_path_number_perm+0x246/0x630 [ 701.474680][T14902] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 701.474703][T14902] ? __lock_acquire+0x6b5/0x2cf0 [ 701.474756][T14902] ? __fget_files+0x2a/0x420 [ 701.474781][T14902] ? __fget_files+0x2a/0x420 [ 701.474801][T14902] ? __fget_files+0x3a6/0x420 [ 701.474822][T14902] ? __fget_files+0x2a/0x420 [ 701.474855][T14902] security_file_ioctl+0xc3/0x2a0 [ 701.474877][T14902] __se_sys_ioctl+0x47/0x170 [ 701.474899][T14902] do_syscall_64+0x14d/0xf80 [ 701.474919][T14902] ? trace_irq_disable+0x3b/0x150 [ 701.474938][T14902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.474958][T14902] ? clear_bhb_loop+0x40/0x90 [ 701.474980][T14902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.474997][T14902] RIP: 0033:0x7f38b880c819 [ 701.475015][T14902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.475032][T14902] RSP: 002b:00007f38b6a66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 701.475053][T14902] RAX: ffffffffffffffda RBX: 00007f38b8a85fa0 RCX: 00007f38b880c819 [ 701.475068][T14902] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 701.475081][T14902] RBP: 00007f38b6a66090 R08: 0000000000000000 R09: 0000000000000000 [ 701.475093][T14902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 701.475104][T14902] R13: 00007f38b8a86038 R14: 00007f38b8a85fa0 R15: 00007fff477fcd78 [ 701.475136][T14902] [ 701.475155][T14902] ERROR: Out of memory at tomoyo_realpath_from_path. [ 701.652564][T14885] syzkaller1: entered promiscuous mode [ 701.652587][T14885] syzkaller1: entered allmulticast mode [ 701.918113][T14916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 702.540522][ T5960] usb 7-1: new low-speed USB device number 3 using dummy_hcd [ 702.882412][ T5960] usb 7-1: unable to get BOS descriptor or descriptor too short [ 702.883908][ T5960] usb 7-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 702.883959][ T5960] usb 7-1: config 1 interface 0 altsetting 7 endpoint 0x1 is Bulk; changing to Interrupt [ 702.883980][ T5960] usb 7-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 702.884005][ T5960] usb 7-1: config 1 interface 0 has no altsetting 0 [ 702.942208][ T5960] usb 7-1: string descriptor 0 read error: -22 [ 702.942352][ T5960] usb 7-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 702.942374][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.975471][T14912] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 703.096340][T14933] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2987'. [ 703.096474][T14933] x_tables: ip_tables: udp match: only valid for protocol 17 [ 703.388866][T11912] usb 7-1: USB disconnect, device number 3 [ 704.189882][T11912] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 704.459883][T11912] usb 6-1: Using ep0 maxpacket: 32 [ 704.461979][T11912] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 704.462005][T11912] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 704.462028][T11912] usb 6-1: config 0 interface 0 has no altsetting 0 [ 704.464316][T11912] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 704.464361][T11912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 704.464380][T11912] usb 6-1: Product: syz [ 704.464393][T11912] usb 6-1: Manufacturer: syz [ 704.464406][T11912] usb 6-1: SerialNumber: syz [ 704.480222][T11912] usb 6-1: config 0 descriptor?? [ 706.041810][T14938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 706.042175][T14938] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 706.207529][T14948] FAULT_INJECTION: forcing a failure. [ 706.207529][T14948] name failslab, interval 1, probability 0, space 0, times 0 [ 706.207565][T14948] CPU: 0 UID: 0 PID: 14948 Comm: syz.6.2990 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 706.207599][T14948] Tainted: [L]=SOFTLOCKUP [ 706.207606][T14948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 706.207616][T14948] Call Trace: [ 706.207624][T14948] [ 706.207632][T14948] dump_stack_lvl+0xe8/0x150 [ 706.207663][T14948] should_fail_ex+0x46b/0x600 [ 706.207694][T14948] should_failslab+0xa8/0x100 [ 706.207714][T14948] __kmalloc_noprof+0xdf/0x7b0 [ 706.207733][T14948] ? tomoyo_encode+0x28b/0x550 [ 706.207761][T14948] tomoyo_encode+0x28b/0x550 [ 706.207787][T14948] tomoyo_realpath_from_path+0x58d/0x5d0 [ 706.207815][T14948] ? tomoyo_path_number_perm+0x219/0x630 [ 706.207834][T14948] tomoyo_path_number_perm+0x246/0x630 [ 706.207856][T14948] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 706.207877][T14948] ? __lock_acquire+0x6b5/0x2cf0 [ 706.207919][T14948] ? __fget_files+0x2a/0x420 [ 706.207945][T14948] ? __fget_files+0x2a/0x420 [ 706.207962][T14948] ? __fget_files+0x3a6/0x420 [ 706.207981][T14948] ? __fget_files+0x2a/0x420 [ 706.208006][T14948] security_file_ioctl+0xc3/0x2a0 [ 706.208029][T14948] __se_sys_ioctl+0x47/0x170 [ 706.208050][T14948] do_syscall_64+0x14d/0xf80 [ 706.208070][T14948] ? trace_irq_disable+0x3b/0x150 [ 706.208089][T14948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.208106][T14948] ? clear_bhb_loop+0x40/0x90 [ 706.208128][T14948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.208145][T14948] RIP: 0033:0x7f38b880c819 [ 706.208163][T14948] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 706.208180][T14948] RSP: 002b:00007f38b6a66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 706.208200][T14948] RAX: ffffffffffffffda RBX: 00007f38b8a85fa0 RCX: 00007f38b880c819 [ 706.208214][T14948] RDX: 0000200000000040 RSI: 00000000c01864c6 RDI: 0000000000000003 [ 706.208227][T14948] RBP: 00007f38b6a66090 R08: 0000000000000000 R09: 0000000000000000 [ 706.208239][T14948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 706.208250][T14948] R13: 00007f38b8a86038 R14: 00007f38b8a85fa0 R15: 00007fff477fcd78 [ 706.208281][T14948] [ 706.208302][T14948] ERROR: Out of memory at tomoyo_realpath_from_path. [ 706.294603][T11912] gs_usb 6-1:0.0: Couldn't get device config: (err=-71) [ 706.294643][T11912] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 706.365762][T11912] usb 6-1: USB disconnect, device number 4 [ 707.285920][T11892] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 707.530122][T11892] usb 4-1: Using ep0 maxpacket: 8 [ 707.532512][T11892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 707.532546][T11892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 707.536602][T11892] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 707.536630][T11892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.536649][T11892] usb 4-1: Product: syz [ 707.536662][T11892] usb 4-1: Manufacturer: syz [ 707.536675][T11892] usb 4-1: SerialNumber: syz [ 707.563132][T11892] usb 4-1: config 0 descriptor?? [ 707.777377][T14966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 707.800383][T14966] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 707.833897][T11892] usb 4-1: USB disconnect, device number 83 [ 707.944141][ T31] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 708.092680][ T31] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959 [ 708.092700][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 708.092712][ T31] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 708.097134][ T31] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 708.097160][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.097178][ T31] usb 3-1: Product: syz [ 708.097606][ T31] usb 3-1: Manufacturer: syz [ 708.097623][ T31] usb 3-1: SerialNumber: syz [ 708.119887][ T5960] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 708.139902][T11891] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 708.191114][ T31] usb 3-1: config 0 descriptor?? [ 708.192244][T14985] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 708.271199][ T5960] usb 1-1: Using ep0 maxpacket: 16 [ 708.272826][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 708.272844][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 708.272865][ T5960] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 708.272877][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.341284][T11891] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 708.341313][T11891] usb 7-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 708.341329][T11891] usb 7-1: Product: syz [ 708.341342][T11891] usb 7-1: Manufacturer: syz [ 708.341354][T11891] usb 7-1: SerialNumber: syz [ 708.353974][T11891] usb 7-1: config 0 descriptor?? [ 708.365798][ T5960] usb 1-1: config 0 descriptor?? [ 708.378726][T11891] ch341 7-1:0.0: ch341-uart converter detected [ 709.612276][T11891] usb 7-1: failed to receive control message: -110 [ 709.612316][T11891] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 710.013011][ T5960] usb 1-1: string descriptor 0 read error: -71 [ 710.042290][ T5960] usb 1-1: Max retries (5) exceeded reading string descriptor 200 [ 710.042370][ T5960] letsketch 0003:6161:4D15.002A: probe with driver letsketch failed with error -32 [ 710.052048][ T5960] usb 1-1: USB disconnect, device number 66 [ 710.129969][ T31] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 710.282187][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 710.282209][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 710.282231][ T31] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 710.282243][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.287818][ T31] usb 6-1: config 0 descriptor?? [ 710.504371][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504396][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504411][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504426][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504441][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504459][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.504483][ T31] cp2112 0003:10C4:EA90.002B: unknown main item tag 0x0 [ 710.562703][ T31] cp2112 0003:10C4:EA90.002B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 710.701277][ T31] cp2112 0003:10C4:EA90.002B: Part Number: 0x00 Device Version: 0x00 [ 710.702419][ T31] cp2112 0003:10C4:EA90.002B: error requesting SMBus config [ 710.838012][ T31] cp2112 0003:10C4:EA90.002B: probe with driver cp2112 failed with error -5 [ 710.838761][T11915] usb 3-1: USB disconnect, device number 6 [ 711.376961][T11892] usb 7-1: USB disconnect, device number 4 [ 711.385495][T11892] ch341 7-1:0.0: device disconnected [ 712.026692][T11891] usb 6-1: USB disconnect, device number 5 [ 712.079954][T11915] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 712.244254][T11915] usb 1-1: Using ep0 maxpacket: 32 [ 712.246424][T11915] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 712.246440][T11915] usb 1-1: config 0 has no interface number 0 [ 712.246465][T11915] usb 1-1: config 0 interface 12 has no altsetting 0 [ 712.248622][T11915] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 712.248642][T11915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.248653][T11915] usb 1-1: Product: syz [ 712.248660][T11915] usb 1-1: Manufacturer: syz [ 712.248667][T11915] usb 1-1: SerialNumber: syz [ 712.276805][T11915] usb 1-1: config 0 descriptor?? [ 712.505819][T11915] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 712.505888][T11915] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 712.505904][T11915] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 712.505996][T11915] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 712.517410][T11915] usb 1-1: USB disconnect, device number 67 [ 712.609923][T11891] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 713.105314][T11891] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 713.105342][T11891] usb 6-1: config 0 has no interface number 0 [ 713.109205][T11891] usb 6-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54 [ 713.109231][T11891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.109241][T11891] usb 6-1: Product: syz [ 713.109249][T11891] usb 6-1: Manufacturer: syz [ 713.109256][T11891] usb 6-1: SerialNumber: syz [ 713.201008][T11891] usb 6-1: config 0 descriptor?? [ 713.206361][T11891] usb 6-1: selecting invalid altsetting 1 [ 713.206538][T11891] dvb_ttusb_budget: ttusb_init_controller: error [ 713.206552][T11891] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 713.301315][T11891] DVB: Unable to find symbol stv0299_attach() [ 713.356955][T11891] DVB: Unable to find symbol tda8083_attach() [ 713.356971][T11891] dvb_ttusb_budget: no frontend driver found for device [0b48:1003] [ 713.457391][T15064] FAULT_INJECTION: forcing a failure. [ 713.457391][T15064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 713.457427][T15064] CPU: 1 UID: 0 PID: 15064 Comm: syz.6.3022 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 713.457454][T15064] Tainted: [L]=SOFTLOCKUP [ 713.457460][T15064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 713.457473][T15064] Call Trace: [ 713.457481][T15064] [ 713.457489][T15064] dump_stack_lvl+0xe8/0x150 [ 713.457520][T15064] should_fail_ex+0x46b/0x600 [ 713.457549][T15064] copy_fpstate_to_sigframe+0xada/0xd90 [ 713.457585][T15064] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 713.457615][T15064] ? do_raw_spin_lock+0x12b/0x2f0 [ 713.457660][T15064] ? fpu__alloc_mathframe+0xac/0x130 [ 713.457690][T15064] get_sigframe+0x5f7/0x820 [ 713.457720][T15064] ? __pfx_get_sigframe+0x10/0x10 [ 713.457742][T15064] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 713.457767][T15064] ? reacquire_held_locks+0x104/0x190 [ 713.457786][T15064] ? rt_spin_lock+0x1e0/0x400 [ 713.457815][T15064] x64_setup_rt_frame+0x161/0xcb0 [ 713.457836][T15064] ? rt_spin_unlock+0x14f/0x200 [ 713.457863][T15064] ? rt_spin_unlock+0x160/0x200 [ 713.457890][T15064] ? get_signal+0x1120/0x1310 [ 713.457920][T15064] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 713.457951][T15064] arch_do_signal_or_restart+0x429/0x830 [ 713.457976][T15064] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 713.458006][T15064] ? ksys_write+0x248/0x270 [ 713.458040][T15064] exit_to_user_mode_loop+0x86/0x480 [ 713.458065][T15064] ? rcu_is_watching+0x15/0xb0 [ 713.458089][T15064] do_syscall_64+0x32d/0xf80 [ 713.458108][T15064] ? trace_irq_disable+0x3b/0x150 [ 713.458128][T15064] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.458146][T15064] ? clear_bhb_loop+0x40/0x90 [ 713.458169][T15064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.458187][T15064] RIP: 0033:0x7f38b880c817 [ 713.458205][T15064] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 713.458221][T15064] RSP: 002b:00007f38b6a66028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 713.458241][T15064] RAX: 00000000000000ca RBX: 00007f38b8a85fa0 RCX: 00007f38b880c819 [ 713.458254][T15064] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000020000000cffc [ 713.458266][T15064] RBP: 00007f38b6a66090 R08: 0000000000000000 R09: 0000000000000000 [ 713.458278][T15064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.458290][T15064] R13: 00007f38b8a86038 R14: 00007f38b8a85fa0 R15: 00007fff477fcd78 [ 713.458319][T15064] [ 715.496136][ T5960] usb 6-1: USB disconnect, device number 6 [ 715.795171][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 715.795191][ T37] audit: type=1800 audit(2000000254.720:8329): pid=15086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.3028" name="bus" dev="overlay" ino=115 res=0 errno=0 [ 715.880154][T15086] netlink: 332 bytes leftover after parsing attributes in process `syz.5.3028'. [ 715.880228][T15086] netlink: 196 bytes leftover after parsing attributes in process `syz.5.3028'. [ 716.209964][ T5960] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 716.319919][T11892] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 716.365724][ T5960] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 716.365754][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.365773][ T5960] usb 7-1: Product: syz [ 716.365793][ T5960] usb 7-1: Manufacturer: syz [ 716.365807][ T5960] usb 7-1: SerialNumber: syz [ 716.511261][ T5960] usb 7-1: config 0 descriptor?? [ 716.790237][T11892] usb 3-1: Using ep0 maxpacket: 32 [ 716.794891][T11892] usb 3-1: unable to get BOS descriptor or descriptor too short [ 716.796225][T11892] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 716.796248][T11892] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 716.796348][T11892] usb 3-1: too many endpoints for config 1 interface 1 altsetting 1: 239, using maximum allowed: 30 [ 716.796386][T11892] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 239 [ 716.799081][T11892] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000c, bcdDevice= 0.40 [ 716.799107][T11892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.799125][T11892] usb 3-1: Product:  [ 716.799187][T11892] usb 3-1: Manufacturer: 쇘⻮җ⟇⯿鄇ﯥڵ뼷臑趑넞籦㣅 [ 716.799203][T11892] usb 3-1: SerialNumber: syz [ 716.921002][ T5893] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 716.989925][ T5960] usb 7-1: Firmware: major: 12, minor: 178, hardware type: ATUSB (1) [ 717.069937][ T5893] usb 6-1: Using ep0 maxpacket: 32 [ 717.096770][ T5893] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 717.096800][ T5893] usb 6-1: config 0 has no interface number 0 [ 717.096843][ T5893] usb 6-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 717.102028][ T5893] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 717.102055][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.102074][ T5893] usb 6-1: Product: syz [ 717.102087][ T5893] usb 6-1: Manufacturer: syz [ 717.102099][ T5893] usb 6-1: SerialNumber: syz [ 717.107223][ T5893] usb 6-1: config 0 descriptor?? [ 717.144949][ T5893] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 717.202003][ T5960] usb 7-1: failed to fetch extended address, random address set [ 717.327289][ T5893] usb 6-1: qt2_setup_urbs - submit read urb failed -8 [ 717.327548][ T5893] quatech2 6-1:0.51: probe with driver quatech2 failed with error -8 [ 717.368091][T11892] usb 3-1: unit 3 not found! [ 717.548747][T11892] usb 3-1: USB disconnect, device number 7 [ 717.659236][ T5960] usb 7-1: USB disconnect, device number 5 [ 717.820130][ T5893] usb 1-1: new low-speed USB device number 68 using dummy_hcd [ 717.849707][T15112] fuse: Bad value for 'fd' [ 717.915157][T15113] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3038'. [ 717.951583][ T5893] usb 1-1: device descriptor read/64, error -71 [ 718.189908][ T5893] usb 1-1: new low-speed USB device number 69 using dummy_hcd [ 718.259670][ T5960] kernel write not supported for file /dsp (pid: 5960 comm: kworker/0:9) [ 718.320913][ T5893] usb 1-1: device descriptor read/64, error -71 [ 718.529449][ T5893] usb usb1-port1: attempt power cycle [ 718.833453][T15123] netlink: 'syz.2.3042': attribute type 4 has an invalid length. [ 719.089110][ T5893] usb 1-1: new low-speed USB device number 70 using dummy_hcd [ 719.100674][ T5893] usb 1-1: device descriptor read/8, error -71 [ 720.189925][ T5893] usb 1-1: new low-speed USB device number 71 using dummy_hcd [ 720.212069][ T31] usb 6-1: USB disconnect, device number 7 [ 720.977585][ T115] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 721.009918][ T11] block nbd0: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 120 seconds [ 721.009960][ T11] block nbd0: Possible stuck request ffff8880267e01c0: control (read@1024,1024B). Runtime 120 seconds [ 721.009987][ T11] block nbd0: Possible stuck request ffff8880267e0380: control (read@2048,1024B). Runtime 120 seconds [ 721.010009][ T11] block nbd0: Possible stuck request ffff8880267e0540: control (read@3072,1024B). Runtime 120 seconds [ 721.324545][T11915] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 722.041123][T15140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3047'. [ 722.588218][ T5893] usb 1-1: device descriptor read/8, error -71 [ 722.690320][ T5893] usb usb1-port1: unable to enumerate USB device [ 722.885309][T15153] netlink: 'syz.5.3053': attribute type 10 has an invalid length. [ 723.070770][T15153] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.071531][T15153] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.099964][ T5893] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 723.130887][T15153] bridge0: port 2(bridge_slave_1) entered blocking state [ 723.131185][T15153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 723.133658][T15153] bridge0: port 1(bridge_slave_0) entered blocking state [ 723.133824][T15153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 723.155282][T15153] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 723.230053][T11913] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 723.255087][ T5893] usb 4-1: config index 0 descriptor too short (expected 18300, got 146) [ 723.255114][ T5893] usb 4-1: config 203 has too many interfaces: 67, using maximum allowed: 32 [ 723.255134][ T5893] usb 4-1: config 203 has an invalid descriptor of length 187, skipping remainder of the config [ 723.255152][ T5893] usb 4-1: config 203 has 0 interfaces, different from the descriptor's value: 67 [ 723.256499][ T5893] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 723.256525][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 723.317055][ T5893] usb 4-1: SerialNumber: syz [ 723.325934][T15163] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3057'. [ 723.326089][T15163] x_tables: ip_tables: udp match: only valid for protocol 17 [ 723.392315][T11913] usb 7-1: config index 0 descriptor too short (expected 1307, got 27) [ 723.392342][T11913] usb 7-1: config 0 has an invalid interface number: 0 but max is -1 [ 723.392361][T11913] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 723.392477][T11913] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 53395, setting to 64 [ 723.395921][T11913] usb 7-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 723.396323][T11913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.396344][T11913] usb 7-1: Product: syz [ 723.396358][T11913] usb 7-1: Manufacturer: syz [ 723.396370][T11913] usb 7-1: SerialNumber: syz [ 723.537812][T11913] usb 7-1: config 0 descriptor?? [ 723.540252][T15155] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 723.583524][T11913] hub 7-1:0.0: bad descriptor, ignoring hub [ 723.583561][T11913] hub 7-1:0.0: probe with driver hub failed with error -5 [ 723.768458][T11913] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input35 [ 723.985132][ T5893] usb 4-1: USB disconnect, device number 84 [ 724.733957][T11913] usb 7-1: USB disconnect, device number 6 [ 724.734054][ C0] usb_acecad 7-1:0.0: can't resubmit intr, dummy_hcd.6-1/input0, status -19 [ 725.120049][ T5960] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 725.169983][ T5893] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 725.281020][ T5960] usb 6-1: Using ep0 maxpacket: 16 [ 725.282866][ T5960] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 725.282896][ T5960] usb 6-1: config 0 interface 0 has no altsetting 0 [ 725.282928][ T5960] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 725.282947][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.286645][ T5960] usb 6-1: config 0 descriptor?? [ 725.329866][ T5893] usb 3-1: device descriptor read/64, error -71 [ 725.422967][T11892] usb 7-1: new low-speed USB device number 7 using dummy_hcd [ 725.489990][T11913] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 725.561389][T11892] usb 7-1: device descriptor read/64, error -71 [ 725.569936][ T5893] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 725.640024][T11913] usb 4-1: Using ep0 maxpacket: 32 [ 725.644750][T11913] usb 4-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 725.644789][T11913] usb 4-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 725.644856][T11913] usb 4-1: config 0 interface 0 has no altsetting 0 [ 725.644883][T11913] usb 4-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 725.644895][T11913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.684416][T11913] usb 4-1: config 0 descriptor?? [ 725.724623][ T5893] usb 3-1: device descriptor read/64, error -71 [ 725.779416][ T5960] nzxt-smart2 0003:1E71:2009.002C: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0 [ 725.805034][T11892] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 725.830725][ T5893] usb usb3-port1: attempt power cycle [ 725.940160][T11892] usb 7-1: device descriptor read/64, error -71 [ 726.062239][T11892] usb usb7-port1: attempt power cycle [ 726.170330][ T5893] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 726.191818][ T5893] usb 3-1: device descriptor read/8, error -71 [ 726.404703][T15178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 726.405661][T15178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 726.409990][T11892] usb 7-1: new low-speed USB device number 9 using dummy_hcd [ 726.437003][T11892] usb 7-1: device descriptor read/8, error -71 [ 726.446180][ T5893] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 726.447260][T11913] usbhid 4-1:0.0: can't add hid device: -71 [ 726.447366][T11913] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 726.473054][ T5893] usb 3-1: device descriptor read/8, error -71 [ 726.475413][T11913] usb 4-1: USB disconnect, device number 85 [ 726.529950][T11912] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 726.580213][ T5893] usb usb3-port1: unable to enumerate USB device [ 726.680039][T11912] usb 1-1: Using ep0 maxpacket: 8 [ 726.682461][T11912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 726.682489][T11912] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 726.685800][T11912] usb 1-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 726.685827][T11912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 726.685846][T11912] usb 1-1: Product: syz [ 726.685859][T11912] usb 1-1: Manufacturer: syz [ 726.685872][T11912] usb 1-1: SerialNumber: syz [ 726.697223][T11892] usb 7-1: new low-speed USB device number 10 using dummy_hcd [ 726.697974][T11912] usb 1-1: config 0 descriptor?? [ 726.760069][T11892] usb 7-1: device descriptor read/8, error -71 [ 726.870982][T11892] usb usb7-port1: unable to enumerate USB device [ 726.981562][T15191] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3067'. [ 726.981694][T15191] x_tables: ip_tables: udp match: only valid for protocol 17 [ 726.983168][T11912] usb 1-1: USB disconnect, device number 72 [ 728.237460][T15197] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3069'. [ 728.252260][T15197] x_tables: ip_tables: udp match: only valid for protocol 17 [ 728.869964][ T7861] Bluetooth: hci3: command 0x0406 tx timeout [ 730.509967][T11912] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 730.672484][T11912] usb 7-1: Using ep0 maxpacket: 32 [ 730.697661][T11892] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 730.714518][T11912] usb 7-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 730.714551][T11912] usb 7-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 730.714576][T11912] usb 7-1: config 0 interface 0 has no altsetting 0 [ 730.714606][T11912] usb 7-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 730.714633][T11912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.776043][T11912] usb 7-1: config 0 descriptor?? [ 730.811826][T15230] FAULT_INJECTION: forcing a failure. [ 730.811826][T15230] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 730.811860][T15230] CPU: 1 UID: 0 PID: 15230 Comm: syz.5.3078 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 730.811886][T15230] Tainted: [L]=SOFTLOCKUP [ 730.811892][T15230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 730.811903][T15230] Call Trace: [ 730.811910][T15230] [ 730.811918][T15230] dump_stack_lvl+0xe8/0x150 [ 730.811948][T15230] should_fail_ex+0x46b/0x600 [ 730.811991][T15230] strncpy_from_user+0x36/0x2b0 [ 730.812017][T15230] do_getname+0x77/0x250 [ 730.812040][T15230] __x64_sys_execveat+0xad/0xf0 [ 730.812066][T15230] do_syscall_64+0x14d/0xf80 [ 730.812085][T15230] ? trace_irq_disable+0x3b/0x150 [ 730.812105][T15230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.812123][T15230] ? clear_bhb_loop+0x40/0x90 [ 730.812143][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.812161][T15230] RIP: 0033:0x7fefe99fc819 [ 730.812178][T15230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 730.812193][T15230] RSP: 002b:00007fefe7c0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 730.812213][T15230] RAX: ffffffffffffffda RBX: 00007fefe9c76180 RCX: 00007fefe99fc819 [ 730.812227][T15230] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 730.812238][T15230] RBP: 00007fefe7c0c090 R08: 0000000000000000 R09: 0000000000000000 [ 730.812250][T15230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 730.812261][T15230] R13: 00007fefe9c76218 R14: 00007fefe9c76180 R15: 00007ffcd414a468 [ 730.812290][T15230] [ 731.069860][T11892] usb 3-1: Using ep0 maxpacket: 32 [ 731.078179][T11892] usb 3-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 731.078263][T11892] usb 3-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 731.078290][T11892] usb 3-1: config 0 interface 0 has no altsetting 0 [ 731.078323][T11892] usb 3-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 731.078345][T11892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 731.141664][T11892] usb 3-1: config 0 descriptor?? [ 731.536343][T15223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 731.552982][T15223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 731.582582][T11912] usbhid 7-1:0.0: can't add hid device: -71 [ 731.582717][T11912] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 731.651934][T11912] usb 7-1: USB disconnect, device number 11 [ 731.871301][T15225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 731.871836][T15225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 731.899008][T11892] usbhid 3-1:0.0: can't add hid device: -71 [ 731.906161][T11892] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 731.957166][T11892] usb 3-1: USB disconnect, device number 13 [ 732.623111][T11892] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 732.653312][T15239] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3081'. [ 732.723726][T15241] FAULT_INJECTION: forcing a failure. [ 732.723726][T15241] name failslab, interval 1, probability 0, space 0, times 0 [ 732.723755][T15241] CPU: 1 UID: 0 PID: 15241 Comm: syz.2.3082 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 732.723770][T15241] Tainted: [L]=SOFTLOCKUP [ 732.723774][T15241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 732.723781][T15241] Call Trace: [ 732.723786][T15241] [ 732.723791][T15241] dump_stack_lvl+0xe8/0x150 [ 732.723821][T15241] should_fail_ex+0x46b/0x600 [ 732.723850][T15241] should_failslab+0xa8/0x100 [ 732.723872][T15241] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 732.723897][T15241] ? __alloc_skb+0x1d0/0x7d0 [ 732.723914][T15241] ? lockdep_hardirqs_on+0x7a/0x110 [ 732.723930][T15241] __alloc_skb+0x1d0/0x7d0 [ 732.723943][T15241] netlink_sendmsg+0x5d4/0xb40 [ 732.723963][T15241] ? __pfx_netlink_sendmsg+0x10/0x10 [ 732.723988][T15241] ? unwind_get_return_address+0x4d/0x90 [ 732.724011][T15241] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 732.724040][T15241] ____sys_sendmsg+0x94c/0x9c0 [ 732.724066][T15241] ? __pfx_____sys_sendmsg+0x10/0x10 [ 732.724089][T15241] ? import_iovec+0x73/0xa0 [ 732.724102][T15241] ___sys_sendmsg+0x2a5/0x360 [ 732.724117][T15241] ? __pfx____sys_sendmsg+0x10/0x10 [ 732.724157][T15241] ? __fget_files+0x2a/0x420 [ 732.724180][T15241] ? __fget_files+0x3a6/0x420 [ 732.724212][T15241] __x64_sys_sendmsg+0x1c3/0x2a0 [ 732.724250][T15241] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 732.724267][T15241] ? __pfx_ksys_write+0x10/0x10 [ 732.724288][T15241] do_syscall_64+0x14d/0xf80 [ 732.724300][T15241] ? trace_irq_disable+0x3b/0x150 [ 732.724320][T15241] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.724338][T15241] ? clear_bhb_loop+0x40/0x90 [ 732.724360][T15241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.724379][T15241] RIP: 0033:0x7fe633bfc819 [ 732.724397][T15241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.724413][T15241] RSP: 002b:00007fe631e4e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 732.724427][T15241] RAX: ffffffffffffffda RBX: 00007fe633e75fa0 RCX: 00007fe633bfc819 [ 732.724434][T15241] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 732.724441][T15241] RBP: 00007fe631e4e090 R08: 0000000000000000 R09: 0000000000000000 [ 732.724447][T15241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 732.724453][T15241] R13: 00007fe633e76038 R14: 00007fe633e75fa0 R15: 00007ffc999f0d68 [ 732.724472][T15241] [ 732.769877][T11892] usb 7-1: device descriptor read/64, error -71 [ 733.113586][T15243] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3083'. [ 733.113766][T15243] x_tables: ip_tables: udp match: only valid for protocol 17 [ 733.139897][T11892] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 733.299944][T11892] usb 7-1: device descriptor read/64, error -71 [ 733.410353][T11892] usb usb7-port1: attempt power cycle [ 733.493881][T15247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 733.494383][T15247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 733.625825][T11915] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 733.726115][T11915] hid-generic 0000:0000:0000.002D: hidraw1: HID v0.00 Device [syz1] on syz0 [ 733.747121][T15247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 733.747666][T15247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 733.760613][T11892] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 733.780957][T11892] usb 7-1: device descriptor read/8, error -71 [ 734.029921][T11892] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 734.051924][T11892] usb 7-1: device descriptor read/8, error -71 [ 734.161816][T11892] usb usb7-port1: unable to enumerate USB device [ 735.380507][T15261] FAULT_INJECTION: forcing a failure. [ 735.380507][T15261] name failslab, interval 1, probability 0, space 0, times 0 [ 735.380544][T15261] CPU: 1 UID: 0 PID: 15261 Comm: syz.3.3089 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 735.380570][T15261] Tainted: [L]=SOFTLOCKUP [ 735.380577][T15261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 735.380588][T15261] Call Trace: [ 735.380595][T15261] [ 735.380603][T15261] dump_stack_lvl+0xe8/0x150 [ 735.380634][T15261] should_fail_ex+0x46b/0x600 [ 735.380664][T15261] should_failslab+0xa8/0x100 [ 735.380686][T15261] __kmalloc_noprof+0xdf/0x7b0 [ 735.380704][T15261] ? tomoyo_encode+0x28b/0x550 [ 735.380731][T15261] tomoyo_encode+0x28b/0x550 [ 735.380758][T15261] tomoyo_realpath_from_path+0x58d/0x5d0 [ 735.380791][T15261] ? tomoyo_path_number_perm+0x219/0x630 [ 735.380811][T15261] tomoyo_path_number_perm+0x246/0x630 [ 735.380832][T15261] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 735.380854][T15261] ? __lock_acquire+0x6b5/0x2cf0 [ 735.380906][T15261] ? __fget_files+0x2a/0x420 [ 735.380932][T15261] ? __fget_files+0x2a/0x420 [ 735.380951][T15261] ? __fget_files+0x3a6/0x420 [ 735.380971][T15261] ? __fget_files+0x2a/0x420 [ 735.381006][T15261] security_file_ioctl+0xc3/0x2a0 [ 735.381028][T15261] __se_sys_ioctl+0x47/0x170 [ 735.381049][T15261] do_syscall_64+0x14d/0xf80 [ 735.381068][T15261] ? trace_irq_disable+0x3b/0x150 [ 735.381087][T15261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.381107][T15261] ? clear_bhb_loop+0x40/0x90 [ 735.381128][T15261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.381145][T15261] RIP: 0033:0x7fdaa662c819 [ 735.381161][T15261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 735.381175][T15261] RSP: 002b:00007fdaa4865028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 735.381194][T15261] RAX: ffffffffffffffda RBX: 00007fdaa68a6090 RCX: 00007fdaa662c819 [ 735.381206][T15261] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003 [ 735.381218][T15261] RBP: 00007fdaa4865090 R08: 0000000000000000 R09: 0000000000000000 [ 735.381229][T15261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 735.381239][T15261] R13: 00007fdaa68a6128 R14: 00007fdaa68a6090 R15: 00007ffffb02b3d8 [ 735.381270][T15261] [ 735.381289][T15261] ERROR: Out of memory at tomoyo_realpath_from_path. [ 735.571356][T11912] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 735.719980][T11912] usb 3-1: Using ep0 maxpacket: 8 [ 735.722379][T11912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 735.722405][T11912] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 735.725305][T11912] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 735.725332][T11912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.725351][T11912] usb 3-1: Product: syz [ 735.725365][T11912] usb 3-1: Manufacturer: syz [ 735.725379][T11912] usb 3-1: SerialNumber: syz [ 735.735851][T11912] usb 3-1: config 0 descriptor?? [ 735.860006][T11915] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 736.020345][T11915] usb 7-1: Using ep0 maxpacket: 32 [ 736.022740][T11915] usb 7-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 736.022773][T11915] usb 7-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 736.022799][T11915] usb 7-1: config 0 interface 0 has no altsetting 0 [ 736.022831][T11915] usb 7-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 736.022852][T11915] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.037808][T11915] usb 7-1: config 0 descriptor?? [ 736.213799][T11912] usb 3-1: USB disconnect, device number 14 [ 736.769390][T15263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 736.775284][T15263] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 736.778588][T11915] usbhid 7-1:0.0: can't add hid device: -71 [ 736.778706][T11915] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 736.799720][T11915] usb 7-1: USB disconnect, device number 16 [ 737.147410][ T37] audit: type=1326 audit(2000000276.070:8330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.152832][ T37] audit: type=1326 audit(2000000276.070:8331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.153612][ T37] audit: type=1326 audit(2000000276.080:8332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.153913][ T37] audit: type=1326 audit(2000000276.080:8333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.154149][ T37] audit: type=1326 audit(2000000276.080:8334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.154698][ T37] audit: type=1326 audit(2000000276.080:8335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.154954][ T37] audit: type=1326 audit(2000000276.080:8336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.155740][ T37] audit: type=1326 audit(2000000276.080:8337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.156082][ T37] audit: type=1326 audit(2000000276.080:8338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.156610][ T37] audit: type=1326 audit(2000000276.080:8339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15281 comm="syz.3.3096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 737.229480][T15284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3097'. [ 739.279982][T15298] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 739.338303][T15308] FAULT_INJECTION: forcing a failure. [ 739.338303][T15308] name failslab, interval 1, probability 0, space 0, times 0 [ 739.338339][T15308] CPU: 1 UID: 0 PID: 15308 Comm: syz.0.3103 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 739.338366][T15308] Tainted: [L]=SOFTLOCKUP [ 739.338373][T15308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 739.338384][T15308] Call Trace: [ 739.338392][T15308] [ 739.338400][T15308] dump_stack_lvl+0xe8/0x150 [ 739.338422][T15308] should_fail_ex+0x46b/0x600 [ 739.338439][T15308] should_failslab+0xa8/0x100 [ 739.338454][T15308] __kmalloc_noprof+0xdf/0x7b0 [ 739.338473][T15308] ? tomoyo_encode+0x28b/0x550 [ 739.338500][T15308] tomoyo_encode+0x28b/0x550 [ 739.338528][T15308] tomoyo_realpath_from_path+0x58d/0x5d0 [ 739.338560][T15308] ? tomoyo_path_number_perm+0x219/0x630 [ 739.338577][T15308] tomoyo_path_number_perm+0x246/0x630 [ 739.338589][T15308] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 739.338601][T15308] ? __lock_acquire+0x6b5/0x2cf0 [ 739.338645][T15308] ? __fget_files+0x2a/0x420 [ 739.338680][T15308] ? __fget_files+0x2a/0x420 [ 739.338700][T15308] ? __fget_files+0x3a6/0x420 [ 739.338719][T15308] ? __fget_files+0x2a/0x420 [ 739.338740][T15308] security_file_ioctl+0xc3/0x2a0 [ 739.338754][T15308] __se_sys_ioctl+0x47/0x170 [ 739.338766][T15308] do_syscall_64+0x14d/0xf80 [ 739.338777][T15308] ? trace_irq_disable+0x3b/0x150 [ 739.338794][T15308] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.338812][T15308] ? clear_bhb_loop+0x40/0x90 [ 739.338835][T15308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.338853][T15308] RIP: 0033:0x7fb5b0ddc819 [ 739.338870][T15308] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 739.338886][T15308] RSP: 002b:00007fb5af02e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 739.338904][T15308] RAX: ffffffffffffffda RBX: 00007fb5b1055fa0 RCX: 00007fb5b0ddc819 [ 739.338912][T15308] RDX: 00002000000000c0 RSI: 000000004008550c RDI: 0000000000000003 [ 739.338920][T15308] RBP: 00007fb5af02e090 R08: 0000000000000000 R09: 0000000000000000 [ 739.338927][T15308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 739.338933][T15308] R13: 00007fb5b1056038 R14: 00007fb5b1055fa0 R15: 00007ffe3ac963c8 [ 739.338950][T15308] [ 739.345842][T15308] ERROR: Out of memory at tomoyo_realpath_from_path. [ 740.626119][T15315] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3106'. [ 741.068360][T15327] 9p: Bad value for 'rfdno' [ 741.274465][T11891] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 741.289934][T11892] usb 1-1: new full-speed USB device number 73 using dummy_hcd [ 741.430664][T11891] usb 3-1: Using ep0 maxpacket: 32 [ 741.435890][T11891] usb 3-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 741.435975][T11891] usb 3-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 741.436002][T11891] usb 3-1: config 0 interface 0 has no altsetting 0 [ 741.436035][T11891] usb 3-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 741.436056][T11891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.495588][T11892] usb 1-1: not running at top speed; connect to a high speed hub [ 741.508241][T11892] usb 1-1: config 3 has an invalid interface number: 81 but max is 0 [ 741.508268][T11892] usb 1-1: config 3 has no interface number 0 [ 741.508314][T11892] usb 1-1: config 3 interface 81 altsetting 6 endpoint 0xD has invalid wMaxPacketSize 0 [ 741.508336][T11892] usb 1-1: config 3 interface 81 altsetting 6 endpoint 0xC has invalid maxpacket 1413, setting to 64 [ 741.508408][T11892] usb 1-1: config 3 interface 81 has no altsetting 0 [ 741.568929][T11892] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=e5.ba [ 741.569160][T11892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.569181][T11892] usb 1-1: Product: syz [ 741.569194][T11892] usb 1-1: Manufacturer: syz [ 741.569207][T11892] usb 1-1: SerialNumber: syz [ 741.608245][T11891] usb 3-1: config 0 descriptor?? [ 741.674072][T15326] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 741.686617][T15337] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3116'. [ 741.696298][ T5960] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 741.736179][T15337] overlay: ./file0 is not a directory [ 741.772179][T15337] fuse: Bad value for 'user_id' [ 741.772200][T15337] fuse: Bad value for 'user_id' [ 741.859866][ T5960] usb 4-1: Using ep0 maxpacket: 32 [ 741.865046][ T5960] usb 4-1: unable to get BOS descriptor or descriptor too short [ 741.867729][ T5960] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 741.867757][ T5960] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 741.867882][ T5960] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 239, using maximum allowed: 30 [ 741.867918][ T5960] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 239 [ 741.929912][ T5960] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000c, bcdDevice= 0.40 [ 741.930007][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 741.930025][ T5960] usb 4-1: Product:  [ 741.930038][ T5960] usb 4-1: Manufacturer: 쇘⻮җ⟇⯿鄇ﯥڵ뼷臑趑넞籦㣅 [ 741.930053][ T5960] usb 4-1: SerialNumber: syz [ 742.159497][ T860] kworker/0:2 (860) used greatest stack depth: 15264 bytes left [ 742.230567][T15343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 742.239418][T15343] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 742.274648][ T5960] usb 4-1: unit 3 not found! [ 742.308766][T15345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 742.309577][T15345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 742.324302][T15341] FAULT_INJECTION: forcing a failure. [ 742.324302][T15341] name failslab, interval 1, probability 0, space 0, times 0 [ 742.324338][T15341] CPU: 1 UID: 0 PID: 15341 Comm: syz.6.3117 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 742.324363][T15341] Tainted: [L]=SOFTLOCKUP [ 742.324369][T15341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 742.324380][T15341] Call Trace: [ 742.324387][T15341] [ 742.324395][T15341] dump_stack_lvl+0xe8/0x150 [ 742.324426][T15341] should_fail_ex+0x46b/0x600 [ 742.324456][T15341] should_failslab+0xa8/0x100 [ 742.324486][T15341] __kmalloc_noprof+0xdf/0x7b0 [ 742.324504][T15341] ? tomoyo_encode+0x28b/0x550 [ 742.324530][T15341] tomoyo_encode+0x28b/0x550 [ 742.324556][T15341] tomoyo_realpath_from_path+0x58d/0x5d0 [ 742.324587][T15341] ? tomoyo_path_number_perm+0x219/0x630 [ 742.324607][T15341] tomoyo_path_number_perm+0x246/0x630 [ 742.324628][T15341] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 742.324651][T15341] ? __lock_acquire+0x6b5/0x2cf0 [ 742.324701][T15341] ? __fget_files+0x2a/0x420 [ 742.324733][T15341] ? __fget_files+0x2a/0x420 [ 742.324750][T15341] ? __fget_files+0x3a6/0x420 [ 742.324771][T15341] ? __fget_files+0x2a/0x420 [ 742.324796][T15341] security_file_ioctl+0xc3/0x2a0 [ 742.324817][T15341] __se_sys_ioctl+0x47/0x170 [ 742.324838][T15341] do_syscall_64+0x14d/0xf80 [ 742.324857][T15341] ? trace_irq_disable+0x3b/0x150 [ 742.324877][T15341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.324895][T15341] ? clear_bhb_loop+0x40/0x90 [ 742.324917][T15341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.324935][T15341] RIP: 0033:0x7f38b880c819 [ 742.324953][T15341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.324969][T15341] RSP: 002b:00007f38b6a66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 742.324988][T15341] RAX: ffffffffffffffda RBX: 00007f38b8a85fa0 RCX: 00007f38b880c819 [ 742.325002][T15341] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 742.325013][T15341] RBP: 00007f38b6a66090 R08: 0000000000000000 R09: 0000000000000000 [ 742.325024][T15341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.325034][T15341] R13: 00007f38b8a86038 R14: 00007f38b8a85fa0 R15: 00007fff477fcd78 [ 742.325064][T15341] [ 742.325084][T15341] ERROR: Out of memory at tomoyo_realpath_from_path. [ 742.488930][T11891] usbhid 3-1:0.0: can't add hid device: -71 [ 742.493923][T11891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 742.608192][T11891] usb 3-1: USB disconnect, device number 15 [ 742.746630][ T5960] usb 4-1: USB disconnect, device number 86 [ 742.878835][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 742.902477][ T37] kauditd_printk_skb: 36 callbacks suppressed [ 742.902496][ T37] audit: type=1326 audit(2000000281.830:8376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.906744][ T37] audit: type=1326 audit(2000000281.830:8377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.906791][ T37] audit: type=1326 audit(2000000281.830:8378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.907696][ T37] audit: type=1326 audit(2000000281.830:8379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.907749][ T37] audit: type=1326 audit(2000000281.830:8380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.908681][ T37] audit: type=1326 audit(2000000281.830:8381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.908728][ T37] audit: type=1326 audit(2000000281.830:8382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.909653][ T37] audit: type=1326 audit(2000000281.830:8383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.909703][ T37] audit: type=1326 audit(2000000281.830:8384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.920016][ T37] audit: type=1326 audit(2000000281.830:8385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15349 comm="syz.5.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 742.923436][T15351] FAULT_INJECTION: forcing a failure. [ 742.923436][T15351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 742.923469][T15351] CPU: 1 UID: 0 PID: 15351 Comm: syz.6.3119 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 742.923495][T15351] Tainted: [L]=SOFTLOCKUP [ 742.923502][T15351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 742.923512][T15351] Call Trace: [ 742.923520][T15351] [ 742.923529][T15351] dump_stack_lvl+0xe8/0x150 [ 742.923559][T15351] should_fail_ex+0x46b/0x600 [ 742.923588][T15351] _copy_from_user+0x2d/0xb0 [ 742.923607][T15351] kstrtouint_from_user+0xd6/0x180 [ 742.923632][T15351] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 742.923660][T15351] ? __lock_acquire+0x6b5/0x2cf0 [ 742.923687][T15351] proc_fail_nth_write+0x8e/0x210 [ 742.923709][T15351] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 742.923735][T15351] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 742.923758][T15351] vfs_write+0x2a3/0xba0 [ 742.923790][T15351] ? __pfx_vfs_write+0x10/0x10 [ 742.923817][T15351] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 742.923838][T15351] ? lockdep_hardirqs_on+0x7a/0x110 [ 742.923857][T15351] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 742.923876][T15351] ? mutex_lock_nested+0x152/0x1d0 [ 742.923897][T15351] ? fdget_pos+0x252/0x320 [ 742.923927][T15351] ksys_write+0x156/0x270 [ 742.923953][T15351] ? __pfx_ksys_write+0x10/0x10 [ 742.923990][T15351] do_syscall_64+0x14d/0xf80 [ 742.924007][T15351] ? trace_irq_disable+0x3b/0x150 [ 742.924026][T15351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.924044][T15351] ? clear_bhb_loop+0x40/0x90 [ 742.924065][T15351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.924083][T15351] RIP: 0033:0x7f38b87cd04e [ 742.924099][T15351] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 742.924114][T15351] RSP: 002b:00007f38b6a44fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 742.924134][T15351] RAX: ffffffffffffffda RBX: 00007f38b6a456c0 RCX: 00007f38b87cd04e [ 742.924147][T15351] RDX: 0000000000000001 RSI: 00007f38b6a450a0 RDI: 0000000000000005 [ 742.924158][T15351] RBP: 00007f38b6a45090 R08: 0000000000000000 R09: 0000000000000000 [ 742.924169][T15351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.924179][T15351] R13: 00007f38b8a86128 R14: 00007f38b8a86090 R15: 00007fff477fcd78 [ 742.924210][T15351] [ 743.284777][T15356] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3122'. [ 743.284932][T15356] x_tables: ip_tables: udp match: only valid for protocol 17 [ 746.352950][T15371] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 746.523344][T11892] redrat3 1-1:3.81: Couldn't find all endpoints [ 746.551666][ T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 747.341599][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.342965][T11892] usb 1-1: USB disconnect, device number 73 [ 747.509842][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 747.514071][ T7860] Bluetooth: hci5: unexpected subevent 0x04 length: 18 > 11 [ 747.515588][ T9] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 747.515612][ T9] usb 7-1: config 0 has no interface number 0 [ 747.515654][ T9] usb 7-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 747.515721][ T9] usb 7-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 747.519285][ T9] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 747.519311][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.519379][ T9] usb 7-1: Product: syz [ 747.519391][ T9] usb 7-1: Manufacturer: syz [ 747.519405][ T9] usb 7-1: SerialNumber: syz [ 747.575877][ T9] usb 7-1: config 0 descriptor?? [ 747.598485][ T9] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 747.659606][T15381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 747.678794][T15381] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 747.787051][ T9] usb 7-1: qt2_setup_urbs - submit read urb failed -90 [ 747.787941][ T9] quatech2 7-1:0.51: probe with driver quatech2 failed with error -90 [ 747.918776][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 747.918794][ T37] audit: type=1326 audit(2000000286.840:8399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 747.985253][ T37] audit: type=1326 audit(2000000286.840:8400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 747.988312][ T37] audit: type=1326 audit(2000000286.910:8401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 747.988697][ T37] audit: type=1326 audit(2000000286.910:8402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 747.988953][ T37] audit: type=1326 audit(2000000286.910:8403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 748.085603][T15387] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 748.919826][ T37] audit: type=1326 audit(2000000287.840:8404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 748.921648][ T37] audit: type=1326 audit(2000000287.840:8405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 748.921696][ T37] audit: type=1326 audit(2000000287.850:8406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 748.925706][ T37] audit: type=1326 audit(2000000287.850:8407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 748.925753][ T37] audit: type=1326 audit(2000000287.850:8408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.2.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe633bfc819 code=0x7ffc0000 [ 749.118304][T15391] FAULT_INJECTION: forcing a failure. [ 749.118304][T15391] name failslab, interval 1, probability 0, space 0, times 0 [ 749.118339][T15391] CPU: 1 UID: 0 PID: 15391 Comm: syz.5.3133 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 749.118365][T15391] Tainted: [L]=SOFTLOCKUP [ 749.118373][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 749.118384][T15391] Call Trace: [ 749.118391][T15391] [ 749.118399][T15391] dump_stack_lvl+0xe8/0x150 [ 749.118429][T15391] should_fail_ex+0x46b/0x600 [ 749.118458][T15391] should_failslab+0xa8/0x100 [ 749.118478][T15391] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 749.118508][T15391] ? __alloc_skb+0x1d0/0x7d0 [ 749.118525][T15391] ? lockdep_hardirqs_on+0x7a/0x110 [ 749.118549][T15391] __alloc_skb+0x1d0/0x7d0 [ 749.118572][T15391] netlink_sendmsg+0x5d4/0xb40 [ 749.118605][T15391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 749.118630][T15391] ? unwind_get_return_address+0x4d/0x90 [ 749.118652][T15391] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 749.118680][T15391] ____sys_sendmsg+0x94c/0x9c0 [ 749.118707][T15391] ? __pfx_____sys_sendmsg+0x10/0x10 [ 749.118736][T15391] ? import_iovec+0x73/0xa0 [ 749.118758][T15391] ___sys_sendmsg+0x2a5/0x360 [ 749.118784][T15391] ? __pfx____sys_sendmsg+0x10/0x10 [ 749.118836][T15391] ? __fget_files+0x2a/0x420 [ 749.118858][T15391] ? __fget_files+0x3a6/0x420 [ 749.118889][T15391] __x64_sys_sendmsg+0x1c3/0x2a0 [ 749.118912][T15391] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 749.118942][T15391] ? __pfx_ksys_write+0x10/0x10 [ 749.118978][T15391] do_syscall_64+0x14d/0xf80 [ 749.119004][T15391] ? trace_irq_disable+0x3b/0x150 [ 749.119024][T15391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.119042][T15391] ? clear_bhb_loop+0x40/0x90 [ 749.119064][T15391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.119080][T15391] RIP: 0033:0x7fefe99fc819 [ 749.119097][T15391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.119113][T15391] RSP: 002b:00007fefe7c4e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 749.119133][T15391] RAX: ffffffffffffffda RBX: 00007fefe9c75fa0 RCX: 00007fefe99fc819 [ 749.119147][T15391] RDX: 0000000020048010 RSI: 0000200000000400 RDI: 0000000000000004 [ 749.119158][T15391] RBP: 00007fefe7c4e090 R08: 0000000000000000 R09: 0000000000000000 [ 749.119169][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 749.119180][T15391] R13: 00007fefe9c76038 R14: 00007fefe9c75fa0 R15: 00007ffcd414a468 [ 749.119208][T15391] [ 749.533201][ T9] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 750.264551][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 750.479842][ T9] usb 4-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 750.479875][ T9] usb 4-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 750.479950][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 750.479983][ T9] usb 4-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 750.480002][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.591859][ T9] usb 4-1: config 0 descriptor?? [ 750.746181][T15406] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3137'. [ 750.749403][T15406] x_tables: ip_tables: udp match: only valid for protocol 17 [ 750.838642][T15408] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3138'. [ 751.460005][T14023] block nbd0: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 150 seconds [ 751.460103][T14023] block nbd0: Possible stuck request ffff8880267e01c0: control (read@1024,1024B). Runtime 150 seconds [ 751.460131][T14023] block nbd0: Possible stuck request ffff8880267e0380: control (read@2048,1024B). Runtime 150 seconds [ 751.460158][T14023] block nbd0: Possible stuck request ffff8880267e0540: control (read@3072,1024B). Runtime 150 seconds [ 751.775307][ T9] kye 0003:0458:5014.002E: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 751.806350][ T9] kye 0003:0458:5014.002E: item fetching failed at offset 5/39 [ 751.808876][ T9] kye 0003:0458:5014.002E: parse failed [ 751.809153][ T9] kye 0003:0458:5014.002E: probe with driver kye failed with error -22 [ 751.914471][T11912] usb 7-1: USB disconnect, device number 17 [ 751.982756][T15412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 751.983292][T15412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 752.009952][T15393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 752.010765][T15393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 752.013446][ T9] usb 4-1: USB disconnect, device number 87 [ 752.043965][T15413] FAULT_INJECTION: forcing a failure. [ 752.043965][T15413] name failslab, interval 1, probability 0, space 0, times 0 [ 752.044000][T15413] CPU: 1 UID: 0 PID: 15413 Comm: syz.2.3139 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 752.044025][T15413] Tainted: [L]=SOFTLOCKUP [ 752.044033][T15413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 752.044043][T15413] Call Trace: [ 752.044051][T15413] [ 752.044059][T15413] dump_stack_lvl+0xe8/0x150 [ 752.044088][T15413] should_fail_ex+0x46b/0x600 [ 752.044117][T15413] should_failslab+0xa8/0x100 [ 752.044137][T15413] kmem_cache_alloc_noprof+0x87/0x680 [ 752.044163][T15413] ? audit_log_start+0x367/0xa40 [ 752.044185][T15413] audit_log_start+0x367/0xa40 [ 752.044208][T15413] ? __pfx_audit_log_start+0x10/0x10 [ 752.044225][T15413] ? __lock_acquire+0x6b5/0x2cf0 [ 752.044255][T15413] audit_seccomp+0x63/0x190 [ 752.044284][T15413] __seccomp_filter+0xd48/0x1ef0 [ 752.044318][T15413] ? __pfx___seccomp_filter+0x10/0x10 [ 752.044340][T15413] ? lockdep_hardirqs_on+0x7a/0x110 [ 752.044360][T15413] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 752.044380][T15413] ? rt_mutex_slowunlock+0x1cb/0x300 [ 752.044402][T15413] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 752.044434][T15413] ? fput+0xa0/0xd0 [ 752.044467][T15413] ? __secure_computing+0xe1/0x2a0 [ 752.044494][T15413] do_syscall_64+0xf4/0xf80 [ 752.044513][T15413] ? trace_irq_disable+0x3b/0x150 [ 752.044532][T15413] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.044550][T15413] ? clear_bhb_loop+0x40/0x90 [ 752.044571][T15413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.044588][T15413] RIP: 0033:0x7fe633bfc819 [ 752.044606][T15413] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 752.044621][T15413] RSP: 002b:00007fe631e4e028 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 752.044640][T15413] RAX: ffffffffffffffda RBX: 00007fe633e75fa0 RCX: 00007fe633bfc819 [ 752.044653][T15413] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 752.044665][T15413] RBP: 00007fe631e4e090 R08: 0000000000000000 R09: 0000000000000000 [ 752.044675][T15413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.044686][T15413] R13: 00007fe633e76038 R14: 00007fe633e75fa0 R15: 00007ffc999f0d68 [ 752.044715][T15413] [ 752.464033][T15416] loop8: detected capacity change from 0 to 4096 [ 752.755590][T15426] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 753.063730][T15432] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 753.177667][ T1505] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 753.976278][ T37] kauditd_printk_skb: 20 callbacks suppressed [ 753.976296][ T37] audit: type=1326 audit(2000000292.900:8427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 753.978988][ T37] audit: type=1326 audit(2000000292.900:8428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103182][ T37] audit: type=1326 audit(2000000292.990:8429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103238][ T37] audit: type=1326 audit(2000000292.990:8430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103323][ T37] audit: type=1326 audit(2000000292.990:8431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103363][ T37] audit: type=1326 audit(2000000292.990:8432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103402][ T37] audit: type=1326 audit(2000000293.000:8433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103491][ T37] audit: type=1326 audit(2000000293.000:8434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103530][ T37] audit: type=1326 audit(2000000293.000:8435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.103567][ T37] audit: type=1326 audit(2000000293.000:8436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15434 comm="syz.3.3145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 754.375198][T11912] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 754.902533][T11912] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 754.902565][T11912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 754.902589][T11912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 754.902610][T11912] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 754.902650][T11912] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 754.902666][T11912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.917215][T11912] usb 7-1: config 0 descriptor?? [ 755.301650][T15444] trusted_key: encrypted_key: master key parameter 'defaqlt' is invalid [ 755.349898][ T5893] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 755.523952][ T5893] usb 1-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 755.523980][ T5893] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 755.555326][T11912] plantronics 0003:047F:FFFF.002F: ignoring exceeding usage max [ 755.572627][ T5893] usb 1-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 755.572656][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 755.572675][ T5893] usb 1-1: Product: syz [ 755.572695][ T5893] usb 1-1: Manufacturer: syz [ 755.572709][ T5893] usb 1-1: SerialNumber: syz [ 755.587779][ T5893] usb 1-1: config 0 descriptor?? [ 755.665711][T11912] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 757.047940][T15437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 757.072817][T15455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 757.075218][T15455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 757.086050][T15437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 757.116849][ T5893] mos7840 1-1:0.0: required endpoints missing [ 757.202485][ T5893] usb 1-1: USB disconnect, device number 74 [ 757.354124][T15460] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3153'. [ 757.455881][T11915] usb 7-1: USB disconnect, device number 18 [ 757.700333][T11892] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 757.869923][T11892] usb 4-1: Using ep0 maxpacket: 32 [ 757.874624][T11892] usb 4-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 757.874658][T11892] usb 4-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 757.875070][T11892] usb 4-1: config 0 interface 0 has no altsetting 0 [ 757.875105][T11892] usb 4-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 757.875128][T11892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.060178][T11892] usb 4-1: config 0 descriptor?? [ 759.328883][T15472] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 759.328902][T15472] IPv6: NLM_F_CREATE should be set when creating new route [ 759.616413][T11892] kye 0003:0458:5014.0030: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 759.619597][T11892] kye 0003:0458:5014.0030: item fetching failed at offset 5/39 [ 759.621165][T11892] kye 0003:0458:5014.0030: parse failed [ 759.621237][T11892] kye 0003:0458:5014.0030: probe with driver kye failed with error -22 [ 759.737408][ T37] kauditd_printk_skb: 47 callbacks suppressed [ 759.737435][ T37] audit: type=1326 audit(2000000298.660:8484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.738198][ T37] audit: type=1326 audit(2000000298.660:8485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.828866][T15463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 759.829325][T15463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 759.846227][ T37] audit: type=1326 audit(2000000298.750:8486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846330][ T37] audit: type=1326 audit(2000000298.760:8487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846372][ T37] audit: type=1326 audit(2000000298.760:8488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846414][ T37] audit: type=1326 audit(2000000298.760:8489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846507][ T37] audit: type=1326 audit(2000000298.760:8490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846549][ T37] audit: type=1326 audit(2000000298.760:8491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.846588][ T37] audit: type=1326 audit(2000000298.760:8492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.849316][ T5893] usb 4-1: USB disconnect, device number 88 [ 759.861597][ T37] audit: type=1326 audit(2000000298.790:8493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15476 comm="syz.5.3158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fefe99fc819 code=0x7ffc0000 [ 759.937039][T15475] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.937816][T15475] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.956147][T15475] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 760.296950][T15480] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3159'. [ 760.840013][ T31] usb 4-1: new low-speed USB device number 89 using dummy_hcd [ 760.993215][ T31] usb 4-1: unable to get BOS descriptor or descriptor too short [ 760.997055][ T31] usb 4-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config [ 760.997609][ T31] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x1 is Bulk; changing to Interrupt [ 760.997636][ T31] usb 4-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 760.997661][ T31] usb 4-1: config 1 interface 0 has no altsetting 0 [ 761.021390][ T31] usb 4-1: string descriptor 0 read error: -22 [ 761.021523][ T31] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 761.021546][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.032472][T15487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 761.032972][T15487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.039973][T15485] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 761.260027][ T31] usb 4-1: USB disconnect, device number 89 [ 761.419909][T11891] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 761.443793][T15501] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3165'. [ 761.540040][ T5893] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 761.590142][T11891] usb 3-1: Using ep0 maxpacket: 32 [ 761.595830][T11891] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 761.595856][T11891] usb 3-1: config 0 has no interface number 0 [ 761.595894][T11891] usb 3-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 761.595964][T11891] usb 3-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 761.641628][T11891] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 761.641646][T11891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.641661][T11891] usb 3-1: Product: syz [ 761.641669][T11891] usb 3-1: Manufacturer: syz [ 761.641676][T11891] usb 3-1: SerialNumber: syz [ 761.686733][T11891] usb 3-1: config 0 descriptor?? [ 761.689878][ T5893] usb 7-1: Using ep0 maxpacket: 8 [ 761.702718][ T5893] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 761.702746][ T5893] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 761.706361][ T5893] usb 7-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 761.706387][ T5893] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.706405][ T5893] usb 7-1: Product: syz [ 761.706418][ T5893] usb 7-1: Manufacturer: syz [ 761.706431][ T5893] usb 7-1: SerialNumber: syz [ 761.745829][ T5893] usb 7-1: config 0 descriptor?? [ 761.764901][T11891] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 761.772401][T15503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 761.775592][T15503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.891085][T11891] usb 3-1: qt2_setup_urbs - submit read urb failed -90 [ 761.891823][T11891] quatech2 3-1:0.51: probe with driver quatech2 failed with error -90 [ 762.203175][ T31] usb 7-1: USB disconnect, device number 19 [ 762.259902][ T5893] usb 4-1: new full-speed USB device number 90 using dummy_hcd [ 763.319699][ T5893] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 763.319762][ T5893] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 763.319781][ T5893] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 763.319841][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 53395, setting to 64 [ 763.328243][ T5893] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 763.328271][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.328289][ T5893] usb 4-1: Product: syz [ 763.328301][ T5893] usb 4-1: Manufacturer: syz [ 763.328308][ T5893] usb 4-1: SerialNumber: syz [ 763.367521][ T5893] usb 4-1: config 0 descriptor?? [ 763.368353][T15506] raw-gadget.5 gadget.3: fail, usb_ep_enable returned -22 [ 763.386611][ T5893] hub 4-1:0.0: bad descriptor, ignoring hub [ 763.386648][ T5893] hub 4-1:0.0: probe with driver hub failed with error -5 [ 763.400886][ T5893] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input36 [ 763.595284][ T5893] usb 4-1: USB disconnect, device number 90 [ 763.736418][T15515] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3170'. [ 763.736609][T15515] x_tables: ip_tables: udp match: only valid for protocol 17 [ 763.934319][T15519] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3172'. [ 764.005971][T15517] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 764.463732][ T5893] usb 3-1: USB disconnect, device number 16 [ 765.053370][T15529] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3174'. [ 767.973579][ T5166] udevd[5166]: worker [13160] /devices/virtual/block/nbd0 is taking a long time [ 769.519795][T15550] netlink: 'syz.5.3179': attribute type 10 has an invalid length. [ 769.726731][T15550] team0: Failed to send options change via netlink (err -105) [ 769.726756][T15550] team0: Port device dummy0 added [ 769.747697][T15551] netlink: 'syz.5.3179': attribute type 10 has an invalid length. [ 769.748904][T15551] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 770.127093][ T5893] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 770.397012][T15551] team0: Port device dummy0 removed [ 770.401681][T15551] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 770.469831][ T5893] usb 4-1: Using ep0 maxpacket: 8 [ 770.472845][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 770.472868][ T5893] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 770.479188][ T5893] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 770.479218][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.479234][ T5893] usb 4-1: Product: syz [ 770.479248][ T5893] usb 4-1: Manufacturer: syz [ 770.479261][ T5893] usb 4-1: SerialNumber: syz [ 770.566018][ T5893] usb 4-1: config 0 descriptor?? [ 770.788734][T15555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 770.789242][T15555] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 771.015489][T11891] usb 4-1: USB disconnect, device number 91 [ 771.366480][ T37] kauditd_printk_skb: 36 callbacks suppressed [ 771.366893][ T37] audit: type=1326 audit(2000000310.290:8530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.409305][ T37] audit: type=1326 audit(2000000310.330:8531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.409498][ T37] audit: type=1326 audit(2000000310.330:8532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.409651][ T37] audit: type=1326 audit(2000000310.330:8533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.487582][ T37] audit: type=1326 audit(2000000310.410:8534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.488607][ T37] audit: type=1326 audit(2000000310.410:8535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.491080][ T37] audit: type=1326 audit(2000000310.410:8536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.491938][ T37] audit: type=1326 audit(2000000310.420:8537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.493877][ T37] audit: type=1326 audit(2000000310.420:8538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 771.496142][ T37] audit: type=1326 audit(2000000310.420:8539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15561 comm="syz.6.3182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38b880c819 code=0x7ffc0000 [ 773.985569][T15581] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3187'. [ 773.985715][T15581] x_tables: ip_tables: udp match: only valid for protocol 17 [ 774.918461][T15584] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.011034][T15584] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.215139][T15584] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 775.263233][T15590] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3189'. [ 775.519235][T15596] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 775.781329][T15599] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 776.794692][T15618] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3198'. [ 776.794825][T15618] x_tables: ip_tables: udp match: only valid for protocol 17 [ 779.070026][T11912] usb 7-1: new low-speed USB device number 20 using dummy_hcd [ 779.307886][T11912] usb 7-1: unable to get BOS descriptor or descriptor too short [ 779.887977][T11912] usb 7-1: config 172 has an invalid descriptor of length 0, skipping remainder of the config [ 779.888005][T11912] usb 7-1: config 172 has 1 interface, different from the descriptor's value: 2 [ 779.888042][T11912] usb 7-1: config 172 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 780.148665][ T7860] Bluetooth: hci1: command 0x0406 tx timeout [ 780.460839][T11912] usb 7-1: string descriptor 0 read error: -22 [ 780.461002][T11912] usb 7-1: New USB device found, idVendor=04cb, idProduct=0127, bcdDevice=3a.be [ 780.461046][T11912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.601593][T11912] gspca_main: finepix-2.14.0 probing 04cb:0127 [ 781.011924][T11912] usb 7-1: USB disconnect, device number 20 [ 781.837430][T15640] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3206'. [ 781.869951][ T11] block nbd0: Possible stuck request ffff8880267e0000: control (read@0,1024B). Runtime 180 seconds [ 781.869983][ T11] block nbd0: Possible stuck request ffff8880267e01c0: control (read@1024,1024B). Runtime 180 seconds [ 781.870000][ T11] block nbd0: Possible stuck request ffff8880267e0380: control (read@2048,1024B). Runtime 180 seconds [ 781.870015][ T11] block nbd0: Possible stuck request ffff8880267e0540: control (read@3072,1024B). Runtime 180 seconds [ 782.025363][ T37] kauditd_printk_skb: 39 callbacks suppressed [ 782.025381][ T37] audit: type=1326 audit(2000000320.950:8579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.027113][ T37] audit: type=1326 audit(2000000320.950:8580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.039537][T15642] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3205'. [ 782.052604][ T37] audit: type=1326 audit(2000000320.980:8581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.052659][ T37] audit: type=1326 audit(2000000320.980:8582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.141562][ T37] audit: type=1326 audit(2000000321.070:8583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.141615][ T37] audit: type=1326 audit(2000000321.070:8584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.148106][ T37] audit: type=1326 audit(2000000321.070:8585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.148156][ T37] audit: type=1326 audit(2000000321.070:8586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.156338][ T37] audit: type=1326 audit(2000000321.080:8587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 782.156408][ T37] audit: type=1326 audit(2000000321.080:8588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15641 comm="syz.0.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5b0ddc819 code=0x7ffc0000 [ 783.026239][T11912] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 783.384651][T11912] usb 3-1: Using ep0 maxpacket: 16 [ 783.551260][T11912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.551301][T11912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.551338][T11912] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 783.551360][T11912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.578833][T11912] usb 3-1: config 0 descriptor?? [ 783.747144][T15663] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3213'. [ 783.748450][T15663] x_tables: ip_tables: udp match: only valid for protocol 17 [ 784.250001][T15659] team0 (unregistering): Port device team_slave_0 removed [ 784.392339][T11912] kye 0003:0458:5016.0031: control desc unexpectedly large [ 784.498661][T15659] team0 (unregistering): Port device team_slave_1 removed [ 784.546394][T11912] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5016.0031/input/input37 [ 784.928527][T11912] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5016.0031/input/input38 [ 784.996578][T11912] kye 0003:0458:5016.0031: input,hiddev0,hidraw1: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.2-1/input0 [ 785.009884][T15674] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3216'. [ 785.013360][T15674] x_tables: ip_tables: udp match: only valid for protocol 17 [ 785.180401][ T1550] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 786.149828][T11913] usb 3-1: reset high-speed USB device number 17 using dummy_hcd [ 786.744932][T15684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3218'. [ 787.129916][ T31] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 787.281247][ T31] usb 7-1: Using ep0 maxpacket: 32 [ 787.285205][ T31] usb 7-1: unable to get BOS descriptor or descriptor too short [ 787.287285][ T31] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 787.287307][ T31] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 787.287340][ T31] usb 7-1: too many endpoints for config 1 interface 1 altsetting 1: 239, using maximum allowed: 30 [ 787.287362][ T31] usb 7-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 239 [ 787.291620][ T31] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000c, bcdDevice= 0.40 [ 787.291645][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.291663][ T31] usb 7-1: Product:  [ 787.291677][ T31] usb 7-1: Manufacturer: 쇘⻮җ⟇⯿鄇ﯥڵ뼷臑趑넞籦㣅 [ 787.291692][ T31] usb 7-1: SerialNumber: syz [ 787.616206][T15697] FAULT_INJECTION: forcing a failure. [ 787.616206][T15697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.616244][T15697] CPU: 0 UID: 0 PID: 15697 Comm: syz.2.3221 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 787.616270][T15697] Tainted: [L]=SOFTLOCKUP [ 787.616277][T15697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 787.616289][T15697] Call Trace: [ 787.616297][T15697] [ 787.616305][T15697] dump_stack_lvl+0xe8/0x150 [ 787.616335][T15697] should_fail_ex+0x46b/0x600 [ 787.616365][T15697] _copy_from_iter+0x1d3/0x1670 [ 787.616388][T15697] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 787.616415][T15697] ? __pfx_policy_nodemask+0x10/0x10 [ 787.616437][T15697] ? __pfx__copy_from_iter+0x10/0x10 [ 787.616466][T15697] ? set_page_refcounted+0xa0/0x1e0 [ 787.616486][T15697] ? page_copy_sane+0x4e/0x270 [ 787.616511][T15697] copy_page_from_iter+0xdd/0x170 [ 787.616539][T15697] tun_get_user+0x1d4b/0x3de0 [ 787.616555][T15697] ? tun_get_user+0x6ff/0x3de0 [ 787.616591][T15697] ? __pfx_tun_get_user+0x10/0x10 [ 787.616627][T15697] ? ref_tracker_alloc+0x332/0x4a0 [ 787.616651][T15697] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 787.616679][T15697] ? tun_get+0x1c/0x2f0 [ 787.616701][T15697] ? tun_get+0x1c/0x2f0 [ 787.616718][T15697] ? tun_get+0x1c/0x2f0 [ 787.616739][T15697] tun_chr_write_iter+0x119/0x200 [ 787.616760][T15697] vfs_write+0x629/0xba0 [ 787.616792][T15697] ? __pfx_vfs_write+0x10/0x10 [ 787.616825][T15697] ? __fget_files+0x2a/0x420 [ 787.616861][T15697] ksys_write+0x156/0x270 [ 787.616887][T15697] ? __pfx_ksys_write+0x10/0x10 [ 787.616922][T15697] do_syscall_64+0x14d/0xf80 [ 787.616942][T15697] ? trace_irq_disable+0x3b/0x150 [ 787.616962][T15697] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.616981][T15697] ? clear_bhb_loop+0x40/0x90 [ 787.617003][T15697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.617021][T15697] RIP: 0033:0x7fe633bbd04e [ 787.617039][T15697] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 787.617061][T15697] RSP: 002b:00007fe631e4dfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 787.617082][T15697] RAX: ffffffffffffffda RBX: 00007fe631e4e6c0 RCX: 00007fe633bbd04e [ 787.617095][T15697] RDX: 0000000000000011 RSI: 0000200000000280 RDI: 00000000000000c8 [ 787.617108][T15697] RBP: 00007fe631e4e090 R08: 0000000000000000 R09: 0000000000000000 [ 787.617119][T15697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 787.617135][T15697] R13: 00007fe633e76038 R14: 00007fe633e75fa0 R15: 00007ffc999f0d68 [ 787.617173][T15697] [ 787.619925][ T31] usb 7-1: unit 3 not found! [ 787.812295][T11912] usb 3-1: USB disconnect, device number 17 [ 788.026412][ T31] usb 7-1: USB disconnect, device number 21 [ 788.129128][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 789.219864][T11891] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 789.391770][T11891] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 789.391790][T11891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 789.391803][T11891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 789.391815][T11891] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 789.391837][T11891] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 789.391883][T11891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.403168][T11891] usb 4-1: config 0 descriptor?? [ 789.990661][T11891] plantronics 0003:047F:FFFF.0032: ignoring exceeding usage max [ 790.055679][T11891] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 790.406636][T15712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 790.407441][T15712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.410588][ T37] kauditd_printk_skb: 10 callbacks suppressed [ 790.410603][ T37] audit: type=1326 audit(2000000329.340:8599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 790.410913][ T37] audit: type=1326 audit(2000000329.340:8600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 790.411520][ T37] audit: type=1326 audit(2000000329.340:8601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 790.412113][ T37] audit: type=1326 audit(2000000329.340:8603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 790.412158][ T37] audit: type=1326 audit(2000000329.340:8602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 790.686682][ T37] audit: type=1326 audit(2000000329.610:8604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 790.714440][ T37] audit: type=1326 audit(2000000329.610:8605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 790.769486][ T37] audit: type=1326 audit(2000000329.670:8606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 790.800085][ T37] audit: type=1326 audit(2000000329.720:8608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15710 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 790.803529][ T37] audit: type=1326 audit(2000000329.690:8607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15716 comm="syz.3.3227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 792.393704][T11891] usb 4-1: USB disconnect, device number 92 [ 795.137582][T15705] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 795.459891][T15736] Bluetooth: hci4: command 0x0406 tx timeout [ 795.568315][T15752] overlayfs: failed to resolve 'default_permissions': -2 [ 795.641047][T15754] bond2: entered promiscuous mode [ 795.646808][T15754] 8021q: adding VLAN 0 to HW filter on device bond2 [ 796.182720][ C1] vxcan1: j1939_tp_rxtimer: 0xffff88806214d800: rx timeout, send abort [ 796.206542][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88806214d800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 797.057822][T15768] FAULT_INJECTION: forcing a failure. [ 797.057822][T15768] name failslab, interval 1, probability 0, space 0, times 0 [ 797.057881][T15768] CPU: 1 UID: 0 PID: 15768 Comm: syz.6.3242 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 797.057908][T15768] Tainted: [L]=SOFTLOCKUP [ 797.057915][T15768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 797.057928][T15768] Call Trace: [ 797.057936][T15768] [ 797.057944][T15768] dump_stack_lvl+0xe8/0x150 [ 797.057975][T15768] should_fail_ex+0x46b/0x600 [ 797.058005][T15768] should_failslab+0xa8/0x100 [ 797.058027][T15768] __kmalloc_noprof+0xdf/0x7b0 [ 797.058046][T15768] ? tomoyo_encode+0x28b/0x550 [ 797.058074][T15768] tomoyo_encode+0x28b/0x550 [ 797.058101][T15768] tomoyo_realpath_from_path+0x58d/0x5d0 [ 797.058135][T15768] ? tomoyo_path_number_perm+0x219/0x630 [ 797.058155][T15768] tomoyo_path_number_perm+0x246/0x630 [ 797.058178][T15768] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 797.058201][T15768] ? __lock_acquire+0x6b5/0x2cf0 [ 797.058255][T15768] ? __fget_files+0x2a/0x420 [ 797.058281][T15768] ? __fget_files+0x2a/0x420 [ 797.058302][T15768] ? __fget_files+0x3a6/0x420 [ 797.058322][T15768] ? __fget_files+0x2a/0x420 [ 797.058349][T15768] security_file_ioctl+0xc3/0x2a0 [ 797.058372][T15768] __se_sys_ioctl+0x47/0x170 [ 797.058394][T15768] do_syscall_64+0x14d/0xf80 [ 797.058415][T15768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.058434][T15768] ? clear_bhb_loop+0x40/0x90 [ 797.058457][T15768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.058475][T15768] RIP: 0033:0x7f38b880c819 [ 797.058493][T15768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 797.058508][T15768] RSP: 002b:00007f38b6a24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 797.058528][T15768] RAX: ffffffffffffffda RBX: 00007f38b8a86180 RCX: 00007f38b880c819 [ 797.058542][T15768] RDX: 0000200000000000 RSI: 0000000040045010 RDI: 0000000000000005 [ 797.058555][T15768] RBP: 00007f38b6a24090 R08: 0000000000000000 R09: 0000000000000000 [ 797.058571][T15768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.058583][T15768] R13: 00007f38b8a86218 R14: 00007f38b8a86180 R15: 00007fff477fcd78 [ 797.058620][T15768] [ 797.058729][T15768] ERROR: Out of memory at tomoyo_realpath_from_path. [ 799.767100][T15736] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 799.782427][T11890] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 799.783334][T15736] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 799.811501][T15736] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 799.813159][T15736] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 799.816548][T15736] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 799.958475][T11890] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 799.958722][T11890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 799.958747][T11890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 799.958767][T11890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 799.958807][T11890] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 799.959040][T11890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.043660][T11890] usb 4-1: config 0 descriptor?? [ 800.052769][T15796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 800.065307][T15796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 800.504610][T15798] netlink: 51 bytes leftover after parsing attributes in process `syz.2.3250'. [ 800.586012][T11890] plantronics 0003:047F:FFFF.0033: ignoring exceeding usage max [ 800.687495][T11890] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 800.920815][T11913] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 800.977304][T15788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 800.978943][T15788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 800.991854][ T37] kauditd_printk_skb: 94 callbacks suppressed [ 800.991872][ T37] audit: type=1326 audit(2000000339.920:8703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 800.992328][ T37] audit: type=1326 audit(2000000339.920:8704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 800.992945][ T37] audit: type=1326 audit(2000000339.920:8705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 800.994382][ T37] audit: type=1326 audit(2000000339.920:8707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 800.994427][ T37] audit: type=1326 audit(2000000339.920:8706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fdaa662c819 code=0x7ffc0000 [ 801.099896][T11913] usb 7-1: Using ep0 maxpacket: 32 [ 801.131106][T11913] usb 7-1: unable to get BOS descriptor or descriptor too short [ 801.148167][T11913] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 801.148193][T11913] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 801.148241][T11913] usb 7-1: too many endpoints for config 1 interface 1 altsetting 1: 239, using maximum allowed: 30 [ 801.148362][T11913] usb 7-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 239 [ 801.206233][T11913] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000c, bcdDevice= 0.40 [ 801.206265][T11913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.206283][T11913] usb 7-1: Product:  [ 801.206349][T11913] usb 7-1: Manufacturer: 쇘⻮җ⟇⯿鄇ﯥڵ뼷臑趑넞籦㣅 [ 801.206365][T11913] usb 7-1: SerialNumber: syz [ 801.236202][ T37] audit: type=1326 audit(2000000340.160:8708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 801.249177][ T37] audit: type=1326 audit(2000000340.170:8709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 801.261448][ T37] audit: type=1326 audit(2000000340.180:8710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 801.265290][ T37] audit: type=1326 audit(2000000340.190:8711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 801.287070][ T37] audit: type=1326 audit(2000000340.190:8712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15785 comm="syz.3.3248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdaa65ed04e code=0x7ffc0000 [ 801.686283][T15809] FAULT_INJECTION: forcing a failure. [ 801.686283][T15809] name failslab, interval 1, probability 0, space 0, times 0 [ 801.686318][T15809] CPU: 1 UID: 0 PID: 15809 Comm: syz.5.3253 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 801.686344][T15809] Tainted: [L]=SOFTLOCKUP [ 801.686350][T15809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 801.686361][T15809] Call Trace: [ 801.686369][T15809] [ 801.686378][T15809] dump_stack_lvl+0xe8/0x150 [ 801.686411][T15809] should_fail_ex+0x46b/0x600 [ 801.686441][T15809] should_failslab+0xa8/0x100 [ 801.686462][T15809] __kmalloc_noprof+0xdf/0x7b0 [ 801.686480][T15809] ? tomoyo_encode+0x28b/0x550 [ 801.686507][T15809] tomoyo_encode+0x28b/0x550 [ 801.686535][T15809] tomoyo_realpath_from_path+0x58d/0x5d0 [ 801.686567][T15809] ? tomoyo_path_number_perm+0x219/0x630 [ 801.686586][T15809] tomoyo_path_number_perm+0x246/0x630 [ 801.686607][T15809] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 801.686630][T15809] ? __lock_acquire+0x6b5/0x2cf0 [ 801.686678][T15809] ? __fget_files+0x2a/0x420 [ 801.686700][T15809] ? __fget_files+0x2a/0x420 [ 801.686720][T15809] ? __fget_files+0x3a6/0x420 [ 801.686739][T15809] ? __fget_files+0x2a/0x420 [ 801.686763][T15809] security_file_ioctl+0xc3/0x2a0 [ 801.686785][T15809] __se_sys_ioctl+0x47/0x170 [ 801.686806][T15809] do_syscall_64+0x14d/0xf80 [ 801.686825][T15809] ? trace_irq_disable+0x3b/0x150 [ 801.686844][T15809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.686862][T15809] ? clear_bhb_loop+0x40/0x90 [ 801.686882][T15809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.686906][T15809] RIP: 0033:0x7fefe99fc819 [ 801.686924][T15809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 801.686938][T15809] RSP: 002b:00007fefe7c4e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 801.686958][T15809] RAX: ffffffffffffffda RBX: 00007fefe9c75fa0 RCX: 00007fefe99fc819 [ 801.686971][T15809] RDX: 0000200000000140 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 801.686982][T15809] RBP: 00007fefe7c4e090 R08: 0000000000000000 R09: 0000000000000000 [ 801.686991][T15809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 801.687000][T15809] R13: 00007fefe9c76038 R14: 00007fefe9c75fa0 R15: 00007ffcd414a468 [ 801.687029][T15809] [ 801.688560][T15809] ERROR: Out of memory at tomoyo_realpath_from_path. [ 801.777689][T15809] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 801.912196][ T7860] Bluetooth: hci6: command tx timeout [ 801.932620][T11913] usb 7-1: unit 3 not found! [ 802.068243][T11913] usb 7-1: USB disconnect, device number 22 [ 802.174412][T13161] udevd[13161]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 802.224078][T11890] usb 4-1: reset high-speed USB device number 93 using dummy_hcd [ 802.348090][T15814] netlink: 'syz.5.3255': attribute type 32 has an invalid length. [ 802.723302][T11912] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 802.961985][T11912] usb 3-1: Using ep0 maxpacket: 16 [ 802.964639][T11912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 802.964671][T11912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 802.964708][T11912] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 802.964730][T11912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.022458][T11912] usb 3-1: config 0 descriptor?? [ 803.077895][T11891] usb 4-1: USB disconnect, device number 93 [ 803.141856][T15793] chnl_net:caif_netlink_parms(): no params data found [ 803.497541][T11912] kye 0003:0458:5016.0034: control desc unexpectedly large [ 803.538442][T11912] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5016.0034/input/input39 [ 803.681524][T11912] input: HID 0458:5016 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5016.0034/input/input40 [ 803.838878][T11912] kye 0003:0458:5016.0034: input,hiddev0,hidraw1: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.2-1/input0 [ 803.989929][ T7860] Bluetooth: hci6: command tx timeout [ 804.646500][T15849] FAULT_INJECTION: forcing a failure. [ 804.646500][T15849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 804.646529][T15849] CPU: 0 UID: 0 PID: 15849 Comm: syz.3.3262 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 804.646545][T15849] Tainted: [L]=SOFTLOCKUP [ 804.646549][T15849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 804.646556][T15849] Call Trace: [ 804.646561][T15849] [ 804.646568][T15849] dump_stack_lvl+0xe8/0x150 [ 804.646588][T15849] should_fail_ex+0x46b/0x600 [ 804.646606][T15849] _copy_to_user+0x31/0xb0 [ 804.646618][T15849] copy_siginfo_to_user+0x22/0xc0 [ 804.646633][T15849] x64_setup_rt_frame+0x77c/0xcb0 [ 804.646647][T15849] ? rt_spin_unlock+0x14f/0x200 [ 804.646674][T15849] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 804.646692][T15849] arch_do_signal_or_restart+0x429/0x830 [ 804.646706][T15849] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 804.646722][T15849] ? ksys_read+0x248/0x270 [ 804.646742][T15849] exit_to_user_mode_loop+0x86/0x480 [ 804.646758][T15849] ? rcu_is_watching+0x15/0xb0 [ 804.646772][T15849] do_syscall_64+0x32d/0xf80 [ 804.646784][T15849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.646794][T15849] ? clear_bhb_loop+0x40/0x90 [ 804.646807][T15849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.646817][T15849] RIP: 0033:0x7fdaa662c817 [ 804.646829][T15849] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 804.646838][T15849] RSP: 002b:00007fdaa4886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 804.646850][T15849] RAX: 0000000000000000 RBX: 00007fdaa68a5fa0 RCX: 00007fdaa662c819 [ 804.646857][T15849] RDX: 0000000000000029 RSI: 0000200000000100 RDI: 0000000000000004 [ 804.646864][T15849] RBP: 00007fdaa4886090 R08: 0000000000000000 R09: 0000000000000000 [ 804.646871][T15849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 804.646877][T15849] R13: 00007fdaa68a6038 R14: 00007fdaa68a5fa0 R15: 00007ffffb02b3d8 [ 804.646892][T15849] [ 804.729384][T15853] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 804.729402][T15853] IPv6: NLM_F_CREATE should be set when creating new route [ 804.769847][T11913] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 806.073598][ T7860] Bluetooth: hci6: command tx timeout [ 806.426986][T15793] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.427523][T15793] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.428880][T15793] bridge_slave_0: entered allmulticast mode [ 806.446039][T15793] bridge_slave_0: entered promiscuous mode [ 806.457483][T15793] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.457821][T15793] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.458466][T15793] bridge_slave_1: entered allmulticast mode [ 806.478217][T15793] bridge_slave_1: entered promiscuous mode [ 806.580354][T11893] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 806.649899][ T5893] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 806.683873][T15793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 806.701005][T15793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 806.742396][T11893] usb 7-1: Using ep0 maxpacket: 8 [ 806.752277][T11893] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 806.752304][T11893] usb 7-1: config 0 has no interface number 0 [ 806.752904][T11893] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 806.752928][T11893] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 806.752951][T11893] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 806.753670][T11893] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 806.753714][T11893] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 806.753734][T11893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 806.849864][ T5893] usb 4-1: Using ep0 maxpacket: 32 [ 806.853447][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short [ 806.874049][ T5893] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 806.874074][ T5893] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 806.874175][ T5893] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 239, using maximum allowed: 30 [ 806.874211][ T5893] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 239 [ 806.881576][T11893] usb 7-1: config 0 descriptor?? [ 806.936759][ T5893] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000c, bcdDevice= 0.40 [ 806.936788][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.936806][ T5893] usb 4-1: Product:  [ 806.936866][ T5893] usb 4-1: Manufacturer: 쇘⻮җ⟇⯿鄇ﯥڵ뼷臑趑넞籦㣅 [ 806.936880][ T5893] usb 4-1: SerialNumber: syz [ 807.064587][T15793] team0: Port device team_slave_0 added [ 807.077330][T15793] team0: Port device team_slave_1 added [ 807.160054][T11893] ldusb 7-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 807.255819][T11893] usb 7-1: USB disconnect, device number 23 [ 807.281554][ T5893] usb 4-1: unit 3 not found! [ 807.343213][T11893] ldusb 7-1:0.55: LD USB Device #1 now disconnected [ 807.552922][ T5893] usb 4-1: USB disconnect, device number 94 [ 807.638932][T15793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 807.639498][T15793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 807.639527][T15793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 807.718776][T15793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 807.718795][T15793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 807.718822][T15793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 807.736108][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 807.791657][T11912] usb 3-1: USB disconnect, device number 18 [ 808.149946][ T7860] Bluetooth: hci6: command tx timeout [ 808.174333][T15793] hsr_slave_0: entered promiscuous mode [ 808.175772][T15793] hsr_slave_1: entered promiscuous mode [ 808.176750][T15793] debugfs: 'hsr0' already exists in 'hsr' [ 808.176776][T15793] Cannot create hsr debugfs directory [ 808.718823][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.960564][T11890] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 809.119829][T11890] usb 3-1: Using ep0 maxpacket: 16 [ 809.127260][T11890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 809.127292][T11890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 809.127381][T11890] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 809.127402][T11890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.182951][T15901] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3274'. [ 809.202474][T11890] usb 3-1: config 0 descriptor?? [ 809.390589][ T38] INFO: task syz.1.2856:14359 blocked for more than 143 seconds. [ 809.390652][ T38] Tainted: G L syzkaller #0 [ 809.390850][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 809.391003][ T38] task:syz.1.2856 state:D stack:24296 pid:14359 tgid:14356 ppid:5796 task_flags:0x400140 flags:0x00080002 [ 809.391222][ T38] Call Trace: [ 809.391231][ T38] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 809.391246][ T38] __schedule+0x1553/0x5240 [ 809.391472][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 809.391687][ T38] ? __pfx___schedule+0x10/0x10 [ 809.391875][ T38] ? schedule+0x90/0x360 [ 809.391900][ T38] schedule+0x164/0x360 [ 809.392090][ T38] io_schedule+0x80/0xe0 [ 809.392246][ T38] folio_wait_bit_common+0x6dd/0xbc0 [ 809.392409][ T38] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 809.392650][ T38] ? __pfx_wake_page_function+0x10/0x10 [ 809.392813][ T38] ? migrate_pages_batch+0xf67/0x4090 [ 809.393106][ T38] migrate_pages_batch+0x1864/0x4090 [ 809.393200][ T38] ? __pfx_compaction_alloc+0x10/0x10 [ 809.393699][ T38] ? __pfx_compaction_free+0x10/0x10 [ 809.393760][ T38] ? __pfx_migrate_pages_batch+0x10/0x10 [ 809.393945][ T38] ? try_to_take_rt_mutex+0x840/0xb00 [ 809.394112][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 809.394144][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 809.394169][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 809.394643][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 809.394850][ T38] migrate_pages+0x20c5/0x2a50 [ 809.395043][ T38] ? __pfx_compaction_free+0x10/0x10 [ 809.395226][ T38] ? __pfx_compaction_alloc+0x10/0x10 [ 809.395575][ T38] ? __pfx_migrate_pages+0x10/0x10 [ 809.395720][ T38] ? rcu_is_watching+0x15/0xb0 [ 809.395743][ T38] ? isolate_migratepages_block+0x3b20/0x43e0 [ 809.395932][ T38] ? isolate_migratepages_block+0x1e21/0x43e0 [ 809.396149][ T38] compact_zone+0x26ec/0x4890 [ 809.440664][ T38] ? __pfx_compact_zone+0x10/0x10 [ 809.440756][ T38] ? rt_mutex_slowunlock+0x1cb/0x300 [ 809.440783][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 809.440823][ T38] sysctl_compaction_handler+0x3f3/0x870 [ 809.440849][ T38] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 809.440957][ T38] ? __kvmalloc_node_noprof+0x3df/0x8e0 [ 809.440980][ T38] ? proc_sys_call_handler+0x3d2/0x830 [ 809.441011][ T38] proc_sys_call_handler+0x4c9/0x830 [ 809.441097][ T38] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 809.441122][ T38] ? __asan_memset+0x22/0x50 [ 809.441152][ T38] iter_file_splice_write+0x9a6/0x10f0 [ 809.441256][ T38] ? __pfx_iter_file_splice_write+0x10/0x10 [ 809.441301][ T38] ? __pfx_iter_file_splice_write+0x10/0x10 [ 809.441325][ T38] direct_splice_actor+0x104/0x160 [ 809.441405][ T38] splice_direct_to_actor+0x545/0xc80 [ 809.441441][ T38] ? __pfx_direct_splice_actor+0x10/0x10 [ 809.441471][ T38] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 809.441560][ T38] do_splice_direct+0x19b/0x2a0 [ 809.441587][ T38] ? __pfx_do_splice_direct+0x10/0x10 [ 809.441610][ T38] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 809.441646][ T38] ? rw_verify_area+0x25b/0x4e0 [ 809.441730][ T38] do_sendfile+0x547/0x7e0 [ 809.441763][ T38] ? __pfx_do_sendfile+0x10/0x10 [ 809.441797][ T38] __se_sys_sendfile64+0xdf/0x1a0 [ 809.441821][ T38] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 809.441907][ T38] do_syscall_64+0x14d/0xf80 [ 809.441928][ T38] ? trace_irq_disable+0x3b/0x150 [ 809.441949][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.441967][ T38] ? clear_bhb_loop+0x40/0x90 [ 809.441990][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.442063][ T38] RIP: 0033:0x7f1ffcedc819 [ 809.442082][ T38] RSP: 002b:00007f1ffb136028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 809.442102][ T38] RAX: ffffffffffffffda RBX: 00007f1ffd155fa0 RCX: 00007f1ffcedc819 [ 809.442115][ T38] RDX: 00002000000000c0 RSI: 0000000000000006 RDI: 0000000000000007 [ 809.442127][ T38] RBP: 00007f1ffcf72c91 R08: 0000000000000000 R09: 0000000000000000 [ 809.442138][ T38] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000 [ 809.442149][ T38] R13: 00007f1ffd156038 R14: 00007f1ffd155fa0 R15: 00007fffeb3e31d8 [ 809.442249][ T38] [ 809.442303][ T38] [ 809.442303][ T38] Showing all locks held in the system: [ 809.442316][ T38] 1 lock held by khungtaskd/38: [ 809.442385][ T38] #0: ffffffff8ddcb980 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 809.442451][ T38] 2 locks held by kworker/u8:13/1550: [ 809.442463][ T38] #0: ffff888019c44938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 810.119901][ T38] #1: ffffc900063c7c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 810.120269][ T38] 6 locks held by kworker/u8:14/1778: [ 810.120299][ T38] 4 locks held by kworker/u8:15/4166: [ 810.120544][ T38] #0: ffff88801aee1138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 810.121388][ T38] #1: ffffc9001036fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 810.122603][ T38] #2: ffffffff8f14eb40 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 810.123201][ T38] #3: ffffffff8ddd1b30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 810.123429][ T38] 1 lock held by klogd/5155: [ 810.123628][ T38] 2 locks held by getty/5556: [ 810.123644][ T38] #0: ffff88803797e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 810.124198][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0 [ 810.124390][ T38] 5 locks held by syz-executor/5783: [ 810.124568][ T38] 2 locks held by kworker/1:5/5889: [ 810.124675][ T38] 7 locks held by kworker/1:2H/9362: [ 810.124723][ T38] 5 locks held by kworker/u8:1/11303: [ 810.124723][ T38] 5 locks held by kworker/u8:1/11303: [ 810.124735][ T38] 5 locks held by kworker/0:8/11890: [ 810.124881][ T38] #0: ffff888021ec9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 810.124925][ T38] #1: ffffc900059efc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 810.125200][ T38] #2: ffff88802963a210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 810.125245][ T38] #3: ffff888058fce210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 810.125845][ T38] #4: ffff8880807dc1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 810.126201][ T38] 6 locks held by kworker/0:10/11891: [ 810.126215][ T38] 3 locks held by kworker/1:9/11912: [ 810.126228][ T38] 1 lock held by udevd/13160: [ 810.126238][ T38] #0: ffff88802675f4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 810.126948][ T38] 4 locks held by kworker/u8:7/14132: [ 810.127148][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa52/0x18c0 [ 810.127374][ T38] #1: ffffc900065d7c40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa8d/0x18c0 [ 810.128223][ T38] #2: ffffffff8dc5bb30 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_enable+0x12/0x20 [ 810.128570][ T38] #3: ffffffff8de9bf98 (jump_label_mutex){+.+.}-{4:4}, at: static_key_enable_cpuslocked+0xcb/0x240 [ 810.128713][ T38] 1 lock held by syz.1.2856/14359: [ 810.128725][ T38] #0: ffff88804c73a480 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 810.129128][ T38] 1 lock held by syz.0.3212/15658: [ 810.129251][ T38] #0: ffff88802675f4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 810.129471][ T38] 2 locks held by syz-executor/15793: [ 810.129957][ T38] 1 lock held by modprobe/15896: [ 810.129971][ T38] 3 locks held by syz.3.3276/15903: [ 810.130040][ T38] #0: ffffffff8f1cb8a0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 810.130130][ T38] #1: ffff88804068e928 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 810.130313][ T38] #2: ffffffff8f15d2f8 (rtnl_mutex){+.+.}-{4:4}, at: ethnl_default_dump_one+0x151/0x7e0 [ 810.130875][ T38] 3 locks held by syz.6.3275/15898: [ 810.130888][ T38] 1 lock held by syz.6.3275/15900: [ 810.305628][ T38] #0: ffffffff8f160ab8 (bpf_dispatcher_xdp.mutex){+.+.}-{4:4}, at: bpf_dispatcher_change_prog+0xc6/0xd70 [ 810.305696][ T38] [ 810.305702][ T38] ============================================= [ 810.305702][ T38] [ 810.305721][ T38] NMI backtrace for cpu 0 [ 810.305743][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 810.305784][ T38] Tainted: [L]=SOFTLOCKUP [ 810.305791][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.305802][ T38] Call Trace: [ 810.305809][ T38] [ 810.305818][ T38] dump_stack_lvl+0xe8/0x150 [ 810.305843][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 810.305865][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 810.305889][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 810.305914][ T38] sys_info+0x135/0x170 [ 810.305934][ T38] watchdog+0xfd9/0x1030 [ 810.305960][ T38] ? watchdog+0x21a/0x1030 [ 810.305985][ T38] kthread+0x388/0x470 [ 810.306004][ T38] ? __pfx_watchdog+0x10/0x10 [ 810.306023][ T38] ? __pfx_kthread+0x10/0x10 [ 810.306043][ T38] ret_from_fork+0x51e/0xb90 [ 810.306069][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 810.306091][ T38] ? __switch_to+0xc7d/0x1450 [ 810.306114][ T38] ? __pfx_kthread+0x10/0x10 [ 810.306131][ T38] ret_from_fork_asm+0x1a/0x30 [ 810.306158][ T38] [ 810.306181][ T38] Sending NMI from CPU 0 to CPUs 1: [ 810.306205][ C1] NMI backtrace for cpu 1 [ 810.306221][ C1] CPU: 1 UID: 0 PID: 11303 Comm: kworker/u8:1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 810.306243][ C1] Tainted: [L]=SOFTLOCKUP [ 810.306248][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.306259][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 810.306281][ C1] RIP: 0010:__sanitizer_cov_trace_switch+0x8a/0x140 [ 810.306302][ C1] Code: 85 c0 0f 84 d2 00 00 00 55 41 57 41 56 41 55 41 54 53 48 8b 54 24 30 65 4c 8b 05 a9 57 8a 10 45 31 c9 41 ba 00 01 00 00 eb 0c <49> ff c1 4c 39 c8 0f 84 86 00 00 00 4e 8b 5c ce 10 65 8b 2d ae 57 [ 810.306315][ C1] RSP: 0018:ffffc900075a7088 EFLAGS: 00000293 [ 810.306328][ C1] RAX: 000000000000002b RBX: 0000000000000000 RCX: 0000000000000001 [ 810.306339][ C1] RDX: ffffffff8aa2fbbf RSI: ffffffff8f41a790 RDI: 00000000000000dd [ 810.306350][ C1] RBP: 0000000000000000 R08: ffff888028528000 R09: 0000000000000024 [ 810.306361][ C1] R10: 0000000000000100 R11: 00000000000000d3 R12: ffff888059694a53 [ 810.306371][ C1] R13: ffff888059694a5c R14: 0000000000000000 R15: 00000000000000dd [ 810.306382][ C1] FS: 0000000000000000(0000) GS:ffff888126432000(0000) knlGS:0000000000000000 [ 810.306395][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 810.306406][ C1] CR2: 00007f192d517e20 CR3: 0000000072780000 CR4: 00000000003526f0 [ 810.306420][ C1] Call Trace: [ 810.306426][ C1] [ 810.306435][ C1] _ieee802_11_parse_elems_full+0xd3f/0x4380 [ 810.306457][ C1] ? arch_stack_walk+0x11b/0x150 [ 810.306512][ C1] ? __pfx__ieee802_11_parse_elems_full+0x10/0x10 [ 810.306538][ C1] ? trace_kmalloc+0x2a/0x110 [ 810.306562][ C1] ? cfg80211_find_elem_match+0x1bf/0x200 [ 810.306582][ C1] ieee802_11_parse_elems_full+0x1226/0x2ab0 [ 810.306621][ C1] ? __pfx_ieee802_11_parse_elems_full+0x10/0x10 [ 810.306646][ C1] ieee80211_ibss_rx_queued_mgmt+0x4ca/0x2cd0 [ 810.306664][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 810.306682][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 810.306700][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 810.306716][ C1] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 810.306733][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 810.306758][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 810.306776][ C1] ? lockdep_hardirqs_on+0x7a/0x110 [ 810.306793][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 810.306809][ C1] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 810.306828][ C1] ? rt_spin_lock+0x1e0/0x400 [ 810.306854][ C1] ? rt_spin_unlock+0x160/0x200 [ 810.306877][ C1] ieee80211_iface_work+0x84e/0x1340 [ 810.306901][ C1] cfg80211_wiphy_work+0x2ab/0x4a0 [ 810.306920][ C1] ? process_scheduled_works+0xa8d/0x18c0 [ 810.306941][ C1] process_scheduled_works+0xb6e/0x18c0 [ 810.306974][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 810.306996][ C1] ? assign_work+0x3d5/0x5e0 [ 810.307017][ C1] worker_thread+0xa53/0xfc0 [ 810.307049][ C1] kthread+0x388/0x470 [ 810.307064][ C1] ? __pfx_worker_thread+0x10/0x10 [ 810.307082][ C1] ? __pfx_kthread+0x10/0x10 [ 810.307098][ C1] ret_from_fork+0x51e/0xb90 [ 810.307118][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 810.307135][ C1] ? __switch_to+0xc7d/0x1450 [ 810.307154][ C1] ? __pfx_kthread+0x10/0x10 [ 810.307170][ C1] ret_from_fork_asm+0x1a/0x30 [ 810.307192][ C1] [ 810.360899][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 810.360930][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 810.360956][ T38] Tainted: [L]=SOFTLOCKUP [ 810.360963][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.360975][ T38] Call Trace: [ 810.360982][ T38] [ 810.360990][ T38] vpanic+0x56c/0xa60 [ 810.361020][ T38] ? __pfx___schedule+0x10/0x10 [ 810.361041][ T38] ? __pfx_vpanic+0x10/0x10 [ 810.361074][ T38] panic+0xc5/0xd0 [ 810.361096][ T38] ? __pfx_panic+0x10/0x10 [ 810.361121][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 810.361147][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 810.361176][ T38] watchdog+0x1023/0x1030 [ 810.361203][ T38] ? watchdog+0x21a/0x1030 [ 810.361232][ T38] kthread+0x388/0x470 [ 810.361260][ T38] ? __pfx_watchdog+0x10/0x10 [ 810.361279][ T38] ? __pfx_kthread+0x10/0x10 [ 810.361300][ T38] ret_from_fork+0x51e/0xb90 [ 810.361325][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 810.361347][ T38] ? __switch_to+0xc7d/0x1450 [ 810.361372][ T38] ? __pfx_kthread+0x10/0x10 [ 810.361392][ T38] ret_from_fork_asm+0x1a/0x30 [ 810.361424][ T38] [ 810.361782][ T38] Kernel Offset: disabled