last executing test programs: 15m26.368074518s ago: executing program 1 (id=2278): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$inet_sctp(r1, &(0x7f0000002140)=[{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000001c0)="ae", 0x1}], 0x1, 0x0, 0x0, 0x84}], 0x1, 0x4088010) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000002c0)={0x10000018}) ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000080)={0x1, 0xffffffff, 0x4, 0xfffffffd, 0x9, 0x401}) syz_open_procfs$userns(0x0, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/igmp6\x00') preadv(r0, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102381, 0x18fed}], 0x1, 0x81, 0xfffffffe) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0485510, &(0x7f0000000100)={0x2, 0x34, 0xaa4a, 0xe, &(0x7f0000000300)=[{}, {}, {}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r5, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0) r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) writev(r6, &(0x7f0000002100), 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r7, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0xfffd, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r6, 0x0, 0x2f) openat$adsp1(0xffffffffffffff9c, 0x0, 0x20000, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./control\x00', 0xb4000964) unshare(0x40000000) 15m25.303631664s ago: executing program 1 (id=2281): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r3 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x7fff, &(0x7f0000000240)="12d6cacc400cb28384641a92606ff1d67f7718dadaa571f32ee2eb179974146cb14384e0e9a430de36da9cfa0941cbdb45400dbbf771a9f0d840b73de0cb08d1d3be1afc46") ptrace$setregset(0x4205, r3, 0x1, &(0x7f00000001c0)={&(0x7f0000000100)="023e540000530c0648444f138d9c176b04f0f91de6b9fe593adb984dcb636b3f3b825c376f2b", 0x26}) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, &(0x7f00000000c0)) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000480)={{0x3, 0x3, 0x24000000, 0x3ff, '\x00', 0x6}, 0x1, [0x9, 0x11, 0xfffffffffffffff9, 0x5, 0x12, 0x1, 0x4, 0xff, 0xffffffffffffffff, 0x9, 0x1, 0x8, 0xfffffffffffffff7, 0x4, 0x3ff, 0x1, 0x4, 0x486, 0xc0010, 0x9, 0x1, 0x3ff, 0x5, 0x5, 0x80, 0x0, 0x4, 0x6, 0x1, 0x9, 0xfffffffffffffffe, 0x71, 0xa, 0x2, 0x1ff, 0x7fffffff, 0x9, 0x4, 0x5, 0x10, 0xfffffffffffffff7, 0x16, 0x9db6, 0x7f, 0xfffffffffffffff2, 0x2, 0x5, 0x7, 0x0, 0x8, 0x3, 0x303, 0xa2, 0x7ffc, 0x3, 0x400, 0x9, 0x1fd, 0x80000001, 0x2, 0x3ff, 0xffffffff, 0x3, 0x8, 0xffff, 0x0, 0x10000, 0xffffffffffffffff, 0x5, 0x3, 0x8000000000000005, 0x9, 0xec, 0x7f, 0xfffffffe, 0x100000000, 0x9f1a, 0xfffffffe, 0x100000001, 0x8, 0x0, 0x9, 0x3, 0x9, 0x1, 0x4, 0x3, 0xa, 0x8, 0x8, 0x1, 0x2, 0x4, 0x8, 0xe73, 0xfffffffffffffff7, 0xb, 0x8000000000000000, 0x6, 0x9, 0x5, 0x639, 0x8000000000000000, 0x4, 0x400, 0x9a06, 0x9, 0xffffffff00000000, 0x3, 0xb3, 0x200080000001, 0x5, 0x1000000000d30, 0x7, 0x4, 0x256, 0x6ff, 0x3, 0x7, 0x1ff, 0x6, 0x9, 0x7, 0x1b485fe1, 0x7, 0x7, 0x7, 0x9]}) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000200), 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x0) personality(0x8040000) io_setup(0xffff, &(0x7f0000001e00)) r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000080)={0x8000, 0x3, 0x5}) ioctl$DRM_IOCTL_MODE_CURSOR(r7, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x7ffffff3, 0x8000ffff, 0xa, 0x1ff, 0xc5}) 15m22.735954699s ago: executing program 1 (id=2291): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x22, 0x0, &(0x7f0000000340)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000014140)='/proc/meminfo\x00', 0x0, 0x0) mq_timedreceive(r2, 0x0, 0x0, 0xb40, 0x0) open(&(0x7f0000000380)='./bus\x00', 0xa000, 0x100) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a) close(r4) r5 = io_uring_setup(0x3efa, &(0x7f00000001c0)={0x0, 0xf719, 0x4000, 0xfffffffe}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r5, 0xb, &(0x7f0000000080)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x2}], 0x1) io_uring_register$IORING_REGISTER_RESTRICTIONS(r5, 0xb, 0x0, 0x0) open(&(0x7f00000001c0)='./bus\x00', 0x143bc2, 0x1c0) set_mempolicy(0x0, &(0x7f0000000080)=0x6, 0x20000008) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000580)={0x7, 0x0, [{0x4, 0x6, 0x1, 0x7, 0x40006, 0x100, 0x2}, {0x40000000, 0x4, 0x0, 0x7fff, 0x27, 0x7, 0x5}, {0x7, 0x8, 0x0, 0x2, 0xbb69, 0x5, 0xffff}, {0xb, 0xf5f, 0x0, 0x7, 0x0, 0x6, 0x7ffffffd}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x62, 0x400}, {0x2, 0x1, 0x5, 0x9, 0x4, 0x4, 0x3}, {0x1, 0x8d3d, 0x6, 0x9, 0x3ff, 0x1, 0x3}]}) r9 = syz_io_uring_setup(0xf03, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x800, 0x370}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000040)=0x0) r13 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x7fffffffffffffff]}, 0x8, 0x80000) io_setup(0x206, &(0x7f0000000200)=0x0) io_submit(r14, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, r13, &(0x7f00000003c0)="951aa14bd6f68579cac67c83bf8d4500e5cea1bb1596d4ee6645fa16fa7cacb9214070a622a2c57b89075f59b85c7b5b2c41edc9d2cd5a2c95ed1c2cf72425be9c1a2df1b60a309bd5228d7e85b300f0d7a042a40166b9208e9d2e423c32ad8e47adedf5dc425c6bcb031fb2230835d41afc23476eae602bad3246417e5ac757", 0x80}]) r15 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, r11, r12, &(0x7f0000000000)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x4, 0x718a, 0x0, 0x0, 0x12, 0x1, {0x2, r15}}) setxattr$system_posix_acl(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="a3432084ad16fb200bb52e53834ff793a5430e4b794025263524cd4ac1219b3792301c24e22d4b33267dfcba88ea71bce5aef1b90656eb8d253e443382be323aafbec7e268787485b046586ed9537e086f0c14e46f4cf9c9a17b5cbc578f1128b4f62cc29d4aab2b6202f1d6b770d3efa1e7dbe1c8974663b0c7fb0000000000000ce4635b0e84f6c1f3387fdf5610d275cdfd1484bcc68beac5c40268d596acc7948191c5bf2a6a4a877e04d0b6db147d1206ed6c33805461cbca90ad366bcf44fa7fe82f00adbf739a05"], 0xff3c, 0x1) ioctl$F2FS_IOC_GET_PIN_FILE(r9, 0x8004f50e, &(0x7f00000003c0)) r16 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') setns(r16, 0x0) 15m21.92221492s ago: executing program 1 (id=2294): syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000440)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = fsopen(&(0x7f0000000200)='iso9660\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00') 15m21.785823112s ago: executing program 1 (id=2295): r0 = syz_open_dev$vim2m(&(0x7f0000000400), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x0, 0x7, 0x32315241, 0x35315852, 0x7, [{0x0, 0xdf}, {0x5, 0x2}, {0x1002}, {0x7}, {0xb487, 0x3316aa71}, {0x0, 0x40}, {0x100000, 0x13ff}], 0x0, 0x0, 0x7}}) syz_open_dev$loop(&(0x7f0000001780), 0x101, 0x200) socket$vsock_stream(0x28, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a14604fe52837a19dd6952fe2724c0105ab158a54a4a23ff0f4bc43c0e0e426e51258e40bb4b68ff4e3a8fe314a0"], &(0x7f0000000140)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000780)=r2, 0x4) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x4, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x150}, 0x40) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) r3 = syz_open_procfs(0x0, &(0x7f0000000680)='fdinfo\x00') getdents(r3, &(0x7f0000001ec0)=""/4096, 0x1000) 15m20.395825647s ago: executing program 1 (id=2299): exit(0x8001) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x4, 0x7c}}}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0xc}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_HIDDEN_SSID={0xf, 0x7e, @random="81e1a20361988c65413877"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8014}, 0x40) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1) sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x10c, r3, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x84, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff2996}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x74}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4040000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6b1e80a4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa417}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xaff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3fab}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r5, &(0x7f00000003c0)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x8}, 0x1c) r6 = openat$vga_arbiter(0xffffff9c, &(0x7f0000000400), 0x40000, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x40, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x8}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3a}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x0) shutdown(r4, 0x1) syz_genetlink_get_family_id$fou(&(0x7f0000000540), r4) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f00000005c0)={0x8, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) munlockall() r7 = socket$kcm(0x29, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82187202, &(0x7f0000000600)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, &(0x7f0000000840)={0x0, 0xec1d}, 0x8) pipe2(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) poll(&(0x7f00000008c0)=[{r6, 0x2}, {r4, 0xc084}, {r9, 0x1000}], 0x3, 0x7) r11 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r11, 0x84, 0x4, &(0x7f0000000900), &(0x7f0000000940)=0x4) r12 = syz_genetlink_get_family_id$mptcp(&(0x7f00000009c0), r9) sendmsg$MPTCP_PM_CMD_GET_ADDR(r9, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, r12, 0x100, 0x70bd25, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000800) syz_open_dev$sndctrl(&(0x7f0000000ac0), 0x9, 0x400000) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000b00)={0x3, 0x0, [{0x40000001, 0xfffffff7, 0x1, 0x4, 0x81, 0x69, 0x2}, {0x80000001, 0x2, 0x1, 0x2, 0x9, 0x5}, {0x80000019, 0x1, 0x3, 0x1000, 0xaf6, 0x1800000, 0x80000000}]}) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000b80)={'wlan0\x00'}) openat$fuse(0xffffff9c, &(0x7f0000000bc0), 0x2, 0x0) 15m18.953802754s ago: executing program 32 (id=2299): exit(0x8001) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x4, 0x7c}}}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0xc}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_HIDDEN_SSID={0xf, 0x7e, @random="81e1a20361988c65413877"}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8014}, 0x40) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1) sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x10c, r3, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x84, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff2996}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x74}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4040000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6b1e80a4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa417}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xaff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3fab}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r5, &(0x7f00000003c0)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x8}, 0x1c) r6 = openat$vga_arbiter(0xffffff9c, &(0x7f0000000400), 0x40000, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x40, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x8}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3a}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x0) shutdown(r4, 0x1) syz_genetlink_get_family_id$fou(&(0x7f0000000540), r4) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f00000005c0)={0x8, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) munlockall() r7 = socket$kcm(0x29, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82187202, &(0x7f0000000600)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r8, 0x84, 0x71, &(0x7f0000000840)={0x0, 0xec1d}, 0x8) pipe2(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) poll(&(0x7f00000008c0)=[{r6, 0x2}, {r4, 0xc084}, {r9, 0x1000}], 0x3, 0x7) r11 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r11, 0x84, 0x4, &(0x7f0000000900), &(0x7f0000000940)=0x4) r12 = syz_genetlink_get_family_id$mptcp(&(0x7f00000009c0), r9) sendmsg$MPTCP_PM_CMD_GET_ADDR(r9, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, r12, 0x100, 0x70bd25, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000800) syz_open_dev$sndctrl(&(0x7f0000000ac0), 0x9, 0x400000) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000b00)={0x3, 0x0, [{0x40000001, 0xfffffff7, 0x1, 0x4, 0x81, 0x69, 0x2}, {0x80000001, 0x2, 0x1, 0x2, 0x9, 0x5}, {0x80000019, 0x1, 0x3, 0x1000, 0xaf6, 0x1800000, 0x80000000}]}) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000b80)={'wlan0\x00'}) openat$fuse(0xffffff9c, &(0x7f0000000bc0), 0x2, 0x0) 8.46832038s ago: executing program 4 (id=5535): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r0) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x80) (fail_nth: 8) 8.38365414s ago: executing program 4 (id=5536): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="020200030200000000000000feffffff020005000020000002004e23ac141426000000000000000002000100000000000000000b00000a00000000000000000002004e222000"/80], 0x50}}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r6, 0xaea2, 0xffffffffffff7fff) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x0, 0x58000, 0x2000, &(0x7f0000775000/0x2000)=nil}) r7 = dup(r6) ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x802) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201"], 0x0) ioctl$EVIOCGKEYCODE_V2(r8, 0x80284504, &(0x7f0000000040)=""/185) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500001c000000008002907800000000e000030000009078006424d0"], 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r10, {}, {}, {0xfff3, 0x9}}}, 0x24}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0xa}, @multicast2=0xe0000300, 0xffffffffffffffff, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) syz_usb_connect(0x5, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000096d5c4004233e0269d7010203110902120001000000000904"], 0x0) 6.667923102s ago: executing program 0 (id=5542): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000088a8ffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 5.484014137s ago: executing program 5 (id=5548): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000404c057403000000000001090224000100003000090400fe020300040009212000000122240009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x18, &(0x7f00000000c0)={0x40, 0x21, 0x31, {0x31, 0x11, "5956eb8c9fdbf5be71ce9dbf2a8c19b8ab0855ad6c1824b77155f46237f09aea321b6a4f64ea84db5ed94d144d79ff"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 5.071918375s ago: executing program 0 (id=5549): r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r0, 0x0) syz_clone(0x25000, 0x0, 0x0, 0x0, 0x0, 0x0) 4.595778898s ago: executing program 0 (id=5553): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033"], 0x340a) 4.029997006s ago: executing program 4 (id=5554): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/29, 0xfffffffffffffd0b, 0x10022, 0x0, 0xfffffe74) 3.558994118s ago: executing program 2 (id=5557): socket$kcm(0x11, 0x200000000000002, 0x300) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x10, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000011c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$vcsu(0xffffff9c, &(0x7f0000000240), 0x80, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0xf01, &(0x7f0000000080)={0x0, 0x6bb8, 0xc00, 0x6, 0x42f6}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x10}) io_uring_enter(r0, 0x742f, 0x77ae, 0x1, 0x0, 0x0) 3.468680353s ago: executing program 5 (id=5558): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000840)="a6", 0x1, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) 3.271064277s ago: executing program 0 (id=5559): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000001c0)={&(0x7f00000017c0)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000700)=[@rdma_args={0x48, 0x114, 0x1, {{0xfffffff8, 0x4}, {0x0}, &(0x7f0000001800)=[{0x0}], 0x1, 0x8, 0x3}}], 0x48}, 0x0) 3.270805657s ago: executing program 5 (id=5560): sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x34}}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062007d82000000000000002240f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 3.204349171s ago: executing program 2 (id=5561): socket$kcm(0x2b, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000084) 3.114394715s ago: executing program 0 (id=5562): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x18, &(0x7f00000001c0)={0x20, 0x5, 0x1, 'm'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000100)={0x0, 0x16, 0x2, "1959"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.892324918s ago: executing program 4 (id=5563): syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) socket$kcm(0x10, 0x2, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0xa) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0xb4) ftruncate(r2, 0x2007ffb) close(r2) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x8000003d) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) 2.717631211s ago: executing program 2 (id=5564): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f00000001c0)={0x0, 0x1, 0x5}) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x84042, 0x1fb) write$P9_RSETATTR(r2, &(0x7f0000000140)={0x7, 0x1b, 0x2}, 0x7) mremap(&(0x7f000046d000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) open$dir(&(0x7f0000000180)='./file0\x00', 0x119000, 0x151) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 2.115771539s ago: executing program 3 (id=5566): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c0001400000000000000007140000001100"], 0xdc}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000800)={0x2, 0xce24, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r2, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) 1.945015192s ago: executing program 5 (id=5567): socket$packet(0x11, 0xa, 0x300) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x5, 0x27, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b75c7f4047050102641101020301090212000100"], 0x0) socket$inet_tcp(0x2, 0x1, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r0], 0x7) 1.718983658s ago: executing program 3 (id=5568): r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) socket$kcm(0x2, 0xa, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x800000000000000, 0x0, 0x0, 0x800, 0x0, 0x8100000}, 0x0, &(0x7f0000000080)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6a9, 0x3ac8}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 1.664393411s ago: executing program 2 (id=5569): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2058) write$FUSE_LSEEK(r0, &(0x7f00000021c0)={0x18, 0x0, r1, {0x7}}, 0x18) pivot_root(&(0x7f0000000080)='./file0/file0\x00', 0x0) mprotect(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x1000003) stat(&(0x7f0000000000)='./file0\x00', 0x0) 1.525765274s ago: executing program 3 (id=5570): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x200000a0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregs(0xf, r2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58) 1.065475838s ago: executing program 4 (id=5571): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000340)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x4) ioctl$DVB_DEMUX_DMX_SET_BUFFER_SIZE(0xffffffffffffffff, 0x6f2d, 0x94) sched_getaffinity(0x0, 0x8, &(0x7f0000000400)) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x11e, 0x483, 0x0, &(0x7f0000001400)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000004c0)=0x7f) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)=0x7) read$dsp(r3, &(0x7f0000000280)=""/79, 0x4f) 727.554288ms ago: executing program 3 (id=5572): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000400)=""/85, 0x0, 0x80a0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0x4}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) 727.360698ms ago: executing program 2 (id=5573): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0xe1ad}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 594.026256ms ago: executing program 2 (id=5574): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) write$binfmt_misc(r3, &(0x7f0000000980), 0xfdef) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 586.791219ms ago: executing program 3 (id=5575): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x4, 0x1ff, 0x5}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) close_range(r0, 0xffffffffffffffff, 0x0) 408.445359ms ago: executing program 5 (id=5576): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = eventfd2(0x2, 0x1) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="6effef930c53dea1", 0x8}, {&(0x7f0000000280)="7e75c01071cb6c74", 0x8}], 0x2) 363.240138ms ago: executing program 3 (id=5577): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001100)=@newsa={0x134, 0x10, 0x1, 0x70bd2b, 0x0, {{@in6=@private1, @in6=@mcast1, 0x0, 0xecdf, 0x0, 0x200}, {@in=@broadcast, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x8, 0x4007ff, 0x0, 0x400}, {}, 0x0, 0x3507, 0xa, 0x4, 0x0, 0x2c}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}]}, 0x134}}, 0x4050) 111.833969ms ago: executing program 5 (id=5578): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, 0x0, 0xc000) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x2, 0x25dfdbfe, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) 286.099µs ago: executing program 4 (id=5579): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000003440)=[{{&(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000580)='c', 0x1}], 0x1}}], 0x1, 0x894) 0s ago: executing program 0 (id=5580): prlimit64(0x0, 0xe, 0x0, 0x0) sync() sync() kernel console output (not intermixed with test programs): onsistent configuration, please check. [ 1690.071348][ T10] adutux 4-1:168.0: interrupt endpoints not found [ 1690.097053][T25356] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1690.339793][ T10] usb 4-1: USB disconnect, device number 15 [ 1691.015665][T25390] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1691.717900][T25398] FAULT_INJECTION: forcing a failure. [ 1691.717900][T25398] name failslab, interval 1, probability 0, space 0, times 0 [ 1691.761448][T17507] usb 6-1: USB disconnect, device number 105 [ 1691.832744][T25398] CPU: 0 UID: 0 PID: 25398 Comm: syz.3.5156 Tainted: G L syzkaller #0 PREEMPT(full) [ 1691.832778][T25398] Tainted: [L]=SOFTLOCKUP [ 1691.832788][T25398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1691.832801][T25398] Call Trace: [ 1691.832809][T25398] [ 1691.832819][T25398] dump_stack_lvl+0xe8/0x150 [ 1691.832855][T25398] should_fail_ex+0x412/0x560 [ 1691.832896][T25398] should_failslab+0xa8/0x100 [ 1691.832927][T25398] __kmalloc_noprof+0xe8/0x760 [ 1691.832953][T25398] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1691.832984][T25398] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1691.833018][T25398] ? tomoyo_path_number_perm+0x219/0x630 [ 1691.833050][T25398] tomoyo_path_number_perm+0x246/0x630 [ 1691.833092][T25398] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1691.833122][T25398] ? fuse_dentry_settime+0x22a/0x4d0 [ 1691.833153][T25398] ? d_splice_alias_ops+0x117/0x3d0 [ 1691.833184][T25398] ? fuse_lookup+0x4ab/0x4e0 [ 1691.833222][T25398] ? __pfx_fuse_lookup+0x10/0x10 [ 1691.833278][T25398] ? __pfx_current_check_access_path+0x10/0x10 [ 1691.833315][T25398] ? lookup_one_qstr_excl+0x1d8/0x360 [ 1691.833354][T25398] tomoyo_path_mkdir+0xb0/0xf0 [ 1691.833379][T25398] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 1691.833408][T25398] ? __pfx_filename_create+0x10/0x10 [ 1691.833439][T25398] security_path_mkdir+0x169/0x350 [ 1691.833466][T25398] filename_mkdirat+0x200/0x510 [ 1691.833501][T25398] ? __pfx_filename_mkdirat+0x10/0x10 [ 1691.833526][T25398] ? strncpy_from_user+0x150/0x2b0 [ 1691.833562][T25398] ? do_getname+0x151/0x250 [ 1691.833595][T25398] __se_sys_mkdirat+0x35/0x150 [ 1691.833626][T25398] __do_fast_syscall_32+0x20d/0x640 [ 1691.833659][T25398] ? do_fast_syscall_32+0x33/0x70 [ 1691.833688][T25398] ? asm_int80_emulation+0x1a/0x20 [ 1691.833708][T25398] ? do_int80_emulation+0x274/0x4d0 [ 1691.833737][T25398] ? trace_irq_disable+0x3b/0x150 [ 1691.833765][T25398] do_fast_syscall_32+0x33/0x70 [ 1691.833796][T25398] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1691.833822][T25398] RIP: 0023:0xf7fe6f6c [ 1691.833842][T25398] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1691.833861][T25398] RSP: 002b:00000000f54a650c EFLAGS: 00000206 ORIG_RAX: 0000000000000128 [ 1691.833885][T25398] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000900 [ 1691.833901][T25398] RDX: 0000000000000062 RSI: 0000000000000000 RDI: 0000000000000000 [ 1691.833914][T25398] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1691.833927][T25398] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1691.833941][T25398] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1691.833972][T25398] [ 1691.834125][T25398] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1693.047238][T25430] binder: BINDER_SET_CONTEXT_MGR already set [ 1693.053755][T25430] binder: 25413:25430 ioctl 4018620d 80000100 returned -16 [ 1695.178012][T25438] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5165'. [ 1695.792435][T25451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1695.833934][T25451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1696.091508][T11438] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1696.356419][T25455] fuse: Unknown parameter ' 0 total_states 0 peak_states 0 mark_read 0 [ 1696.356419][T25455] ' [ 1696.365228][T11438] usb 5-1: Using ep0 maxpacket: 32 [ 1696.410665][T11438] usb 5-1: config index 0 descriptor too short (expected 164, got 36) [ 1696.429223][T11438] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1696.453100][T11438] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1696.551099][T11438] usb 5-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 1696.602446][T11438] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1696.653202][T11438] usb 5-1: config 0 descriptor?? [ 1696.720815][T25467] FAULT_INJECTION: forcing a failure. [ 1696.720815][T25467] name failslab, interval 1, probability 0, space 0, times 0 [ 1696.783287][T25467] CPU: 1 UID: 0 PID: 25467 Comm: syz.2.5174 Tainted: G L syzkaller #0 PREEMPT(full) [ 1696.783318][T25467] Tainted: [L]=SOFTLOCKUP [ 1696.783324][T25467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1696.783334][T25467] Call Trace: [ 1696.783341][T25467] [ 1696.783348][T25467] dump_stack_lvl+0xe8/0x150 [ 1696.783375][T25467] should_fail_ex+0x412/0x560 [ 1696.783402][T25467] ? alloc_inode+0x6a/0x1b0 [ 1696.783426][T25467] should_failslab+0xa8/0x100 [ 1696.783448][T25467] kmem_cache_alloc_lru_noprof+0x87/0x640 [ 1696.783466][T25467] ? simple_start_creating+0xcc/0x110 [ 1696.783486][T25467] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1696.783505][T25467] alloc_inode+0x6a/0x1b0 [ 1696.783531][T25467] new_inode+0x22/0x170 [ 1696.783558][T25467] __debugfs_create_file+0xb8/0x400 [ 1696.783579][T25467] debugfs_create_file_full+0x3f/0x60 [ 1696.783600][T25467] ref_tracker_dir_debugfs+0x197/0x360 [ 1696.783618][T25467] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1696.783655][T25467] ? __kvmalloc_node_noprof+0x545/0x8a0 [ 1696.783675][T25467] ? alloc_netdev_mqs+0xa6/0x11b0 [ 1696.783701][T25467] ? __raw_spin_lock_init+0x45/0x100 [ 1696.783721][T25467] alloc_netdev_mqs+0x272/0x11b0 [ 1696.783744][T25467] ? __pfx_vlan_setup+0x10/0x10 [ 1696.783768][T25467] rtnl_create_link+0x31f/0xd70 [ 1696.783802][T25467] rtnl_newlink_create+0x277/0xb70 [ 1696.783823][T25467] ? __pfx___nla_validate_parse+0x10/0x10 [ 1696.783849][T25467] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1696.783872][T25467] ? __pfx___mutex_lock+0x10/0x10 [ 1696.783902][T25467] ? ns_capable+0x89/0xe0 [ 1696.783925][T25467] rtnl_newlink+0x1666/0x1be0 [ 1696.783954][T25467] ? __pfx_rtnl_newlink+0x10/0x10 [ 1696.783969][T25467] ? do_fast_syscall_32+0x33/0x70 [ 1696.783991][T25467] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1696.784037][T25467] ? kasan_quarantine_put+0xbb/0x1f0 [ 1696.784055][T25467] ? lockdep_hardirqs_on+0x7a/0x110 [ 1696.784079][T25467] ? kmem_cache_free+0x187/0x630 [ 1696.784097][T25467] ? nlmon_xmit+0xb0/0x100 [ 1696.784125][T25467] ? __lock_acquire+0x6b5/0x2cf0 [ 1696.784150][T25467] ? __local_bh_enable_ip+0xd0/0x130 [ 1696.784170][T25467] ? lockdep_hardirqs_on+0x7a/0x110 [ 1696.784190][T25467] ? __dev_queue_xmit+0x277/0x3890 [ 1696.784211][T25467] ? __local_bh_enable_ip+0xd0/0x130 [ 1696.784230][T25467] ? __dev_queue_xmit+0x277/0x3890 [ 1696.784270][T25467] ? __pfx_rtnl_newlink+0x10/0x10 [ 1696.784286][T25467] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1696.784306][T25467] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1696.784323][T25467] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1696.784339][T25467] ? ref_tracker_free+0x693/0x840 [ 1696.784353][T25467] ? __copy_skb_header+0xa3/0x4a0 [ 1696.784375][T25467] ? __pfx_ref_tracker_free+0x10/0x10 [ 1696.784390][T25467] ? __skb_clone+0x63/0x7a0 [ 1696.784417][T25467] netlink_rcv_skb+0x232/0x4b0 [ 1696.784434][T25467] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1696.784453][T25467] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1696.784478][T25467] ? netlink_deliver_tap+0x2e/0x1b0 [ 1696.784500][T25467] netlink_unicast+0x80f/0x9b0 [ 1696.784531][T25467] ? __pfx_netlink_unicast+0x10/0x10 [ 1696.784556][T25467] ? netlink_sendmsg+0x650/0xb40 [ 1696.784572][T25467] ? skb_put+0x11b/0x210 [ 1696.784592][T25467] netlink_sendmsg+0x813/0xb40 [ 1696.784617][T25467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1696.784637][T25467] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1696.784662][T25467] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1696.784683][T25467] ____sys_sendmsg+0x972/0x9f0 [ 1696.784712][T25467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1696.784736][T25467] ? kstrtoull+0x12f/0x1d0 [ 1696.784765][T25467] ___sys_sendmsg+0x2a5/0x360 [ 1696.784795][T25467] ? __pfx____sys_sendmsg+0x10/0x10 [ 1696.784818][T25467] ? get_pid_task+0x20/0x1f0 [ 1696.784833][T25467] ? get_pid_task+0x20/0x1f0 [ 1696.784846][T25467] ? get_pid_task+0x20/0x1f0 [ 1696.784881][T25467] ? __fget_files+0x2a/0x420 [ 1696.784895][T25467] ? __fget_files+0x3a0/0x420 [ 1696.784917][T25467] __sys_sendmsg+0x183/0x260 [ 1696.784940][T25467] ? __pfx___sys_sendmsg+0x10/0x10 [ 1696.784977][T25467] __do_fast_syscall_32+0x20d/0x640 [ 1696.785001][T25467] ? do_fast_syscall_32+0x33/0x70 [ 1696.785023][T25467] ? asm_int80_emulation+0x1a/0x20 [ 1696.785058][T25467] ? do_int80_emulation+0x274/0x4d0 [ 1696.785095][T25467] do_fast_syscall_32+0x33/0x70 [ 1696.785127][T25467] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1696.785155][T25467] RIP: 0023:0xf70cef6c [ 1696.785179][T25467] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1696.785193][T25467] RSP: 002b:00000000f54bd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1696.785210][T25467] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 1696.785221][T25467] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1696.785231][T25467] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1696.785240][T25467] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1696.785250][T25467] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1696.785272][T25467] [ 1696.785398][T25467] debugfs: out of free dentries, can not create file 'netdev@ffff888034a82620' [ 1697.310851][T11438] logitech 0003:046D:C29C.0066: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.4-1/input0 [ 1697.477707][T25472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1697.498676][T25472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1697.523787][T25453] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5169'. [ 1697.549481][T11438] logitech 0003:046D:C29C.0066: no inputs found [ 1697.561594][T25472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1697.651807][T25472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1697.676469][T11438] usb 5-1: USB disconnect, device number 47 [ 1697.692441][T25478] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 1697.713948][T25478] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1700.109149][T25500] ipip0: entered promiscuous mode [ 1700.114786][T25500] ipip0: entered allmulticast mode [ 1700.317199][T25500] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5184'. [ 1700.544897][T25500] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5184'. [ 1701.137858][T25517] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1702.158497][T25521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1702.207958][T25521] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1702.470942][T25529] FAULT_INJECTION: forcing a failure. [ 1702.470942][T25529] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1702.546167][T25529] CPU: 1 UID: 0 PID: 25529 Comm: syz.0.5193 Tainted: G L syzkaller #0 PREEMPT(full) [ 1702.546203][T25529] Tainted: [L]=SOFTLOCKUP [ 1702.546212][T25529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1702.546225][T25529] Call Trace: [ 1702.546234][T25529] [ 1702.546244][T25529] dump_stack_lvl+0xe8/0x150 [ 1702.546280][T25529] should_fail_ex+0x412/0x560 [ 1702.546328][T25529] _copy_from_user+0x2d/0xb0 [ 1702.546356][T25529] get_compat_msghdr+0xb3/0x4c0 [ 1702.546390][T25529] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1702.546421][T25529] ? kfree+0x4d/0x630 [ 1702.546450][T25529] ___sys_recvmsg+0x1dd/0x590 [ 1702.546485][T25529] ? __lock_acquire+0x6b5/0x2cf0 [ 1702.546514][T25529] ? __pfx____sys_recvmsg+0x10/0x10 [ 1702.546582][T25529] do_recvmmsg+0x3a5/0x800 [ 1702.546622][T25529] ? __pfx_do_recvmmsg+0x10/0x10 [ 1702.546666][T25529] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1702.546704][T25529] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1702.546744][T25529] __sys_recvmmsg+0x1a5/0x290 [ 1702.546778][T25529] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1702.546810][T25529] ? ksys_write+0x242/0x270 [ 1702.546842][T25529] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 1702.546875][T25529] __do_fast_syscall_32+0x20d/0x640 [ 1702.546909][T25529] ? do_fast_syscall_32+0x33/0x70 [ 1702.546939][T25529] ? asm_int80_emulation+0x1a/0x20 [ 1702.546961][T25529] ? do_int80_emulation+0x274/0x4d0 [ 1702.546991][T25529] ? trace_irq_disable+0x3b/0x150 [ 1702.547016][T25529] do_fast_syscall_32+0x33/0x70 [ 1702.547048][T25529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1702.547075][T25529] RIP: 0023:0xf7f75f6c [ 1702.547095][T25529] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1702.547115][T25529] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 1702.547138][T25529] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000d80 [ 1702.547165][T25529] RDX: 0000000000000003 RSI: 0000000000012000 RDI: 0000000000000000 [ 1702.547178][T25529] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1702.547192][T25529] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1702.547205][T25529] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1702.547235][T25529] [ 1702.603363][T25531] FAULT_INJECTION: forcing a failure. [ 1702.603363][T25531] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.836051][T25531] CPU: 1 UID: 0 PID: 25531 Comm: syz.5.5194 Tainted: G L syzkaller #0 PREEMPT(full) [ 1702.836087][T25531] Tainted: [L]=SOFTLOCKUP [ 1702.836096][T25531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1702.836110][T25531] Call Trace: [ 1702.836119][T25531] [ 1702.836129][T25531] dump_stack_lvl+0xe8/0x150 [ 1702.836165][T25531] should_fail_ex+0x412/0x560 [ 1702.836206][T25531] should_failslab+0xa8/0x100 [ 1702.836236][T25531] ? ptlock_alloc+0x20/0x70 [ 1702.836258][T25531] kmem_cache_alloc_noprof+0x87/0x650 [ 1702.836300][T25531] ptlock_alloc+0x20/0x70 [ 1702.836322][T25531] pte_alloc_one+0x7a/0x370 [ 1702.836360][T25531] __pte_alloc+0x25/0x1a0 [ 1702.836391][T25531] do_pte_missing+0x2c47/0x3490 [ 1702.836422][T25531] ? do_raw_spin_unlock+0xf5/0x210 [ 1702.836457][T25531] handle_mm_fault+0x1bec/0x3310 [ 1702.836506][T25531] ? handle_mm_fault+0xee/0x3310 [ 1702.836548][T25531] ? __pfx_handle_mm_fault+0x10/0x10 [ 1702.836603][T25531] ? lock_mm_and_find_vma+0xa7/0x340 [ 1702.836632][T25531] do_user_addr_fault+0x75b/0x1340 [ 1702.836678][T25531] exc_page_fault+0x6a/0xc0 [ 1702.836709][T25531] asm_exc_page_fault+0x26/0x30 [ 1702.836732][T25531] RIP: 0010:__get_user_4+0x14/0x20 [ 1702.836756][T25531] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 1702.836777][T25531] RSP: 0018:ffffc90003ed7d10 EFLAGS: 00050283 [ 1702.836798][T25531] RAX: 0000000080000080 RBX: 0000000080000080 RCX: 0000000000000046 [ 1702.836814][T25531] RDX: 00007ffffffff000 RSI: ffffffff8e16c66f RDI: ffffffff8c27d580 [ 1702.836831][T25531] RBP: 0000000000002712 R08: ffffffff8216855f R09: ffff88803698a800 [ 1702.836858][T25531] R10: 0000000000000000 R11: ffffffff8af1f930 R12: ffff88801df00840 [ 1702.836873][T25531] R13: 0000000000000114 R14: 0000000000000000 R15: dffffc0000000000 [ 1702.836892][T25531] ? __pfx_rds_getsockopt+0x10/0x10 [ 1702.836922][T25531] ? __might_fault+0xaf/0x130 [ 1702.836950][T25531] rds_getsockopt+0x85/0x500 [ 1702.836978][T25531] ? __pfx_rds_getsockopt+0x10/0x10 [ 1702.837008][T25531] do_sock_getsockopt+0x2d3/0x3f0 [ 1702.837041][T25531] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1702.837070][T25531] ? __fget_files+0x2a/0x420 [ 1702.837090][T25531] ? __fget_files+0x3a0/0x420 [ 1702.837108][T25531] ? __fget_files+0x2a/0x420 [ 1702.837133][T25531] __ia32_sys_getsockopt+0x1a4/0x240 [ 1702.837170][T25531] __do_fast_syscall_32+0x20d/0x640 [ 1702.837203][T25531] ? do_fast_syscall_32+0x33/0x70 [ 1702.837232][T25531] ? asm_int80_emulation+0x1a/0x20 [ 1702.837253][T25531] ? do_int80_emulation+0x274/0x4d0 [ 1702.837282][T25531] ? trace_irq_disable+0x3b/0x150 [ 1702.837313][T25531] do_fast_syscall_32+0x33/0x70 [ 1702.837345][T25531] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1702.837371][T25531] RIP: 0023:0xf7f95f6c [ 1702.837390][T25531] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1702.837409][T25531] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 1702.837430][T25531] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000114 [ 1702.837456][T25531] RDX: 0000000000002712 RSI: 0000000000000000 RDI: 0000000080000080 [ 1702.837469][T25531] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1702.837481][T25531] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1702.837493][T25531] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1702.837523][T25531] [ 1703.193824][T17507] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1703.237228][T25533] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5195'. [ 1703.246442][T25533] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0 [ 1703.254864][T25533] netlink: 'syz.0.5195': attribute type 13 has an invalid length. [ 1703.350789][T25533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1703.412035][T17507] usb 5-1: device descriptor read/64, error -71 [ 1703.539282][T25540] program syz.2.5199 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1703.554542][T25540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1703.564401][T25540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1703.651168][T17507] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1703.776356][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1703.776378][ T30] audit: type=1326 audit(1775782906.139:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25548 comm="syz.2.5201" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0 [ 1703.791393][T17507] usb 5-1: device descriptor read/64, error -71 [ 1703.871615][T25552] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5201'. [ 1703.954424][T17507] usb usb5-port1: attempt power cycle [ 1704.034572][T25553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5201'. [ 1704.304694][T17507] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1704.362963][T17507] usb 5-1: device descriptor read/8, error -71 [ 1704.631265][T17507] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1704.662647][T17507] usb 5-1: device descriptor read/8, error -71 [ 1704.676975][T25569] binder: 25567:25569 ioctl 8004e500 80000040 returned -22 [ 1704.686676][T25569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5206'. [ 1704.784187][ T5921] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1704.796745][T17507] usb usb5-port1: unable to enumerate USB device [ 1704.961201][ T5921] usb 4-1: Using ep0 maxpacket: 8 [ 1704.976509][ T5921] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1704.998201][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1705.125975][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1705.141160][ T5921] pvrusb2: ********** [ 1705.174774][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1705.194538][ T5921] pvrusb2: Important functionality might not be entirely working. [ 1705.223906][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1705.271695][ T5921] pvrusb2: ********** [ 1705.317906][ T2345] pvrusb2: Invalid write control endpoint [ 1705.463132][T25578] tls_set_device_offload_rx: netdev not found [ 1705.489377][ T2345] pvrusb2: Invalid write control endpoint [ 1705.489432][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1705.489455][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1705.489465][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1705.489478][ T2345] pvrusb2: Device being rendered inoperable [ 1705.497220][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1705.497336][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 1705.518901][ T2345] pvrusb2: Attached sub-driver cx25840 [ 1705.518961][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1705.518976][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1705.666397][T25585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5211'. [ 1706.015480][T25591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1706.015797][T25591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1706.030252][T25591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1706.030573][T25591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1706.289545][T25593] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.5214'. [ 1706.290083][T25593] netlink: Unknown conntrack attr (0) [ 1706.944956][T25599] ptrace attach of "./syz-executor exec"[14928] was attempted by "./syz-executor exec"[25599] [ 1707.587871][T25611] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1707.722439][T25615] bridge0: port 1(erspan0) entered blocking state [ 1707.729386][T25615] bridge0: port 1(erspan0) entered disabled state [ 1707.743881][T25615] erspan0: entered allmulticast mode [ 1707.763022][T25615] erspan0: entered promiscuous mode [ 1707.768893][T25615] bridge0: port 1(erspan0) entered blocking state [ 1707.775840][T25615] bridge0: port 1(erspan0) entered forwarding state [ 1707.815396][T25616] erspan0: left allmulticast mode [ 1707.872462][T25616] erspan0: left promiscuous mode [ 1707.883541][T25616] bridge0: port 1(erspan0) entered disabled state [ 1708.617109][ T1209] usb 4-1: USB disconnect, device number 16 [ 1708.710480][T25627] batadv0: entered promiscuous mode [ 1708.751525][T25627] macsec1: entered promiscuous mode [ 1708.774157][T25627] batadv0: left promiscuous mode [ 1708.997068][T25633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1709.021974][T25633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1709.068401][T25633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1709.091558][T25633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1709.493444][T25640] netlink: 'syz.4.5228': attribute type 1 has an invalid length. [ 1709.511880][T25640] netlink: 'syz.4.5228': attribute type 2 has an invalid length. [ 1710.381859][T25655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1710.390875][T25655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1710.403926][T25655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5233'. [ 1711.907010][T25660] bridge0: Caught tx_queue_len zero misconfig [ 1712.021431][T25664] ptrace attach of "./syz-executor exec"[17882] was attempted by "./syz-executor exec"[25664] [ 1712.412713][T25674] netlink: 'syz.4.5239': attribute type 1 has an invalid length. [ 1712.421308][T25674] netlink: 'syz.4.5239': attribute type 2 has an invalid length. [ 1712.658810][T25678] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1713.595886][T25684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1713.605490][T25684] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1713.647956][T17507] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1713.950737][T17507] usb 5-1: Using ep0 maxpacket: 16 [ 1714.229547][T17507] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1714.267575][T17507] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 1714.297051][T17507] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 1714.571399][T17507] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1714.609587][T17507] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1714.648677][T17507] usb 5-1: SerialNumber: syz [ 1714.689323][T17507] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 1714.705226][T17507] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 1714.729537][T17507] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 1715.759054][T25702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1715.831785][T25702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1716.610670][T17507] usb 5-1: USB disconnect, device number 52 [ 1717.143129][T25718] sctp: [Deprecated]: syz.0.5250 (pid 25718) Use of int in maxseg socket option. [ 1717.143129][T25718] Use struct sctp_assoc_value instead [ 1717.213265][T25720] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5250'. [ 1717.230618][T25720] openvswitch: netlink: Key type 2055 is out of range max 32 [ 1717.841730][T20652] usb 6-1: new high-speed USB device number 106 using dummy_hcd [ 1718.000812][T20652] usb 6-1: Using ep0 maxpacket: 8 [ 1718.018416][T20652] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1718.070430][T20652] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1718.101200][T20652] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1718.138759][T20652] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1718.172070][T20652] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1718.204119][T20652] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1718.224414][T25738] ptrace attach of "./syz-executor exec"[17882] was attempted by "./syz-executor exec"[25738] [ 1718.493594][T25733] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1718.517963][T20652] usb 6-1: GET_CAPABILITIES returned 0 [ 1718.530085][T20652] usbtmc 6-1:16.0: can't read capabilities [ 1719.496682][T25743] netlink: 'syz.4.5257': attribute type 1 has an invalid length. [ 1719.561995][T25743] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1719.607275][T25745] bond4: (slave veth1_to_team): Enslaving as a backup interface with an up link [ 1719.617768][T25747] FAULT_INJECTION: forcing a failure. [ 1719.617768][T25747] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1719.667292][T25747] CPU: 1 UID: 0 PID: 25747 Comm: syz.2.5258 Tainted: G L syzkaller #0 PREEMPT(full) [ 1719.667331][T25747] Tainted: [L]=SOFTLOCKUP [ 1719.667336][T25747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1719.667345][T25747] Call Trace: [ 1719.667351][T25747] [ 1719.667358][T25747] dump_stack_lvl+0xe8/0x150 [ 1719.667383][T25747] should_fail_ex+0x412/0x560 [ 1719.667437][T25747] _copy_from_user+0x2d/0xb0 [ 1719.667464][T25747] sctp_getsockopt_local_addrs+0x116/0xf10 [ 1719.667505][T25747] ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10 [ 1719.667521][T25747] ? do_raw_spin_lock+0x12b/0x2f0 [ 1719.667538][T25747] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1719.667560][T25747] ? __local_bh_enable_ip+0xd0/0x130 [ 1719.667582][T25747] sctp_getsockopt+0x68f/0xb90 [ 1719.667599][T25747] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1719.667616][T25747] do_sock_getsockopt+0x2d3/0x3f0 [ 1719.667637][T25747] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1719.667657][T25747] ? __fget_files+0x2a/0x420 [ 1719.667670][T25747] ? __fget_files+0x3a0/0x420 [ 1719.667682][T25747] ? __fget_files+0x2a/0x420 [ 1719.667699][T25747] __ia32_sys_getsockopt+0x1a4/0x240 [ 1719.667723][T25747] __do_fast_syscall_32+0x20d/0x640 [ 1719.667744][T25747] ? do_fast_syscall_32+0x33/0x70 [ 1719.667764][T25747] ? asm_int80_emulation+0x1a/0x20 [ 1719.667777][T25747] ? do_int80_emulation+0x274/0x4d0 [ 1719.667795][T25747] ? trace_irq_disable+0x3b/0x150 [ 1719.667811][T25747] do_fast_syscall_32+0x33/0x70 [ 1719.667831][T25747] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1719.667850][T25747] RIP: 0023:0xf70cef6c [ 1719.667863][T25747] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1719.667876][T25747] RSP: 002b:00000000f54bd50c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 1719.667891][T25747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 1719.667905][T25747] RDX: 000000000000006d RSI: 00000000800002c0 RDI: 0000000080000040 [ 1719.667915][T25747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1719.667923][T25747] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1719.667932][T25747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1719.667953][T25747] [ 1720.293092][T25749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1720.311674][T25749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1720.346507][T25749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1720.371942][T25749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1720.504545][ T1209] usb 6-1: USB disconnect, device number 106 [ 1720.545727][T25759] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1722.701994][T25791] program syz.4.5271 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1722.880345][T25793] FAULT_INJECTION: forcing a failure. [ 1722.880345][T25793] name failslab, interval 1, probability 0, space 0, times 0 [ 1722.947551][T25793] CPU: 0 UID: 0 PID: 25793 Comm: syz.2.5272 Tainted: G L syzkaller #0 PREEMPT(full) [ 1722.947587][T25793] Tainted: [L]=SOFTLOCKUP [ 1722.947596][T25793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1722.947610][T25793] Call Trace: [ 1722.947628][T25793] [ 1722.947638][T25793] dump_stack_lvl+0xe8/0x150 [ 1722.947674][T25793] should_fail_ex+0x412/0x560 [ 1722.947715][T25793] should_failslab+0xa8/0x100 [ 1722.947744][T25793] ? mas_alloc_nodes+0x291/0x350 [ 1722.947771][T25793] kmem_cache_alloc_noprof+0x87/0x650 [ 1722.947805][T25793] mas_alloc_nodes+0x291/0x350 [ 1722.947836][T25793] mas_preallocate+0x2d6/0x640 [ 1722.947866][T25793] ? rcu_is_watching+0x15/0xb0 [ 1722.947898][T25793] ? __pfx_mas_preallocate+0x10/0x10 [ 1722.947938][T25793] ? __mas_set_range+0x12f/0x3c0 [ 1722.947976][T25793] __split_vma+0x318/0xa40 [ 1722.948022][T25793] ? __pfx___split_vma+0x10/0x10 [ 1722.948065][T25793] ? mas_find+0xb0e/0xd30 [ 1722.948100][T25793] vms_gather_munmap_vmas+0x4fa/0x1370 [ 1722.948150][T25793] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 1722.948192][T25793] ? mas_find+0xa7d/0xd30 [ 1722.948225][T25793] mmap_region+0x7f5/0x22a0 [ 1722.948264][T25793] ? tomoyo_check_open_permission+0x38e/0x470 [ 1722.948298][T25793] ? tomoyo_check_open_permission+0x1d3/0x470 [ 1722.948332][T25793] ? __pfx_mmap_region+0x10/0x10 [ 1722.948364][T25793] ? __lock_acquire+0x6b5/0x2cf0 [ 1722.948400][T25793] ? __lock_acquire+0x6b5/0x2cf0 [ 1722.948430][T25793] ? __lock_acquire+0x6b5/0x2cf0 [ 1722.948470][T25793] ? unwind_next_frame+0xa5/0x23c0 [ 1722.948546][T25793] ? aa_file_perm+0x192/0x15e0 [ 1722.948596][T25793] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 1722.948654][T25793] ? __lock_acquire+0x6b5/0x2cf0 [ 1722.948693][T25793] ? cap_mmap_addr+0xaf/0x100 [ 1722.948736][T25793] ? bpf_lsm_mmap_addr+0x9/0x50 [ 1722.948764][T25793] ? security_mmap_addr+0x71/0x240 [ 1722.948796][T25793] ? shmem_mapping+0xd/0x50 [ 1722.948829][T25793] ? memfd_check_seals_mmap+0xc5/0x200 [ 1722.948867][T25793] do_mmap+0xc39/0x10c0 [ 1722.948912][T25793] ? __pfx_do_mmap+0x10/0x10 [ 1722.948942][T25793] ? down_write_killable+0x180/0x240 [ 1722.948979][T25793] ? __pfx_down_write_killable+0x10/0x10 [ 1722.949013][T25793] ? apparmor_mmap_file+0x2da/0x3e0 [ 1722.949058][T25793] vm_mmap_pgoff+0x2c9/0x4f0 [ 1722.949095][T25793] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1722.949125][T25793] ? __fget_files+0x2a/0x420 [ 1722.949147][T25793] ? __fget_files+0x2a/0x420 [ 1722.949184][T25793] ? __fget_files+0x2a/0x420 [ 1722.949209][T25793] ksys_mmap_pgoff+0x51e/0x760 [ 1722.949250][T25793] __do_fast_syscall_32+0x20d/0x640 [ 1722.949283][T25793] ? do_fast_syscall_32+0x33/0x70 [ 1722.949313][T25793] ? asm_int80_emulation+0x1a/0x20 [ 1722.949335][T25793] ? do_int80_emulation+0x274/0x4d0 [ 1722.949364][T25793] ? trace_irq_disable+0x3b/0x150 [ 1722.949388][T25793] do_fast_syscall_32+0x33/0x70 [ 1722.949420][T25793] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1722.949447][T25793] RIP: 0023:0xf70cef6c [ 1722.949467][T25793] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1722.949487][T25793] RSP: 002b:00000000f54bd50c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0 [ 1722.949511][T25793] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000002000 [ 1722.949527][T25793] RDX: 0000000000000005 RSI: 0000000000000012 RDI: 0000000000000003 [ 1722.949540][T25793] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1722.949553][T25793] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1722.949565][T25793] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1722.949596][T25793] [ 1723.684081][T25797] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5275'. [ 1723.712136][T25799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1723.730904][T25797] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5275'. [ 1723.740754][T17507] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1723.749858][T25799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1723.793989][T25797] bridge0: entered promiscuous mode [ 1723.800849][T25797] ip6gretap0: entered promiscuous mode [ 1723.821401][T25797] debugfs: 'hsr1' already exists in 'hsr' [ 1723.831632][T25797] Cannot create hsr debugfs directory [ 1723.855527][T25797] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network [ 1723.911422][T17507] usb 5-1: Using ep0 maxpacket: 16 [ 1723.919056][T17507] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1723.931812][T17507] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1723.981348][T17507] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1723.994928][T17507] usb 5-1: Product: syz [ 1723.999141][T17507] usb 5-1: Manufacturer: syz [ 1724.186008][T17507] usb 5-1: SerialNumber: syz [ 1724.217404][T17507] usb 5-1: config 0 descriptor?? [ 1724.244015][T17507] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1724.275479][T17507] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 1724.765478][T25818] netlink: 'syz.2.5278': attribute type 1 has an invalid length. [ 1724.870387][T17507] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1724.994917][T25822] netlink: 'syz.0.5280': attribute type 10 has an invalid length. [ 1725.039705][T25820] ip6erspan0: entered promiscuous mode [ 1725.227227][T25818] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1725.405006][T25795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1725.420949][T25795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1725.559380][T17507] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1725.567715][T17507] em28xx 5-1:0.0: board has no eeprom [ 1725.696672][T17507] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1725.752813][T17507] em28xx 5-1:0.0: dvb set to bulk mode. [ 1725.767778][ T5921] em28xx 5-1:0.0: Binding DVB extension [ 1725.781692][T20652] usb 6-1: new high-speed USB device number 107 using dummy_hcd [ 1725.798333][T17507] usb 5-1: USB disconnect, device number 53 [ 1725.829085][T17507] em28xx 5-1:0.0: Disconnecting em28xx [ 1725.942075][T20652] usb 6-1: Using ep0 maxpacket: 16 [ 1725.952587][ T5921] em28xx 5-1:0.0: Registering input extension [ 1725.970215][T20652] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1725.970218][T17507] em28xx 5-1:0.0: Closing input extension [ 1725.970252][T20652] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 1726.080517][T17507] em28xx 5-1:0.0: Freeing device [ 1726.129453][T20652] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 1726.227048][T20652] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1726.267202][T20652] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1726.303595][T20652] usb 6-1: SerialNumber: syz [ 1726.375814][T20652] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 1726.407312][T20652] cdc_acm 6-1:1.0: This needs exactly 3 endpoints [ 1726.431059][T20652] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22 [ 1726.471257][T25839] bridge0: left promiscuous mode [ 1726.497594][T25839] bridge0: port 2(bridge_slave_1) entered disabled state [ 1726.504978][T25839] bridge0: port 1(bridge_slave_0) entered disabled state [ 1726.556291][T25839] team0: Port device bridge0 removed [ 1726.648667][T25839] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1727.095837][T25850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1727.115909][T25850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1727.498580][T25856] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1728.574701][ T797] usb 6-1: USB disconnect, device number 107 [ 1728.747240][T25871] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1729.061123][ T1209] usb 6-1: new high-speed USB device number 108 using dummy_hcd [ 1729.168782][ T10] usb 5-1: new full-speed USB device number 54 using dummy_hcd [ 1729.253315][ T1209] usb 6-1: Using ep0 maxpacket: 16 [ 1729.262064][ T1209] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1729.306803][ T1209] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1729.331276][ T1209] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1729.351039][ T1209] usb 6-1: Product: syz [ 1729.359646][ T1209] usb 6-1: Manufacturer: syz [ 1729.369987][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1729.380932][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1729.395492][ T1209] usb 6-1: SerialNumber: syz [ 1729.411525][ T1209] usb 6-1: config 0 descriptor?? [ 1729.433153][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1729.450217][ T1209] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1729.461473][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1729.469664][ T1209] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 1729.931223][ T10] usb 5-1: usb_control_msg returned -32 [ 1729.936928][ T10] usbtmc 5-1:16.0: can't read capabilities [ 1730.152641][ T1209] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 1730.362735][T25887] FAULT_INJECTION: forcing a failure. [ 1730.362735][T25887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1730.406063][T25887] CPU: 0 UID: 0 PID: 25887 Comm: syz.2.5298 Tainted: G L syzkaller #0 PREEMPT(full) [ 1730.406100][T25887] Tainted: [L]=SOFTLOCKUP [ 1730.406109][T25887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1730.406123][T25887] Call Trace: [ 1730.406133][T25887] [ 1730.406143][T25887] dump_stack_lvl+0xe8/0x150 [ 1730.406180][T25887] should_fail_ex+0x412/0x560 [ 1730.406222][T25887] _copy_to_user+0x31/0xb0 [ 1730.406253][T25887] simple_read_from_buffer+0xe1/0x170 [ 1730.406293][T25887] proc_fail_nth_read+0x1bb/0x230 [ 1730.406330][T25887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1730.406368][T25887] ? rw_verify_area+0x2a6/0x4d0 [ 1730.406394][T25887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1730.406430][T25887] vfs_read+0x20c/0xa70 [ 1730.406454][T25887] ? fdget_pos+0x246/0x320 [ 1730.406481][T25887] ? __pfx___mutex_lock+0x10/0x10 [ 1730.406515][T25887] ? __pfx_vfs_read+0x10/0x10 [ 1730.406543][T25887] ? __fget_files+0x2a/0x420 [ 1730.406569][T25887] ? __fget_files+0x3a0/0x420 [ 1730.406588][T25887] ? __fget_files+0x2a/0x420 [ 1730.406619][T25887] ksys_read+0x150/0x270 [ 1730.406647][T25887] ? __pfx_ksys_read+0x10/0x10 [ 1730.406678][T25887] ? asm_int80_emulation+0x1a/0x20 [ 1730.406712][T25887] do_int80_emulation+0x173/0x4d0 [ 1730.406745][T25887] ? trace_irq_disable+0x3b/0x150 [ 1730.406765][T25887] ? asm_int80_emulation+0x1a/0x20 [ 1730.406799][T25887] ? clear_bhb_loop+0x40/0x90 [ 1730.406828][T25887] ? clear_bhb_loop+0x40/0x90 [ 1730.406856][T25887] asm_int80_emulation+0x1a/0x20 [ 1730.406878][T25887] RIP: 0023:0xf7205cab [ 1730.406898][T25887] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 1730.406918][T25887] RSP: 002b:00000000f54bd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1730.406953][T25887] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54bd5d0 [ 1730.406967][T25887] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 1730.406979][T25887] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1730.406991][T25887] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1730.407004][T25887] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1730.407034][T25887] [ 1730.650974][T25873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1730.659772][T25873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1730.688158][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.695286][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.703086][ T1209] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1730.711159][ T1209] em28xx 6-1:0.0: board has no eeprom [ 1730.881063][ T1209] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1730.891610][ T1209] em28xx 6-1:0.0: dvb set to bulk mode. [ 1730.897312][T11765] em28xx 6-1:0.0: Binding DVB extension [ 1730.911690][ T1209] usb 6-1: USB disconnect, device number 108 [ 1730.919314][ T1209] em28xx 6-1:0.0: Disconnecting em28xx [ 1731.005385][ C0] vcan0: j1939_tp_rxtimer: 0xffff88803202f800: rx timeout, send abort [ 1731.014639][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88803202f800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1731.046109][T11765] em28xx 6-1:0.0: Registering input extension [ 1731.085164][ T1209] em28xx 6-1:0.0: Closing input extension [ 1731.146727][ T1209] em28xx 6-1:0.0: Freeing device [ 1731.851361][T25907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1731.941222][T17507] usb 5-1: USB disconnect, device number 54 [ 1732.115509][T19986] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1732.134986][T19986] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1732.145199][T19986] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1732.187730][T19986] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1732.197393][T19986] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1732.488915][T25915] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5303'. [ 1733.755877][T25933] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1734.415801][ T5838] Bluetooth: hci4: command tx timeout [ 1734.805768][T25914] chnl_net:caif_netlink_parms(): no params data found [ 1735.109218][T25948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1735.245402][T25914] bridge0: port 1(bridge_slave_0) entered blocking state [ 1735.283117][T25914] bridge0: port 1(bridge_slave_0) entered disabled state [ 1735.290658][T25914] bridge_slave_0: entered allmulticast mode [ 1735.299258][T25914] bridge_slave_0: entered promiscuous mode [ 1735.308415][T25914] bridge0: port 2(bridge_slave_1) entered blocking state [ 1735.317341][T25914] bridge0: port 2(bridge_slave_1) entered disabled state [ 1735.326756][T25914] bridge_slave_1: entered allmulticast mode [ 1735.338150][T25914] bridge_slave_1: entered promiscuous mode [ 1735.388843][T25914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1735.404545][T25914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1735.462890][T25914] team0: Port device team_slave_0 added [ 1735.479809][T25914] team0: Port device team_slave_1 added [ 1735.544474][T25914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1735.552571][T25914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1735.608434][T25914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1735.631687][T17507] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1735.643004][T25914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1735.649997][T25914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1735.685495][T25914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1735.771488][T25914] hsr_slave_0: entered promiscuous mode [ 1735.778395][T25914] hsr_slave_1: entered promiscuous mode [ 1735.787175][T25914] debugfs: 'hsr0' already exists in 'hsr' [ 1735.795766][T25914] Cannot create hsr debugfs directory [ 1735.824087][T17507] usb 4-1: New USB device found, idVendor=0471, idProduct=0302, bcdDevice=4d.67 [ 1735.833504][T17507] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1735.843850][T17507] usb 4-1: Product: syz [ 1735.936786][T25969] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5320'. [ 1736.142994][T17507] usb 4-1: Manufacturer: syz [ 1736.156050][T17507] usb 4-1: SerialNumber: syz [ 1736.182669][T17507] usb 4-1: config 0 descriptor?? [ 1736.197914][T17507] pwc: Philips PCA645VC USB webcam detected. [ 1736.410449][T17507] pwc: send_video_command error -71 [ 1736.422110][T17507] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 1736.429738][T17507] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 1736.453544][ T5838] Bluetooth: hci4: command tx timeout [ 1736.502367][T17507] usb 4-1: USB disconnect, device number 17 [ 1736.562119][T25914] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1736.633589][T25914] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1736.887215][T25914] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1736.897740][T25914] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1736.987266][T25914] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1737.002630][T25914] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1737.159840][T25914] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1737.186664][T25914] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.153103][T25914] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1738.178030][T25914] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1738.220198][T25914] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1738.306202][T25914] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1738.533621][ T5838] Bluetooth: hci4: command tx timeout [ 1738.730556][T25914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1738.771415][T26008] xt_hashlimit: overflow, try lower: 60585/0 [ 1738.988746][T25914] 8021q: adding VLAN 0 to HW filter on device team0 [ 1739.306961][ T210] bridge0: port 1(bridge_slave_0) entered blocking state [ 1739.314280][ T210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1739.604194][T15143] bridge0: port 2(bridge_slave_1) entered blocking state [ 1739.611423][T15143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1739.699096][T25914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1739.757489][T25914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1740.028880][T25914] veth0_vlan: entered promiscuous mode [ 1740.059111][T25914] veth1_vlan: entered promiscuous mode [ 1740.221333][ T1209] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1740.332166][T25914] veth0_macvtap: entered promiscuous mode [ 1740.355760][T25914] veth1_macvtap: entered promiscuous mode [ 1740.362260][ T1209] usb 5-1: device descriptor read/64, error -71 [ 1740.380507][T26019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1740.439159][T26019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1740.450665][T25914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1740.472401][T25914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1740.489182][ T210] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1740.498770][ T210] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1740.525660][ T210] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1740.545474][ T210] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1740.613078][ T5838] Bluetooth: hci4: command tx timeout [ 1740.622469][ T1209] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1740.683751][T15143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1740.694739][T15143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1740.736722][ T210] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1740.761139][ T210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1740.781878][ T1209] usb 5-1: device descriptor read/64, error -71 [ 1740.811723][ T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1740.887260][T26025] netlink: 148 bytes leftover after parsing attributes in process `syz.5.5306'. [ 1740.897605][ T1209] usb usb5-port1: attempt power cycle [ 1740.962493][ T10] usb 4-1: device descriptor read/64, error -71 [ 1740.984585][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.034417][T26028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.089050][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.131551][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.185807][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.220323][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.233884][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1741.241675][ T1209] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1741.255784][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.266818][ T1209] usb 5-1: device descriptor read/8, error -71 [ 1741.278368][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.293943][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.307876][T26027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1741.372014][ T10] usb 4-1: device descriptor read/64, error -71 [ 1741.481332][ T10] usb usb4-port1: attempt power cycle [ 1741.579672][ T1209] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1741.622452][ T1209] usb 5-1: device descriptor read/8, error -71 [ 1741.669438][T26036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5339'. [ 1741.695798][T26036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1741.706805][T26036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1741.734427][ T1209] usb usb5-port1: unable to enumerate USB device [ 1741.871082][ T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1741.901856][ T10] usb 4-1: device descriptor read/8, error -71 [ 1742.151986][ T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1742.182494][ T10] usb 4-1: device descriptor read/8, error -71 [ 1742.301855][ T10] usb usb4-port1: unable to enumerate USB device [ 1743.339006][T26054] create_pit_timer: 9 callbacks suppressed [ 1743.339033][T26054] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1744.444690][T26069] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5347'. [ 1744.464376][T26069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5347'. [ 1744.512952][T26071] IPVS: set_ctl: invalid protocol: 94 172.20.20.37:20000 [ 1744.591117][ T1209] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1744.763883][ T1209] usb 4-1: config 10 has an invalid interface number: 178 but max is 0 [ 1744.781105][ T1209] usb 4-1: config 10 has no interface number 0 [ 1744.787595][ T1209] usb 4-1: config 10 interface 178 has no altsetting 0 [ 1744.811583][ T1209] usb 4-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=4b.50 [ 1744.820959][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1744.830615][ T1209] usb 4-1: Product: syz [ 1744.841094][ T1209] usb 4-1: Manufacturer: syz [ 1744.856227][ T1209] usb 4-1: SerialNumber: syz [ 1745.151225][ T1209] usb 4-1: USB disconnect, device number 22 [ 1745.177277][T17507] usb 6-1: new full-speed USB device number 109 using dummy_hcd [ 1745.336278][T17507] usb 6-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=49.83 [ 1745.358049][T17507] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1745.386365][T17507] usb 6-1: Product: syz [ 1745.400311][T17507] usb 6-1: Manufacturer: syz [ 1745.417614][T17507] usb 6-1: SerialNumber: syz [ 1745.444147][T17507] usb 6-1: config 0 descriptor?? [ 1745.475212][T17507] gspca_main: ALi m5602-2.14.0 probing 0402:5602 [ 1745.772061][T26100] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 1745.989487][T17507] gspca_m5602: Failed to find a sensor [ 1746.019516][T17507] ALi m5602 6-1:0.0: ALi m5602 webcam failed [ 1746.072956][T17507] usb 6-1: USB disconnect, device number 109 [ 1746.653181][T26114] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1746.813498][T11765] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1747.061100][T11765] usb 5-1: device descriptor read/64, error -71 [ 1747.311643][T11765] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1747.445492][T26133] syzkaller0: entered promiscuous mode [ 1747.451155][T11765] usb 5-1: device descriptor read/64, error -71 [ 1747.459629][T26133] syzkaller0: entered allmulticast mode [ 1747.481230][ T1209] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1747.561854][T11765] usb usb5-port1: attempt power cycle [ 1747.657861][ T1209] usb 4-1: Using ep0 maxpacket: 32 [ 1747.667590][ T1209] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1747.680900][ T1209] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 1747.691984][ T1209] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1747.702381][ T1209] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1747.713829][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1747.726460][ T1209] usb 4-1: Product: syz [ 1747.730735][ T1209] usb 4-1: Manufacturer: syz [ 1747.739910][ T1209] usb 4-1: SerialNumber: syz [ 1747.748010][ T1209] usb 4-1: config 0 descriptor?? [ 1747.863659][T26140] FAULT_INJECTION: forcing a failure. [ 1747.863659][T26140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1747.877014][T26140] CPU: 1 UID: 0 PID: 26140 Comm: syz.2.5367 Tainted: G L syzkaller #0 PREEMPT(full) [ 1747.877050][T26140] Tainted: [L]=SOFTLOCKUP [ 1747.877059][T26140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1747.877073][T26140] Call Trace: [ 1747.877082][T26140] [ 1747.877092][T26140] dump_stack_lvl+0xe8/0x150 [ 1747.877129][T26140] should_fail_ex+0x412/0x560 [ 1747.877170][T26140] _copy_to_user+0x31/0xb0 [ 1747.877210][T26140] simple_read_from_buffer+0xe1/0x170 [ 1747.877250][T26140] proc_fail_nth_read+0x1bb/0x230 [ 1747.877287][T26140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1747.877326][T26140] ? rw_verify_area+0x2a6/0x4d0 [ 1747.877352][T26140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1747.877388][T26140] vfs_read+0x20c/0xa70 [ 1747.877420][T26140] ? fdget_pos+0x246/0x320 [ 1747.877447][T26140] ? __pfx___mutex_lock+0x10/0x10 [ 1747.877481][T26140] ? __pfx_vfs_read+0x10/0x10 [ 1747.877509][T26140] ? __fget_files+0x2a/0x420 [ 1747.877535][T26140] ? __fget_files+0x3a0/0x420 [ 1747.877555][T26140] ? __fget_files+0x2a/0x420 [ 1747.877585][T26140] ksys_read+0x150/0x270 [ 1747.877629][T26140] ? __pfx_ksys_read+0x10/0x10 [ 1747.877656][T26140] ? asm_int80_emulation+0x1a/0x20 [ 1747.877683][T26140] do_int80_emulation+0x173/0x4d0 [ 1747.877712][T26140] ? trace_irq_disable+0x3b/0x150 [ 1747.877731][T26140] ? asm_int80_emulation+0x1a/0x20 [ 1747.877750][T26140] ? clear_bhb_loop+0x40/0x90 [ 1747.877773][T26140] ? clear_bhb_loop+0x40/0x90 [ 1747.877798][T26140] asm_int80_emulation+0x1a/0x20 [ 1747.877818][T26140] RIP: 0023:0xf7205cab [ 1747.877836][T26140] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53 [ 1747.877855][T26140] RSP: 002b:00000000f54bd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1747.877877][T26140] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54bd5d0 [ 1747.877891][T26140] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000 [ 1747.877903][T26140] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1747.877914][T26140] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1747.877927][T26140] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1747.877956][T26140] [ 1747.948494][T11765] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1748.322966][ T1209] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 1748.342871][T11765] usb 5-1: device descriptor read/8, error -71 [ 1748.591843][T11765] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1748.604704][T26151] netlink: 'syz.2.5369': attribute type 4 has an invalid length. [ 1748.613084][T26151] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5369'. [ 1748.622998][T11765] usb 5-1: device descriptor read/8, error -71 [ 1748.741829][T11765] usb usb5-port1: unable to enumerate USB device [ 1749.625642][ T797] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1749.796702][ T797] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1749.806373][ T797] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1749.828359][ T797] usb 5-1: Product: syz [ 1749.833849][ T797] usb 5-1: Manufacturer: syz [ 1749.848075][ T797] usb 5-1: SerialNumber: syz [ 1749.865344][ T797] usb 5-1: config 0 descriptor?? [ 1749.883548][ T797] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 1749.905371][ T797] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1749.925934][ T797] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 1749.954446][ T797] usb 5-1: media controller created [ 1749.977436][ T797] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1750.047862][ T797] DVB: Unable to find symbol mt352_attach() [ 1750.094900][T26158] dvb-usb: bulk message failed: -22 (7/0) [ 1750.149047][ T797] DVB: Unable to find symbol nxt6000_attach() [ 1750.157720][ T797] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 1750.175926][ T797] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input285 [ 1750.194723][ T797] dvb-usb: schedule remote query interval to 1000 msecs. [ 1750.202387][ T797] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 1750.236373][ T797] dvb-usb: bulk message failed: -22 (7/0) [ 1750.248237][ T797] dvb-usb: bulk message failed: -22 (7/0) [ 1750.268650][ T797] usb 5-1: USB disconnect, device number 63 [ 1750.343738][ T797] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 1750.764096][ T30] audit: type=1326 audit(1775782953.129:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.804919][ T30] audit: type=1326 audit(1775782953.129:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.839722][ T30] audit: type=1326 audit(1775782953.129:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.888453][ T30] audit: type=1326 audit(1775782953.129:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.912209][ T30] audit: type=1326 audit(1775782953.129:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.953201][ T30] audit: type=1326 audit(1775782953.129:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1750.995219][ T30] audit: type=1326 audit(1775782953.129:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1751.035377][ T30] audit: type=1326 audit(1775782953.129:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1751.069359][ T30] audit: type=1326 audit(1775782953.149:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1751.101895][ T30] audit: type=1326 audit(1775782953.159:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26163 comm="syz.4.5373" exe="/root/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf705ef6c code=0x7ffc0000 [ 1751.761650][T26162] tipc: Enabling of bearer rejected, failed to enable media [ 1751.781895][ T1209] usb 4-1: USB disconnect, device number 23 [ 1754.451755][T11765] usb 6-1: new high-speed USB device number 110 using dummy_hcd [ 1754.481858][ C0] vcan0: j1939_tp_rxtimer: 0xffff88808428c000: rx timeout, send abort [ 1754.490367][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88808428c000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1754.628550][T11765] usb 6-1: config index 0 descriptor too short (expected 2084, got 36) [ 1754.661696][T11765] usb 6-1: config 0 has an invalid interface number: 240 but max is 0 [ 1754.681166][T11765] usb 6-1: config 0 has no interface number 0 [ 1754.696132][T11765] usb 6-1: config 0 interface 240 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1754.699304][T26205] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5384'. [ 1754.733615][T11765] usb 6-1: config 0 interface 240 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1754.754018][T11765] usb 6-1: config 0 interface 240 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1754.801068][T11765] usb 6-1: config 0 interface 240 has no altsetting 0 [ 1754.807945][T11765] usb 6-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 1754.831361][T11765] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1754.855854][T11765] usb 6-1: config 0 descriptor?? [ 1755.293761][T11765] uclogic 0003:5543:004D.0067: interface is invalid, ignoring [ 1755.990126][T26205] bond0 (unregistering): Released all slaves [ 1756.021201][T26211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5387'. [ 1756.629326][ T797] usb 6-1: USB disconnect, device number 110 [ 1757.858432][T26244] FAULT_INJECTION: forcing a failure. [ 1757.858432][T26244] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.936551][T26244] CPU: 1 UID: 0 PID: 26244 Comm: syz.5.5399 Tainted: G L syzkaller #0 PREEMPT(full) [ 1757.936590][T26244] Tainted: [L]=SOFTLOCKUP [ 1757.936599][T26244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1757.936614][T26244] Call Trace: [ 1757.936623][T26244] [ 1757.936633][T26244] dump_stack_lvl+0xe8/0x150 [ 1757.936679][T26244] should_fail_ex+0x412/0x560 [ 1757.936721][T26244] should_failslab+0xa8/0x100 [ 1757.936755][T26244] __kmalloc_noprof+0xe8/0x760 [ 1757.936782][T26244] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1757.936814][T26244] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1757.936849][T26244] ? tomoyo_path_number_perm+0x219/0x630 [ 1757.936893][T26244] tomoyo_path_number_perm+0x246/0x630 [ 1757.936928][T26244] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1757.936982][T26244] ? __lock_acquire+0x6b5/0x2cf0 [ 1757.937060][T26244] ? __fget_files+0x2a/0x420 [ 1757.937085][T26244] ? __fget_files+0x3a0/0x420 [ 1757.937104][T26244] ? __fget_files+0x2a/0x420 [ 1757.937129][T26244] security_file_ioctl_compat+0xc3/0x2a0 [ 1757.937163][T26244] __ia32_compat_sys_ioctl+0x139/0x950 [ 1757.937195][T26244] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1757.937228][T26244] ? __fget_files+0x3a0/0x420 [ 1757.937255][T26244] ? fput+0xa0/0xd0 [ 1757.937288][T26244] ? ksys_write+0x242/0x270 [ 1757.937325][T26244] __do_fast_syscall_32+0x20d/0x640 [ 1757.937359][T26244] ? do_fast_syscall_32+0x33/0x70 [ 1757.937389][T26244] ? asm_int80_emulation+0x1a/0x20 [ 1757.937409][T26244] ? do_int80_emulation+0x274/0x4d0 [ 1757.937473][T26244] ? trace_irq_disable+0x3b/0x150 [ 1757.937496][T26244] do_fast_syscall_32+0x33/0x70 [ 1757.937528][T26244] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1757.937555][T26244] RIP: 0023:0xf6feef6c [ 1757.937575][T26244] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1757.937595][T26244] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1757.937618][T26244] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005402 [ 1757.937634][T26244] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1757.937648][T26244] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1757.937667][T26244] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1757.937681][T26244] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1757.937713][T26244] [ 1757.937722][T26244] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1758.241251][T11765] hid_parser_main: 91 callbacks suppressed [ 1758.241275][T11765] hid-generic 0000:0000:0000.0068: unknown main item tag 0x7 [ 1758.337317][T11765] hid-generic 0000:0000:0000.0068: ignoring exceeding usage max [ 1758.357327][T11765] hid-generic 0000:0000:0000.0068: unknown main item tag 0x0 [ 1758.376337][T11765] hid-generic 0000:0000:0000.0068: unknown main item tag 0x6 [ 1758.390063][T11765] hid-generic 0000:0000:0000.0068: reserved main item tag 0xd [ 1758.443380][T11765] hid-generic 0000:0000:0000.0068: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1758.491112][ T10] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1758.551502][ T797] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1758.565705][T26253] FAULT_INJECTION: forcing a failure. [ 1758.565705][T26253] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.642048][T26253] CPU: 1 UID: 0 PID: 26253 Comm: syz.5.5402 Tainted: G L syzkaller #0 PREEMPT(full) [ 1758.642085][T26253] Tainted: [L]=SOFTLOCKUP [ 1758.642094][T26253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1758.642109][T26253] Call Trace: [ 1758.642118][T26253] [ 1758.642128][T26253] dump_stack_lvl+0xe8/0x150 [ 1758.642165][T26253] should_fail_ex+0x412/0x560 [ 1758.642205][T26253] should_failslab+0xa8/0x100 [ 1758.642237][T26253] __kmalloc_cache_noprof+0x88/0x660 [ 1758.642265][T26253] ? vb2_vmalloc_alloc+0xb2/0x360 [ 1758.642294][T26253] vb2_vmalloc_alloc+0xb2/0x360 [ 1758.642315][T26253] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 1758.642339][T26253] __vb2_queue_alloc+0x9c5/0x15a0 [ 1758.642398][T26253] vb2_core_reqbufs+0xc1f/0x1410 [ 1758.642450][T26253] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 1758.642483][T26253] ? __kasan_kmalloc+0x93/0xb0 [ 1758.642512][T26253] ? __kmalloc_cache_noprof+0x31c/0x660 [ 1758.642540][T26253] ? __kmalloc_cache_noprof+0x15b/0x660 [ 1758.642578][T26253] __vb2_init_fileio+0x318/0xff0 [ 1758.642606][T26253] ? kstrtoull+0x12f/0x1d0 [ 1758.642637][T26253] ? vb2_fop_read+0x101/0x360 [ 1758.642679][T26253] __vb2_perform_fileio+0x282/0x1620 [ 1758.642720][T26253] vb2_fop_read+0x273/0x360 [ 1758.642762][T26253] v4l2_read+0x19c/0x2c0 [ 1758.642797][T26253] ? __pfx_v4l2_read+0x10/0x10 [ 1758.642833][T26253] vfs_read+0x20c/0xa70 [ 1758.642867][T26253] ? __pfx_vfs_read+0x10/0x10 [ 1758.642895][T26253] ? __fget_files+0x2a/0x420 [ 1758.642919][T26253] ? __fget_files+0x2a/0x420 [ 1758.642939][T26253] ? __fget_files+0x3a0/0x420 [ 1758.642959][T26253] ? __fget_files+0x2a/0x420 [ 1758.642989][T26253] ksys_read+0x150/0x270 [ 1758.643017][T26253] ? __pfx_ksys_read+0x10/0x10 [ 1758.643054][T26253] __do_fast_syscall_32+0x20d/0x640 [ 1758.643093][T26253] ? do_fast_syscall_32+0x33/0x70 [ 1758.643124][T26253] ? asm_int80_emulation+0x1a/0x20 [ 1758.643146][T26253] ? do_int80_emulation+0x274/0x4d0 [ 1758.643176][T26253] ? trace_irq_disable+0x3b/0x150 [ 1758.643202][T26253] do_fast_syscall_32+0x33/0x70 [ 1758.643235][T26253] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1758.643263][T26253] RIP: 0023:0xf6feef6c [ 1758.643283][T26253] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1758.643303][T26253] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 1758.643328][T26253] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 1758.643343][T26253] RDX: 0000000000000065 RSI: 0000000000000000 RDI: 0000000000000000 [ 1758.643356][T26253] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1758.643369][T26253] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1758.643382][T26253] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1758.643414][T26253] [ 1758.653187][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 1758.714199][ T797] usb 4-1: device descriptor read/64, error -71 [ 1758.962066][ T797] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1759.151068][ T797] usb 4-1: device descriptor read/64, error -71 [ 1759.217928][T26255] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5403'. [ 1759.712429][ T797] usb usb4-port1: attempt power cycle [ 1759.736011][T26255] FAULT_INJECTION: forcing a failure. [ 1759.736011][T26255] name failslab, interval 1, probability 0, space 0, times 0 [ 1759.761800][T26255] CPU: 0 UID: 0 PID: 26255 Comm: syz.0.5403 Tainted: G L syzkaller #0 PREEMPT(full) [ 1759.761837][T26255] Tainted: [L]=SOFTLOCKUP [ 1759.761846][T26255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1759.761859][T26255] Call Trace: [ 1759.761869][T26255] [ 1759.761879][T26255] dump_stack_lvl+0xe8/0x150 [ 1759.761915][T26255] should_fail_ex+0x412/0x560 [ 1759.761957][T26255] should_failslab+0xa8/0x100 [ 1759.761989][T26255] __kvmalloc_node_noprof+0x178/0x8a0 [ 1759.762018][T26255] ? nf_hook_entries_grow+0x288/0x720 [ 1759.762047][T26255] ? __pfx___mutex_lock+0x10/0x10 [ 1759.762082][T26255] nf_hook_entries_grow+0x288/0x720 [ 1759.762124][T26255] __nf_register_net_hook+0x2c9/0x930 [ 1759.762162][T26255] nf_register_net_hook+0xb2/0x190 [ 1759.762191][T26255] nf_register_net_hooks+0x44/0x1b0 [ 1759.762222][T26255] nf_defrag_ipv6_enable+0x87/0x120 [ 1759.762256][T26255] nf_ct_netns_do_get+0x1e7/0x5c0 [ 1759.762299][T26255] ? __pfx_nf_ct_netns_do_get+0x10/0x10 [ 1759.762324][T26255] ? rcu_is_watching+0x15/0xb0 [ 1759.762354][T26255] ? __bitmap_set+0x12f/0x170 [ 1759.762385][T26255] ? nf_ct_netns_get+0xe9/0x320 [ 1759.762413][T26255] nft_ct_get_init+0x5bf/0x9c0 [ 1759.762444][T26255] nf_tables_newrule+0x17ac/0x28b0 [ 1759.762489][T26255] ? __pfx_nf_tables_newrule+0x10/0x10 [ 1759.762520][T26255] ? nfnl_pernet+0x23/0x240 [ 1759.762560][T26255] ? __nla_parse+0x40/0x60 [ 1759.762588][T26255] nfnetlink_rcv+0x1240/0x27b0 [ 1759.762655][T26255] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1759.762703][T26255] ? ref_tracker_free+0x693/0x840 [ 1759.762760][T26255] ? __netlink_deliver_tap+0x807/0x850 [ 1759.762788][T26255] ? netlink_deliver_tap+0x2e/0x1b0 [ 1759.762829][T26255] netlink_unicast+0x80f/0x9b0 [ 1759.762870][T26255] ? __pfx_netlink_unicast+0x10/0x10 [ 1759.762904][T26255] ? netlink_sendmsg+0x650/0xb40 [ 1759.762925][T26255] ? skb_put+0x11b/0x210 [ 1759.762954][T26255] netlink_sendmsg+0x813/0xb40 [ 1759.762987][T26255] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1759.763014][T26255] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1759.763049][T26255] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1759.763077][T26255] ____sys_sendmsg+0x972/0x9f0 [ 1759.763114][T26255] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1759.763146][T26255] ? kstrtoull+0x12f/0x1d0 [ 1759.763185][T26255] ___sys_sendmsg+0x2a5/0x360 [ 1759.763219][T26255] ? __pfx____sys_sendmsg+0x10/0x10 [ 1759.763250][T26255] ? get_pid_task+0x20/0x1f0 [ 1759.763269][T26255] ? get_pid_task+0x20/0x1f0 [ 1759.763287][T26255] ? get_pid_task+0x20/0x1f0 [ 1759.763355][T26255] ? __fget_files+0x2a/0x420 [ 1759.763391][T26255] ? __fget_files+0x3a0/0x420 [ 1759.763423][T26255] __sys_sendmsg+0x183/0x260 [ 1759.763456][T26255] ? __pfx___sys_sendmsg+0x10/0x10 [ 1759.763552][T26255] __do_fast_syscall_32+0x20d/0x640 [ 1759.763588][T26255] ? do_fast_syscall_32+0x33/0x70 [ 1759.763619][T26255] ? asm_int80_emulation+0x1a/0x20 [ 1759.763659][T26255] ? do_int80_emulation+0x274/0x4d0 [ 1759.763700][T26255] ? trace_irq_disable+0x3b/0x150 [ 1759.763731][T26255] do_fast_syscall_32+0x33/0x70 [ 1759.763764][T26255] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1759.763792][T26255] RIP: 0023:0xf7f75f6c [ 1759.763813][T26255] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1759.763832][T26255] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1759.763857][T26255] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 1759.763873][T26255] RDX: 0000000024004804 RSI: 0000000000000000 RDI: 0000000000000000 [ 1759.763888][T26255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1759.763901][T26255] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1759.763915][T26255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1759.763950][T26255] [ 1760.249377][ T797] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1760.531637][ T10] usb 5-1: too many configurations: 123, using maximum allowed: 8 [ 1760.670654][ T797] usb 4-1: device descriptor read/8, error -71 [ 1760.701409][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1760.731973][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1760.765985][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1760.957328][ T10] usb 5-1: unable to read config index 3 descriptor/start: -71 [ 1760.965148][ T10] usb 5-1: can't read configurations, error -71 [ 1760.971293][ T797] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1761.117534][T26269] syzkaller0: entered promiscuous mode [ 1761.141580][T26269] syzkaller0: entered allmulticast mode [ 1761.178997][T26269] TC_ACT_REPEAT abuse ? [ 1761.183944][ T797] usb 4-1: device not accepting address 27, error -71 [ 1761.214861][ T797] usb usb4-port1: unable to enumerate USB device [ 1761.392890][T26278] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5413'. [ 1761.560909][T26282] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1761.568852][T26282] IPv6: NLM_F_CREATE should be set when creating new route [ 1761.576210][T26282] IPv6: NLM_F_CREATE should be set when creating new route [ 1761.583502][T26282] IPv6: NLM_F_CREATE should be set when creating new route [ 1761.616217][T26284] input: syz0 as /devices/virtual/input/input287 [ 1761.752799][T26288] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5409'. [ 1761.981100][ T5838] Bluetooth: hci0: ACL packet for unknown connection handle 169 [ 1762.161953][T26288] netlink: 'syz.4.5409': attribute type 10 has an invalid length. [ 1762.212166][T26289] netlink: 'syz.4.5409': attribute type 10 has an invalid length. [ 1762.316083][T26288] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 1762.345836][T26288] team0: Port device netdevsim0 added [ 1762.352932][T26289] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 1762.453001][T26289] team0: Port device netdevsim0 removed [ 1762.538216][T26289] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 1762.552341][T26289] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1763.312059][ T30] audit: type=1326 audit(1775782965.669:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1763.366200][ T30] audit: type=1326 audit(1775782965.669:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1763.609985][T26312] netlink: 84 bytes leftover after parsing attributes in process `syz.2.5420'. [ 1763.620899][T26312] netlink: 84 bytes leftover after parsing attributes in process `syz.2.5420'. [ 1763.674240][ T30] audit: type=1326 audit(1775782965.669:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1763.917606][ T30] audit: type=1326 audit(1775782965.669:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1764.351160][ T30] audit: type=1326 audit(1775782965.669:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1764.791279][ T30] audit: type=1326 audit(1775782965.669:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1764.913755][ T30] audit: type=1326 audit(1775782965.669:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1765.027437][ T30] audit: type=1326 audit(1775782965.679:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1765.146372][ T30] audit: type=1326 audit(1775782965.679:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1765.251224][ T30] audit: type=1326 audit(1775782965.679:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26305 comm="syz.2.5420" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70cef6c code=0x7ffc0000 [ 1765.359917][T26336] syzkaller0: entered promiscuous mode [ 1765.414030][T26336] syzkaller0: entered allmulticast mode [ 1765.548440][T26342] FAULT_INJECTION: forcing a failure. [ 1765.548440][T26342] name failslab, interval 1, probability 0, space 0, times 0 [ 1765.682367][T26342] CPU: 1 UID: 0 PID: 26342 Comm: syz.4.5428 Tainted: G L syzkaller #0 PREEMPT(full) [ 1765.682403][T26342] Tainted: [L]=SOFTLOCKUP [ 1765.682412][T26342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1765.682427][T26342] Call Trace: [ 1765.682437][T26342] [ 1765.682447][T26342] dump_stack_lvl+0xe8/0x150 [ 1765.682484][T26342] should_fail_ex+0x412/0x560 [ 1765.682526][T26342] should_failslab+0xa8/0x100 [ 1765.682556][T26342] ? security_inode_alloc+0x39/0x310 [ 1765.682581][T26342] kmem_cache_alloc_noprof+0x87/0x650 [ 1765.682616][T26342] security_inode_alloc+0x39/0x310 [ 1765.682642][T26342] inode_init_always_gfp+0x9ed/0xdc0 [ 1765.682684][T26342] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1765.682711][T26342] alloc_inode+0x82/0x1b0 [ 1765.682745][T26342] new_inode+0x22/0x170 [ 1765.682785][T26342] __debugfs_create_file+0xb8/0x400 [ 1765.682816][T26342] debugfs_create_file_full+0x3f/0x60 [ 1765.682846][T26342] ref_tracker_dir_debugfs+0x197/0x360 [ 1765.682872][T26342] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1765.682926][T26342] ? __kvmalloc_node_noprof+0x545/0x8a0 [ 1765.682954][T26342] ? alloc_netdev_mqs+0xa6/0x11b0 [ 1765.682992][T26342] ? __raw_spin_lock_init+0x45/0x100 [ 1765.683019][T26342] alloc_netdev_mqs+0x272/0x11b0 [ 1765.683064][T26342] ? __pfx_macvlan_setup+0x10/0x10 [ 1765.683100][T26342] rtnl_create_link+0x31f/0xd70 [ 1765.683141][T26342] rtnl_newlink_create+0x277/0xb70 [ 1765.683169][T26342] ? __pfx___nla_validate_parse+0x10/0x10 [ 1765.683206][T26342] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1765.683238][T26342] ? __pfx___mutex_lock+0x10/0x10 [ 1765.683288][T26342] ? ns_capable+0x89/0xe0 [ 1765.683321][T26342] rtnl_newlink+0x1666/0x1be0 [ 1765.683367][T26342] ? __pfx_rtnl_newlink+0x10/0x10 [ 1765.683390][T26342] ? do_fast_syscall_32+0x33/0x70 [ 1765.683419][T26342] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1765.683486][T26342] ? kasan_quarantine_put+0xbb/0x1f0 [ 1765.683511][T26342] ? lockdep_hardirqs_on+0x7a/0x110 [ 1765.683545][T26342] ? kmem_cache_free+0x187/0x630 [ 1765.683571][T26342] ? nlmon_xmit+0xb0/0x100 [ 1765.683612][T26342] ? __lock_acquire+0x6b5/0x2cf0 [ 1765.683648][T26342] ? __local_bh_enable_ip+0xd0/0x130 [ 1765.683677][T26342] ? lockdep_hardirqs_on+0x7a/0x110 [ 1765.683706][T26342] ? __dev_queue_xmit+0x277/0x3890 [ 1765.683735][T26342] ? __local_bh_enable_ip+0xd0/0x130 [ 1765.683762][T26342] ? __dev_queue_xmit+0x277/0x3890 [ 1765.683820][T26342] ? __pfx_rtnl_newlink+0x10/0x10 [ 1765.683844][T26342] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1765.683873][T26342] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1765.683898][T26342] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1765.683920][T26342] ? ref_tracker_free+0x693/0x840 [ 1765.683942][T26342] ? __copy_skb_header+0xa3/0x4a0 [ 1765.683973][T26342] ? __pfx_ref_tracker_free+0x10/0x10 [ 1765.683994][T26342] ? __skb_clone+0x63/0x7a0 [ 1765.684032][T26342] netlink_rcv_skb+0x232/0x4b0 [ 1765.684058][T26342] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1765.684085][T26342] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1765.684121][T26342] ? netlink_deliver_tap+0x2e/0x1b0 [ 1765.684154][T26342] netlink_unicast+0x80f/0x9b0 [ 1765.684197][T26342] ? __pfx_netlink_unicast+0x10/0x10 [ 1765.684234][T26342] ? netlink_sendmsg+0x650/0xb40 [ 1765.684256][T26342] ? skb_put+0x11b/0x210 [ 1765.684293][T26342] netlink_sendmsg+0x813/0xb40 [ 1765.684329][T26342] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1765.684357][T26342] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1765.684393][T26342] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1765.684426][T26342] ____sys_sendmsg+0x972/0x9f0 [ 1765.684466][T26342] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1765.684502][T26342] ? kstrtoull+0x12f/0x1d0 [ 1765.684545][T26342] ___sys_sendmsg+0x2a5/0x360 [ 1765.684581][T26342] ? __pfx____sys_sendmsg+0x10/0x10 [ 1765.684614][T26342] ? get_pid_task+0x20/0x1f0 [ 1765.684636][T26342] ? get_pid_task+0x20/0x1f0 [ 1765.684656][T26342] ? get_pid_task+0x20/0x1f0 [ 1765.684707][T26342] ? __fget_files+0x2a/0x420 [ 1765.684729][T26342] ? __fget_files+0x3a0/0x420 [ 1765.684761][T26342] __sys_sendmsg+0x183/0x260 [ 1765.684794][T26342] ? __pfx___sys_sendmsg+0x10/0x10 [ 1765.684848][T26342] __do_fast_syscall_32+0x20d/0x640 [ 1765.684883][T26342] ? do_fast_syscall_32+0x33/0x70 [ 1765.684913][T26342] ? asm_int80_emulation+0x1a/0x20 [ 1765.684935][T26342] ? do_int80_emulation+0x274/0x4d0 [ 1765.684966][T26342] ? trace_irq_disable+0x3b/0x150 [ 1765.684990][T26342] do_fast_syscall_32+0x33/0x70 [ 1765.685022][T26342] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1765.685051][T26342] RIP: 0023:0xf705ef6c [ 1765.685071][T26342] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1765.685090][T26342] RSP: 002b:00000000f544d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1765.685113][T26342] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 1765.685128][T26342] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1765.685141][T26342] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1765.685154][T26342] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1765.685168][T26342] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1765.685200][T26342] [ 1766.210055][T26342] debugfs: out of free dentries, can not create file 'netdev@ffff888058c8a620' [ 1766.256430][T26348] x_tables: ip6_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 1766.305268][T26342] macsec0: entered promiscuous mode [ 1766.362364][T26342] macsec0: left promiscuous mode [ 1766.860559][T26354] Cannot find add_set index 3 as target [ 1766.872719][T26353] Cannot find add_set index 3 as target [ 1767.978575][T26365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5435'. [ 1769.472092][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1769.472118][ T30] audit: type=1326 audit(1775782971.819:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f75f88 code=0x7ffc0000 [ 1769.511143][ T30] audit: type=1326 audit(1775782971.819:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000 [ 1769.534571][ T30] audit: type=1326 audit(1775782971.819:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f75f88 code=0x7ffc0000 [ 1769.560366][ T30] audit: type=1326 audit(1775782971.819:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000 [ 1769.585935][ T30] audit: type=1326 audit(1775782971.819:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000 [ 1769.626588][ T30] audit: type=1326 audit(1775782971.819:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f75f88 code=0x7ffc0000 [ 1769.651340][ T30] audit: type=1326 audit(1775782971.819:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000 [ 1769.675965][ T30] audit: type=1326 audit(1775782971.819:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f75f88 code=0x7ffc0000 [ 1769.779585][ T30] audit: type=1326 audit(1775782971.819:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000 [ 1770.096893][ T30] audit: type=1326 audit(1775782971.819:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26381 comm="syz.0.5439" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f75f88 code=0x7ffc0000 [ 1771.339404][T26382] delete_channel: no stack [ 1771.613688][T26381] delete_channel: no stack [ 1773.115355][T26386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5440'. [ 1773.127278][T26386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5440'. [ 1773.140395][T26386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5440'. [ 1773.151761][T26386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5440'. [ 1773.201322][T26386] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 1773.207948][T26386] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1773.262789][T26386] vhci_hcd vhci_hcd.0: Device attached [ 1773.463663][T26387] vhci_hcd: connection closed [ 1773.465071][ T12] vhci_hcd vhci_hcd.0: stop threads [ 1773.475577][ T12] vhci_hcd vhci_hcd.0: release socket [ 1773.481451][ T12] vhci_hcd vhci_hcd.0: disconnect device [ 1774.031996][T26360] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5433'. [ 1774.042544][T26360] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1774.183881][T26378] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1774.388373][T26395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1774.398376][T26395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1776.345770][T26413] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.5445'. [ 1776.953265][T26427] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5449'. [ 1776.972232][T26429] lo: Caught tx_queue_len zero misconfig [ 1777.031694][T26432] FAULT_INJECTION: forcing a failure. [ 1777.031694][T26432] name failslab, interval 1, probability 0, space 0, times 0 [ 1777.072364][T26432] CPU: 0 UID: 0 PID: 26432 Comm: syz.5.5451 Tainted: G L syzkaller #0 PREEMPT(full) [ 1777.072391][T26432] Tainted: [L]=SOFTLOCKUP [ 1777.072397][T26432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1777.072407][T26432] Call Trace: [ 1777.072413][T26432] [ 1777.072420][T26432] dump_stack_lvl+0xe8/0x150 [ 1777.072447][T26432] should_fail_ex+0x412/0x560 [ 1777.072474][T26432] should_failslab+0xa8/0x100 [ 1777.072496][T26432] __kmalloc_cache_noprof+0x88/0x660 [ 1777.072514][T26432] ? __pfx_stack_trace_save+0x10/0x10 [ 1777.072531][T26432] ? rtnl_newlink+0x136/0x1be0 [ 1777.072551][T26432] rtnl_newlink+0x136/0x1be0 [ 1777.072568][T26432] ? kasan_save_track+0x4f/0x80 [ 1777.072585][T26432] ? kasan_save_track+0x3e/0x80 [ 1777.072600][T26432] ? kasan_save_free_info+0x46/0x50 [ 1777.072622][T26432] ? __kasan_slab_free+0x5c/0x80 [ 1777.072639][T26432] ? kmem_cache_free+0x187/0x630 [ 1777.072656][T26432] ? __dev_queue_xmit+0x16d1/0x3890 [ 1777.072677][T26432] ? __netlink_deliver_tap+0x5ad/0x850 [ 1777.072692][T26432] ? netlink_deliver_tap+0x19c/0x1b0 [ 1777.072706][T26432] ? netlink_unicast+0x7e3/0x9b0 [ 1777.072727][T26432] ? netlink_sendmsg+0x813/0xb40 [ 1777.072743][T26432] ? __pfx_rtnl_newlink+0x10/0x10 [ 1777.072758][T26432] ? do_fast_syscall_32+0x33/0x70 [ 1777.072778][T26432] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1777.072820][T26432] ? kasan_quarantine_put+0xbb/0x1f0 [ 1777.072837][T26432] ? lockdep_hardirqs_on+0x7a/0x110 [ 1777.072859][T26432] ? kmem_cache_free+0x187/0x630 [ 1777.072876][T26432] ? nlmon_xmit+0xb0/0x100 [ 1777.072902][T26432] ? __lock_acquire+0x6b5/0x2cf0 [ 1777.072926][T26432] ? __local_bh_enable_ip+0xd0/0x130 [ 1777.072946][T26432] ? lockdep_hardirqs_on+0x7a/0x110 [ 1777.072964][T26432] ? __dev_queue_xmit+0x277/0x3890 [ 1777.072984][T26432] ? __local_bh_enable_ip+0xd0/0x130 [ 1777.073002][T26432] ? __dev_queue_xmit+0x277/0x3890 [ 1777.073039][T26432] ? __pfx_rtnl_newlink+0x10/0x10 [ 1777.073055][T26432] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1777.073074][T26432] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1777.073089][T26432] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1777.073109][T26432] ? ref_tracker_free+0x693/0x840 [ 1777.073124][T26432] ? __copy_skb_header+0xa3/0x4a0 [ 1777.073146][T26432] ? __pfx_ref_tracker_free+0x10/0x10 [ 1777.073160][T26432] ? __skb_clone+0x63/0x7a0 [ 1777.073186][T26432] netlink_rcv_skb+0x232/0x4b0 [ 1777.073203][T26432] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1777.073221][T26432] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1777.073244][T26432] ? netlink_deliver_tap+0x2e/0x1b0 [ 1777.073266][T26432] netlink_unicast+0x80f/0x9b0 [ 1777.073294][T26432] ? __pfx_netlink_unicast+0x10/0x10 [ 1777.073319][T26432] ? netlink_sendmsg+0x650/0xb40 [ 1777.073334][T26432] ? skb_put+0x11b/0x210 [ 1777.073356][T26432] netlink_sendmsg+0x813/0xb40 [ 1777.073378][T26432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1777.073397][T26432] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1777.073422][T26432] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1777.073443][T26432] ____sys_sendmsg+0x972/0x9f0 [ 1777.073469][T26432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1777.073492][T26432] ? kstrtoull+0x12f/0x1d0 [ 1777.073521][T26432] ___sys_sendmsg+0x2a5/0x360 [ 1777.073544][T26432] ? __pfx____sys_sendmsg+0x10/0x10 [ 1777.073566][T26432] ? get_pid_task+0x20/0x1f0 [ 1777.073580][T26432] ? get_pid_task+0x20/0x1f0 [ 1777.073593][T26432] ? get_pid_task+0x20/0x1f0 [ 1777.073624][T26432] ? __fget_files+0x2a/0x420 [ 1777.073637][T26432] ? __fget_files+0x3a0/0x420 [ 1777.073657][T26432] __sys_sendmsg+0x183/0x260 [ 1777.073679][T26432] ? __pfx___sys_sendmsg+0x10/0x10 [ 1777.073713][T26432] __do_fast_syscall_32+0x20d/0x640 [ 1777.073736][T26432] ? do_fast_syscall_32+0x33/0x70 [ 1777.073756][T26432] ? asm_int80_emulation+0x1a/0x20 [ 1777.073771][T26432] ? do_int80_emulation+0x274/0x4d0 [ 1777.073791][T26432] ? trace_irq_disable+0x3b/0x150 [ 1777.073807][T26432] do_fast_syscall_32+0x33/0x70 [ 1777.073829][T26432] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1777.073847][T26432] RIP: 0023:0xf6feef6c [ 1777.073862][T26432] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1777.073875][T26432] RSP: 002b:00000000f53bc50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1777.073891][T26432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 1777.073902][T26432] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1777.073911][T26432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1777.073920][T26432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1777.073929][T26432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1777.073949][T26432] [ 1781.428405][T26475] wg1: entered promiscuous mode [ 1781.440921][T26475] wg1: entered allmulticast mode [ 1782.361572][T26022] usb 6-1: new high-speed USB device number 111 using dummy_hcd [ 1782.533446][T26022] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1782.551279][T26494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1782.569941][T26022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1782.582138][T26494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1782.594180][T26022] usb 6-1: config 0 descriptor?? [ 1782.867172][T26022] ath6kl: Failed to submit usb control message: -71 [ 1782.881994][T26022] ath6kl: unable to send the bmi data to the device: -71 [ 1782.899421][T26022] ath6kl: Unable to send get target info: -71 [ 1782.908475][T26022] ath6kl: Failed to init ath6kl core: -71 [ 1782.918709][T26022] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1782.979700][T26022] usb 6-1: USB disconnect, device number 111 [ 1783.810639][T26519] FAULT_INJECTION: forcing a failure. [ 1783.810639][T26519] name failslab, interval 1, probability 0, space 0, times 0 [ 1783.854967][T26519] CPU: 0 UID: 0 PID: 26519 Comm: syz.5.5474 Tainted: G L syzkaller #0 PREEMPT(full) [ 1783.855005][T26519] Tainted: [L]=SOFTLOCKUP [ 1783.855014][T26519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1783.855028][T26519] Call Trace: [ 1783.855038][T26519] [ 1783.855048][T26519] dump_stack_lvl+0xe8/0x150 [ 1783.855085][T26519] should_fail_ex+0x412/0x560 [ 1783.855127][T26519] should_failslab+0xa8/0x100 [ 1783.855156][T26519] ? skb_clone+0x212/0x3a0 [ 1783.855187][T26519] kmem_cache_alloc_noprof+0x87/0x650 [ 1783.855211][T26519] ? __netlink_lookup+0xc6/0x8b0 [ 1783.855245][T26519] skb_clone+0x212/0x3a0 [ 1783.855280][T26519] __netlink_deliver_tap+0x404/0x850 [ 1783.855317][T26519] ? netlink_deliver_tap+0x2e/0x1b0 [ 1783.855343][T26519] netlink_deliver_tap+0x19c/0x1b0 [ 1783.855370][T26519] netlink_unicast+0x7e3/0x9b0 [ 1783.855413][T26519] ? __pfx_netlink_unicast+0x10/0x10 [ 1783.855451][T26519] ? netlink_sendmsg+0x650/0xb40 [ 1783.855473][T26519] ? skb_put+0x11b/0x210 [ 1783.855504][T26519] netlink_sendmsg+0x813/0xb40 [ 1783.855538][T26519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1783.855568][T26519] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1783.855605][T26519] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1783.855654][T26519] ____sys_sendmsg+0x972/0x9f0 [ 1783.855696][T26519] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1783.855732][T26519] ? kstrtoull+0x12f/0x1d0 [ 1783.855776][T26519] ___sys_sendmsg+0x2a5/0x360 [ 1783.855813][T26519] ? __pfx____sys_sendmsg+0x10/0x10 [ 1783.855854][T26519] ? get_pid_task+0x20/0x1f0 [ 1783.855877][T26519] ? get_pid_task+0x20/0x1f0 [ 1783.855897][T26519] ? get_pid_task+0x20/0x1f0 [ 1783.855947][T26519] ? __fget_files+0x2a/0x420 [ 1783.855969][T26519] ? __fget_files+0x3a0/0x420 [ 1783.856001][T26519] __sys_sendmsg+0x183/0x260 [ 1783.856035][T26519] ? __pfx___sys_sendmsg+0x10/0x10 [ 1783.856090][T26519] __do_fast_syscall_32+0x20d/0x640 [ 1783.856127][T26519] ? do_fast_syscall_32+0x33/0x70 [ 1783.856159][T26519] ? asm_int80_emulation+0x1a/0x20 [ 1783.856181][T26519] ? do_int80_emulation+0x274/0x4d0 [ 1783.856212][T26519] ? trace_irq_disable+0x3b/0x150 [ 1783.856238][T26519] do_fast_syscall_32+0x33/0x70 [ 1783.856271][T26519] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1783.856300][T26519] RIP: 0023:0xf6feef6c [ 1783.856321][T26519] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1783.856342][T26519] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1783.856367][T26519] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 1783.856383][T26519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1783.856397][T26519] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1783.856410][T26519] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1783.856424][T26519] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1783.856457][T26519] [ 1784.239635][T26526] FAULT_INJECTION: forcing a failure. [ 1784.239635][T26526] name failslab, interval 1, probability 0, space 0, times 0 [ 1784.295982][T26526] CPU: 1 UID: 0 PID: 26526 Comm: syz.2.5473 Tainted: G L syzkaller #0 PREEMPT(full) [ 1784.296020][T26526] Tainted: [L]=SOFTLOCKUP [ 1784.296029][T26526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1784.296044][T26526] Call Trace: [ 1784.296054][T26526] [ 1784.296063][T26526] dump_stack_lvl+0xe8/0x150 [ 1784.296101][T26526] should_fail_ex+0x412/0x560 [ 1784.296143][T26526] should_failslab+0xa8/0x100 [ 1784.296175][T26526] __kmalloc_noprof+0xe8/0x760 [ 1784.296202][T26526] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1784.296234][T26526] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1784.296270][T26526] ? tomoyo_path_number_perm+0x219/0x630 [ 1784.296303][T26526] tomoyo_path_number_perm+0x246/0x630 [ 1784.296339][T26526] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1784.296376][T26526] ? __lock_acquire+0x6b5/0x2cf0 [ 1784.296442][T26526] ? __fget_files+0x2a/0x420 [ 1784.296468][T26526] ? __fget_files+0x3a0/0x420 [ 1784.296488][T26526] ? __fget_files+0x2a/0x420 [ 1784.296513][T26526] security_file_ioctl_compat+0xc3/0x2a0 [ 1784.296555][T26526] __ia32_compat_sys_ioctl+0x139/0x950 [ 1784.296588][T26526] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1784.296622][T26526] ? __fget_files+0x3a0/0x420 [ 1784.296650][T26526] ? fput+0xa0/0xd0 [ 1784.296683][T26526] ? ksys_write+0x242/0x270 [ 1784.296723][T26526] __do_fast_syscall_32+0x20d/0x640 [ 1784.296757][T26526] ? do_fast_syscall_32+0x33/0x70 [ 1784.296799][T26526] ? asm_int80_emulation+0x1a/0x20 [ 1784.296820][T26526] ? do_int80_emulation+0x274/0x4d0 [ 1784.296859][T26526] ? trace_irq_disable+0x3b/0x150 [ 1784.296883][T26526] do_fast_syscall_32+0x33/0x70 [ 1784.296911][T26526] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1784.296937][T26526] RIP: 0023:0xf70cef6c [ 1784.296955][T26526] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1784.296972][T26526] RSP: 002b:00000000f54bd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1784.296994][T26526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080045519 [ 1784.297009][T26526] RDX: 0000000080001680 RSI: 0000000000000000 RDI: 0000000000000000 [ 1784.297026][T26526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1784.297038][T26526] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1784.297051][T26526] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1784.297080][T26526] [ 1784.297157][T26526] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1784.681416][T17507] usb 6-1: new high-speed USB device number 112 using dummy_hcd [ 1784.770845][T26536] vivid-006: disconnect [ 1784.777077][T26535] vivid-006: reconnect [ 1784.851079][T17507] usb 6-1: Using ep0 maxpacket: 16 [ 1784.864770][T17507] usb 6-1: config 1 has an invalid descriptor of length 213, skipping remainder of the config [ 1784.876315][T17507] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1784.897615][T17507] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1784.916875][T26543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5479'. [ 1784.934603][T17507] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1784.950846][T17507] usb 6-1: Product: syz [ 1784.959586][T17507] usb 6-1: Manufacturer: syz [ 1784.972744][T17507] usb 6-1: SerialNumber: syz [ 1785.428323][T17507] usb 6-1: 0:2 : does not exist [ 1785.650126][ T30] kauditd_printk_skb: 474 callbacks suppressed [ 1785.650146][ T30] audit: type=1326 audit(1775782988.009:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1785.710878][T17507] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 1786.037295][ T30] audit: type=1326 audit(1775782988.009:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1786.651332][ T30] audit: type=1326 audit(1775782988.009:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=171 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1786.681602][T17507] usb 6-1: USB disconnect, device number 112 [ 1786.734543][ T30] audit: type=1326 audit(1775782988.009:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1786.788500][ T30] audit: type=1326 audit(1775782988.009:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1786.872546][ T30] audit: type=1326 audit(1775782988.009:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1787.020903][ T30] audit: type=1326 audit(1775782988.009:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1787.089569][ T30] audit: type=1326 audit(1775782988.049:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26524 comm="syz.5.5476" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1787.806552][T26583] FAULT_INJECTION: forcing a failure. [ 1787.806552][T26583] name failslab, interval 1, probability 0, space 0, times 0 [ 1787.831354][T26583] CPU: 1 UID: 0 PID: 26583 Comm: syz.3.5494 Tainted: G L syzkaller #0 PREEMPT(full) [ 1787.831389][T26583] Tainted: [L]=SOFTLOCKUP [ 1787.831398][T26583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1787.831411][T26583] Call Trace: [ 1787.831420][T26583] [ 1787.831429][T26583] dump_stack_lvl+0xe8/0x150 [ 1787.831464][T26583] should_fail_ex+0x412/0x560 [ 1787.831502][T26583] should_failslab+0xa8/0x100 [ 1787.831529][T26583] ? security_inode_alloc+0x39/0x310 [ 1787.831557][T26583] kmem_cache_alloc_noprof+0x87/0x650 [ 1787.831587][T26583] security_inode_alloc+0x39/0x310 [ 1787.831610][T26583] inode_init_always_gfp+0x9ed/0xdc0 [ 1787.831646][T26583] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1787.831669][T26583] alloc_inode+0x82/0x1b0 [ 1787.831698][T26583] new_inode+0x22/0x170 [ 1787.831732][T26583] __debugfs_create_file+0xb8/0x400 [ 1787.831758][T26583] debugfs_create_file_full+0x3f/0x60 [ 1787.831786][T26583] ref_tracker_dir_debugfs+0x197/0x360 [ 1787.831808][T26583] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1787.831856][T26583] ? __kvmalloc_node_noprof+0x545/0x8a0 [ 1787.831881][T26583] ? alloc_netdev_mqs+0xa6/0x11b0 [ 1787.831915][T26583] ? __raw_spin_lock_init+0x45/0x100 [ 1787.831932][T26583] alloc_netdev_mqs+0x272/0x11b0 [ 1787.831952][T26583] ? __pfx_ipip_tunnel_setup+0x10/0x10 [ 1787.831977][T26583] rtnl_create_link+0x31f/0xd70 [ 1787.832003][T26583] rtnl_newlink_create+0x277/0xb70 [ 1787.832022][T26583] ? __pfx___nla_validate_parse+0x10/0x10 [ 1787.832045][T26583] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1787.832066][T26583] ? __pfx___mutex_lock+0x10/0x10 [ 1787.832093][T26583] ? ns_capable+0x89/0xe0 [ 1787.832114][T26583] rtnl_newlink+0x1666/0x1be0 [ 1787.832141][T26583] ? __pfx_rtnl_newlink+0x10/0x10 [ 1787.832155][T26583] ? do_fast_syscall_32+0x33/0x70 [ 1787.832175][T26583] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1787.832217][T26583] ? kasan_quarantine_put+0xbb/0x1f0 [ 1787.832233][T26583] ? lockdep_hardirqs_on+0x7a/0x110 [ 1787.832255][T26583] ? kmem_cache_free+0x187/0x630 [ 1787.832271][T26583] ? nlmon_xmit+0xb0/0x100 [ 1787.832297][T26583] ? __lock_acquire+0x6b5/0x2cf0 [ 1787.832321][T26583] ? __local_bh_enable_ip+0xd0/0x130 [ 1787.832340][T26583] ? lockdep_hardirqs_on+0x7a/0x110 [ 1787.832358][T26583] ? __dev_queue_xmit+0x277/0x3890 [ 1787.832377][T26583] ? __local_bh_enable_ip+0xd0/0x130 [ 1787.832394][T26583] ? __dev_queue_xmit+0x277/0x3890 [ 1787.832430][T26583] ? __pfx_rtnl_newlink+0x10/0x10 [ 1787.832445][T26583] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1787.832463][T26583] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1787.832478][T26583] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1787.832492][T26583] ? ref_tracker_free+0x693/0x840 [ 1787.832505][T26583] ? __copy_skb_header+0xa3/0x4a0 [ 1787.832525][T26583] ? __pfx_ref_tracker_free+0x10/0x10 [ 1787.832538][T26583] ? __skb_clone+0x63/0x7a0 [ 1787.832567][T26583] netlink_rcv_skb+0x232/0x4b0 [ 1787.832584][T26583] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1787.832601][T26583] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1787.832624][T26583] ? netlink_deliver_tap+0x2e/0x1b0 [ 1787.832645][T26583] netlink_unicast+0x80f/0x9b0 [ 1787.832691][T26583] ? __pfx_netlink_unicast+0x10/0x10 [ 1787.832716][T26583] ? netlink_sendmsg+0x650/0xb40 [ 1787.832731][T26583] ? skb_put+0x11b/0x210 [ 1787.832752][T26583] netlink_sendmsg+0x813/0xb40 [ 1787.832775][T26583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1787.832794][T26583] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1787.832820][T26583] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1787.832840][T26583] ____sys_sendmsg+0x972/0x9f0 [ 1787.832867][T26583] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1787.832891][T26583] ? kstrtoull+0x12f/0x1d0 [ 1787.832920][T26583] ___sys_sendmsg+0x2a5/0x360 [ 1787.832944][T26583] ? __pfx____sys_sendmsg+0x10/0x10 [ 1787.832966][T26583] ? get_pid_task+0x20/0x1f0 [ 1787.832980][T26583] ? get_pid_task+0x20/0x1f0 [ 1787.832993][T26583] ? get_pid_task+0x20/0x1f0 [ 1787.833027][T26583] ? __fget_files+0x2a/0x420 [ 1787.833040][T26583] ? __fget_files+0x3a0/0x420 [ 1787.833061][T26583] __sys_sendmsg+0x183/0x260 [ 1787.833083][T26583] ? __pfx___sys_sendmsg+0x10/0x10 [ 1787.833119][T26583] __do_fast_syscall_32+0x20d/0x640 [ 1787.833142][T26583] ? do_fast_syscall_32+0x33/0x70 [ 1787.833163][T26583] ? asm_int80_emulation+0x1a/0x20 [ 1787.833177][T26583] ? do_int80_emulation+0x274/0x4d0 [ 1787.833198][T26583] ? trace_irq_disable+0x3b/0x150 [ 1787.833215][T26583] do_fast_syscall_32+0x33/0x70 [ 1787.833237][T26583] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1787.833271][T26583] RIP: 0023:0xf7fe6f6c [ 1787.833305][T26583] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1787.833319][T26583] RSP: 002b:00000000f54a650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1787.833337][T26583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 1787.833348][T26583] RDX: 00000000040008c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1787.833358][T26583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1787.833368][T26583] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1787.833377][T26583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1787.833400][T26583] [ 1787.833429][T26583] debugfs: out of free dentries, can not create file 'netdev@ffff888077562620' [ 1788.481500][ T797] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1788.654007][ T797] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1788.668565][ T797] usb 5-1: config 0 has no interface number 0 [ 1788.701503][ T797] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1788.732775][ T797] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1788.740829][ T797] usb 5-1: Product: syz [ 1788.761176][ T797] usb 5-1: Manufacturer: syz [ 1788.765845][ T797] usb 5-1: SerialNumber: syz [ 1788.783607][ T797] usb 5-1: config 0 descriptor?? [ 1788.825057][T26598] FAULT_INJECTION: forcing a failure. [ 1788.825057][T26598] name failslab, interval 1, probability 0, space 0, times 0 [ 1788.841733][T26598] CPU: 1 UID: 0 PID: 26598 Comm: syz.5.5499 Tainted: G L syzkaller #0 PREEMPT(full) [ 1788.841768][T26598] Tainted: [L]=SOFTLOCKUP [ 1788.841778][T26598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1788.841792][T26598] Call Trace: [ 1788.841801][T26598] [ 1788.841810][T26598] dump_stack_lvl+0xe8/0x150 [ 1788.841848][T26598] should_fail_ex+0x412/0x560 [ 1788.841888][T26598] should_failslab+0xa8/0x100 [ 1788.841921][T26598] __kmalloc_cache_noprof+0x88/0x660 [ 1788.841948][T26598] ? nfnetlink_rcv+0xfe1/0x27b0 [ 1788.841988][T26598] nfnetlink_rcv+0xfe1/0x27b0 [ 1788.842058][T26598] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1788.842124][T26598] ? ref_tracker_free+0x693/0x840 [ 1788.842174][T26598] ? __netlink_deliver_tap+0x807/0x850 [ 1788.842198][T26598] ? netlink_deliver_tap+0x2e/0x1b0 [ 1788.842248][T26598] netlink_unicast+0x80f/0x9b0 [ 1788.842290][T26598] ? __pfx_netlink_unicast+0x10/0x10 [ 1788.842325][T26598] ? netlink_sendmsg+0x650/0xb40 [ 1788.842347][T26598] ? skb_put+0x11b/0x210 [ 1788.842378][T26598] netlink_sendmsg+0x813/0xb40 [ 1788.842411][T26598] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1788.842440][T26598] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1788.842477][T26598] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1788.842506][T26598] ____sys_sendmsg+0x972/0x9f0 [ 1788.842545][T26598] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1788.842579][T26598] ? kstrtoull+0x12f/0x1d0 [ 1788.842620][T26598] ___sys_sendmsg+0x2a5/0x360 [ 1788.842655][T26598] ? __pfx____sys_sendmsg+0x10/0x10 [ 1788.842687][T26598] ? get_pid_task+0x20/0x1f0 [ 1788.842708][T26598] ? get_pid_task+0x20/0x1f0 [ 1788.842727][T26598] ? get_pid_task+0x20/0x1f0 [ 1788.842775][T26598] ? __fget_files+0x2a/0x420 [ 1788.842795][T26598] ? __fget_files+0x3a0/0x420 [ 1788.842824][T26598] __sys_sendmsg+0x183/0x260 [ 1788.842855][T26598] ? __pfx___sys_sendmsg+0x10/0x10 [ 1788.842906][T26598] __do_fast_syscall_32+0x20d/0x640 [ 1788.842938][T26598] ? do_fast_syscall_32+0x33/0x70 [ 1788.842967][T26598] ? asm_int80_emulation+0x1a/0x20 [ 1788.842988][T26598] ? do_int80_emulation+0x274/0x4d0 [ 1788.843017][T26598] ? trace_irq_disable+0x3b/0x150 [ 1788.843040][T26598] do_fast_syscall_32+0x33/0x70 [ 1788.843071][T26598] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1788.843097][T26598] RIP: 0023:0xf6feef6c [ 1788.843116][T26598] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1788.843134][T26598] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1788.843156][T26598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40 [ 1788.843171][T26598] RDX: 0000000024000840 RSI: 0000000000000000 RDI: 0000000000000000 [ 1788.843185][T26598] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1788.843197][T26598] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1788.843218][T26598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1788.843248][T26598] [ 1789.517999][ T797] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1789.529832][ T797] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1789.540533][ T797] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1789.548759][ T797] usb 5-1: media controller created [ 1789.594646][ T797] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1789.656639][T26613] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5507'. [ 1789.883104][T11765] usb 5-1: USB disconnect, device number 66 [ 1791.407593][T26633] sctp: [Deprecated]: syz.4.5511 (pid 26633) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1791.407593][T26633] Use struct sctp_sack_info instead [ 1791.897872][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.904384][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.971329][T26650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5515'. [ 1792.265590][T26658] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5520'. [ 1792.285140][T26658] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5520'. [ 1792.351125][ T174] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1792.360867][ T174] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1792.411544][ T174] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1792.420437][T26658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5520'. [ 1792.429510][ T174] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1792.781495][T26022] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1792.961372][T26022] usb 4-1: Using ep0 maxpacket: 16 [ 1793.191218][T26022] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1793.271547][T26022] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 1793.297175][T26022] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 254 [ 1793.356170][T26022] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1793.371091][T26022] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1793.409118][T26022] usb 4-1: SerialNumber: syz [ 1793.476164][T26022] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 1793.499114][T26022] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 1793.770958][T26022] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 1793.801500][T26680] binder: 26677:26680 ioctl c0306201 80000180 returned -14 [ 1794.609151][T26701] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1795.733611][T26717] sit0: entered allmulticast mode [ 1796.051520][T26022] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1796.267880][T11765] usb 4-1: USB disconnect, device number 28 [ 1796.690820][T26022] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 1796.711083][T26022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1796.734674][T26022] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1796.749684][T26022] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1796.758896][T26022] usb 5-1: Manufacturer: syz [ 1796.768549][T26022] usb 5-1: config 0 descriptor?? [ 1796.864273][T26022] rc_core: IR keymap rc-hauppauge not found [ 1796.870404][T26022] Registered IR keymap rc-empty [ 1796.886812][T26022] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1797.073360][ T1375] bridge_slave_1: left allmulticast mode [ 1797.090913][ T1375] bridge_slave_1: left promiscuous mode [ 1797.116978][ T1375] bridge0: port 2(bridge_slave_1) entered disabled state [ 1797.166680][ T1375] bridge_slave_0: left allmulticast mode [ 1797.267358][ T1375] bridge_slave_0: left promiscuous mode [ 1797.277522][T26022] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input290 [ 1797.303607][ T1375] bridge0: port 1(bridge_slave_0) entered disabled state [ 1797.687190][T26738] input: syz0 as /devices/virtual/input/input291 [ 1797.970812][T26717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1798.013317][T26717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1798.050806][T26717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5536'. [ 1798.181973][T26753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1798.204587][T26753] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1798.342959][ T1375] ip6gretap0 (unregistering): left promiscuous mode [ 1798.766172][ T1375] team0: Port device bridge1 removed [ 1798.854781][ T1375] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1798.867584][ T1375] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1798.884872][ T1375] bond0 (unregistering): Released all slaves [ 1798.935007][T26757] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1798.953017][T26022] usb 6-1: new full-speed USB device number 113 using dummy_hcd [ 1798.979616][ T797] usb 5-1: USB disconnect, device number 67 [ 1799.145583][T26763] [U] bmtk}UH\؉Hn;} [ 1799.163083][T26022] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1799.176428][T26716] sit0: left allmulticast mode [ 1799.191161][T26022] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1799.220862][T26022] usb 6-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1799.263618][T26022] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1799.284045][T26022] usb 6-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 1799.319763][T26022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1799.356718][T26022] usb 6-1: config 0 descriptor?? [ 1799.400877][ T1375] hsr_slave_0: left promiscuous mode [ 1799.409398][ T1375] hsr_slave_1: left promiscuous mode [ 1799.416321][ T1375] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1799.430427][ T1375] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1799.452290][ T1375] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1799.460423][ T1375] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1799.525323][ T1375] veth1_macvtap: left promiscuous mode [ 1799.531807][ T1375] veth0_macvtap: left promiscuous mode [ 1799.805643][T26022] sony 0003:054C:0374.0069: unknown main item tag 0x3 [ 1799.837259][T26022] sony 0003:054C:0374.0069: global environment stack underflow [ 1799.856411][T26022] sony 0003:054C:0374.0069: item 0 4 1 11 parsing failed [ 1799.875297][T26022] sony 0003:054C:0374.0069: parse failed [ 1799.893307][T26022] sony 0003:054C:0374.0069: probe with driver sony failed with error -22 [ 1800.015059][T26022] usb 6-1: USB disconnect, device number 113 [ 1800.171903][ T1375] team0 (unregistering): Port device team_slave_1 removed [ 1800.219874][ T1375] team0 (unregistering): Port device team_slave_0 removed [ 1801.273680][ T1375] IPVS: stop unused estimator thread 0... [ 1802.505004][ T30] audit: type=1800 audit(1775783004.869:1929): pid=26802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5563" name="bus" dev="ramfs" ino=124150 res=0 errno=0 [ 1802.531306][T11438] usb 6-1: new high-speed USB device number 114 using dummy_hcd [ 1802.699389][T11438] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1802.723394][T11438] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1802.750631][T11438] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1802.769688][T11438] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1802.793430][T11438] usb 6-1: Product: syz [ 1802.805124][T11438] usb 6-1: Manufacturer: syz [ 1802.820020][T11438] usb 6-1: SerialNumber: syz [ 1802.831711][T11438] usb 6-1: config 0 descriptor?? [ 1803.077594][T26022] usb 6-1: USB disconnect, device number 114 [ 1804.098760][T26849] ------------[ cut here ]------------ [ 1804.104628][T26849] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 1804.117456][T26849] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#1: syz.5.5578/26849 [ 1804.127920][T26849] Modules linked in: [ 1804.132853][T26849] CPU: 1 UID: 0 PID: 26849 Comm: syz.5.5578 Tainted: G L syzkaller #0 PREEMPT(full) [ 1804.144333][T26849] Tainted: [L]=SOFTLOCKUP [ 1804.148702][T26849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1804.159318][T26849] RIP: 0010:u32_change+0x1daf/0x2720 [ 1804.165188][T26849] Code: 3d a6 c8 42 06 01 75 33 e8 5e ce 0c f8 eb 50 e8 57 ce 0c f8 48 8d 3d 00 fd 67 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 aa e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 32 ce 0c f8 eb 24 e8 2b ce 0c f8 [ 1804.185194][T26849] RSP: 0018:ffffc90005646f80 EFLAGS: 00010283 [ 1804.191617][T26849] RAX: ffffffff89b8f199 RBX: ffff888058232800 RCX: 0000000000000010 [ 1804.199657][T26849] RDX: ffffffff8ce1aac0 RSI: 0000000000000020 RDI: ffffffff9020eea0 [ 1804.208072][T26849] RBP: ffffc90005647138 R08: 0000000000000dc0 R09: 00000000ffffffff [ 1804.217727][T26849] R10: dffffc0000000000 R11: fffffbfff2023b17 R12: ffff8880582320e8 [ 1804.226175][T26849] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001 [ 1804.234343][T26849] FS: 0000000000000000(0000) GS:ffff888125554000(0063) knlGS:00000000f53ddb40 [ 1804.243372][T26849] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1804.250225][T26849] CR2: 0000000000000000 CR3: 0000000036448000 CR4: 00000000003526f0 [ 1804.258566][T26849] Call Trace: [ 1804.261948][T26849] [ 1804.264927][T26849] ? __pfx_u32_change+0x10/0x10 [ 1804.269864][T26849] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1804.275693][T26849] tc_new_tfilter+0xff8/0x1780 [ 1804.280569][T26849] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1804.285920][T26849] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1804.291251][T26849] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1804.296266][T26849] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1804.301489][T26849] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1804.307027][T26849] ? ref_tracker_free+0x693/0x840 [ 1804.312166][T26849] ? __copy_skb_header+0xa3/0x4a0 [ 1804.317249][T26849] ? __pfx_ref_tracker_free+0x10/0x10 [ 1804.322751][T26849] ? __skb_clone+0x63/0x7a0 [ 1804.327501][T26849] netlink_rcv_skb+0x232/0x4b0 [ 1804.332576][T26849] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1804.338119][T26849] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1804.343519][T26849] ? netlink_deliver_tap+0x2e/0x1b0 [ 1804.349104][T26849] netlink_unicast+0x80f/0x9b0 [ 1804.354233][T26849] ? __pfx_netlink_unicast+0x10/0x10 [ 1804.359595][T26849] ? netlink_sendmsg+0x650/0xb40 [ 1804.364624][T26849] ? skb_put+0x11b/0x210 [ 1804.368917][T26849] netlink_sendmsg+0x813/0xb40 [ 1804.373856][T26849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1804.379197][T26849] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1804.384285][T26849] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1804.389650][T26849] ____sys_sendmsg+0x972/0x9f0 [ 1804.394571][T26849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1804.399923][T26849] ? futex_unqueue+0x22/0x240 [ 1804.404740][T26849] ___sys_sendmsg+0x2a5/0x360 [ 1804.409477][T26849] ? __pfx____sys_sendmsg+0x10/0x10 [ 1804.414796][T26849] ? __pfx___futex_wait+0x10/0x10 [ 1804.419925][T26849] ? __fget_files+0x2a/0x420 [ 1804.424638][T26849] ? __fget_files+0x3a0/0x420 [ 1804.429364][T26849] __sys_sendmmsg+0x2e7/0x4e0 [ 1804.434179][T26849] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1804.439499][T26849] ? __pfx_do_futex+0x10/0x10 [ 1804.444297][T26849] ? fd_install+0x94/0x3d0 [ 1804.448796][T26849] ? __pfx___se_sys_futex_time32+0x10/0x10 [ 1804.455175][T26849] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1804.460779][T26849] __do_fast_syscall_32+0x20d/0x640 [ 1804.466983][T26849] ? do_fast_syscall_32+0x33/0x70 [ 1804.472145][T26849] ? asm_int80_emulation+0x1a/0x20 [ 1804.477315][T26849] ? do_int80_emulation+0x274/0x4d0 [ 1804.482624][T26849] ? trace_irq_disable+0x3b/0x150 [ 1804.487711][T26849] do_fast_syscall_32+0x33/0x70 [ 1804.492696][T26849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1804.499081][T26849] RIP: 0023:0xf6feef6c [ 1804.503284][T26849] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1804.523061][T26849] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1804.531619][T26849] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000 [ 1804.539669][T26849] RDX: 00000000000001f2 RSI: 0000000000000000 RDI: 0000000000000000 [ 1804.547762][T26849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1804.556085][T26849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1804.564359][T26849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1804.572461][T26849] [ 1804.575567][T26849] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1804.582890][T26849] CPU: 1 UID: 0 PID: 26849 Comm: syz.5.5578 Tainted: G L syzkaller #0 PREEMPT(full) [ 1804.593881][T26849] Tainted: [L]=SOFTLOCKUP [ 1804.598247][T26849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1804.608385][T26849] Call Trace: [ 1804.611740][T26849] [ 1804.614723][T26849] vpanic+0x56c/0xa60 [ 1804.618770][T26849] ? __pfx__printk+0x10/0x10 [ 1804.623407][T26849] ? __pfx_vpanic+0x10/0x10 [ 1804.627974][T26849] ? is_bpf_text_address+0x292/0x2b0 [ 1804.633332][T26849] ? is_bpf_text_address+0x26/0x2b0 [ 1804.638580][T26849] panic+0xc5/0xd0 [ 1804.642351][T26849] ? __pfx_panic+0x10/0x10 [ 1804.646838][T26849] __warn+0x315/0x4f0 [ 1804.650872][T26849] ? u32_change+0x1da0/0x2720 [ 1804.655601][T26849] ? u32_change+0x1da0/0x2720 [ 1804.660350][T26849] __report_bug+0x29a/0x540 [ 1804.664893][T26849] ? ___sys_sendmsg+0x2a5/0x360 [ 1804.669789][T26849] ? __sys_sendmmsg+0x2e7/0x4e0 [ 1804.674683][T26849] ? __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1804.680545][T26849] ? u32_change+0x1da0/0x2720 [ 1804.685275][T26849] ? __pfx___report_bug+0x10/0x10 [ 1804.690367][T26849] report_bug_entry+0x19a/0x290 [ 1804.695262][T26849] ? u32_change+0x1daf/0x2720 [ 1804.699978][T26849] ? u32_change+0x1db4/0x2720 [ 1804.704732][T26849] handle_bug+0xce/0x200 [ 1804.709038][T26849] exc_invalid_op+0x1a/0x50 [ 1804.713598][T26849] asm_exc_invalid_op+0x1a/0x20 [ 1804.718478][T26849] RIP: 0010:u32_change+0x1daf/0x2720 [ 1804.723802][T26849] Code: 3d a6 c8 42 06 01 75 33 e8 5e ce 0c f8 eb 50 e8 57 ce 0c f8 48 8d 3d 00 fd 67 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 c0 aa e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 32 ce 0c f8 eb 24 e8 2b ce 0c f8 [ 1804.743457][T26849] RSP: 0018:ffffc90005646f80 EFLAGS: 00010283 [ 1804.749575][T26849] RAX: ffffffff89b8f199 RBX: ffff888058232800 RCX: 0000000000000010 [ 1804.757584][T26849] RDX: ffffffff8ce1aac0 RSI: 0000000000000020 RDI: ffffffff9020eea0 [ 1804.765584][T26849] RBP: ffffc90005647138 R08: 0000000000000dc0 R09: 00000000ffffffff [ 1804.773604][T26849] R10: dffffc0000000000 R11: fffffbfff2023b17 R12: ffff8880582320e8 [ 1804.781610][T26849] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001 [ 1804.789620][T26849] ? u32_change+0x1d99/0x2720 [ 1804.794343][T26849] ? __pfx_u32_change+0x10/0x10 [ 1804.799223][T26849] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1804.804918][T26849] tc_new_tfilter+0xff8/0x1780 [ 1804.809776][T26849] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1804.815060][T26849] ? __pfx_tc_new_tfilter+0x10/0x10 [ 1804.820275][T26849] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1804.825237][T26849] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1804.830399][T26849] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1804.835900][T26849] ? ref_tracker_free+0x693/0x840 [ 1804.840954][T26849] ? __copy_skb_header+0xa3/0x4a0 [ 1804.846033][T26849] ? __pfx_ref_tracker_free+0x10/0x10 [ 1804.851442][T26849] ? __skb_clone+0x63/0x7a0 [ 1804.855991][T26849] netlink_rcv_skb+0x232/0x4b0 [ 1804.860803][T26849] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1804.866305][T26849] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1804.871668][T26849] ? netlink_deliver_tap+0x2e/0x1b0 [ 1804.876896][T26849] netlink_unicast+0x80f/0x9b0 [ 1804.881705][T26849] ? __pfx_netlink_unicast+0x10/0x10 [ 1804.887022][T26849] ? netlink_sendmsg+0x650/0xb40 [ 1804.892001][T26849] ? skb_put+0x11b/0x210 [ 1804.896280][T26849] netlink_sendmsg+0x813/0xb40 [ 1804.901190][T26849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1804.906505][T26849] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1804.911484][T26849] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1804.916801][T26849] ____sys_sendmsg+0x972/0x9f0 [ 1804.921629][T26849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1804.926962][T26849] ? futex_unqueue+0x22/0x240 [ 1804.931668][T26849] ___sys_sendmsg+0x2a5/0x360 [ 1804.936381][T26849] ? __pfx____sys_sendmsg+0x10/0x10 [ 1804.941696][T26849] ? __pfx___futex_wait+0x10/0x10 [ 1804.946812][T26849] ? __fget_files+0x2a/0x420 [ 1804.951448][T26849] ? __fget_files+0x3a0/0x420 [ 1804.956185][T26849] __sys_sendmmsg+0x2e7/0x4e0 [ 1804.960919][T26849] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1804.966172][T26849] ? __pfx_do_futex+0x10/0x10 [ 1804.970897][T26849] ? fd_install+0x94/0x3d0 [ 1804.975379][T26849] ? __pfx___se_sys_futex_time32+0x10/0x10 [ 1804.981219][T26849] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1804.986798][T26849] __do_fast_syscall_32+0x20d/0x640 [ 1804.992043][T26849] ? do_fast_syscall_32+0x33/0x70 [ 1804.997131][T26849] ? asm_int80_emulation+0x1a/0x20 [ 1805.002274][T26849] ? do_int80_emulation+0x274/0x4d0 [ 1805.007501][T26849] ? trace_irq_disable+0x3b/0x150 [ 1805.012550][T26849] do_fast_syscall_32+0x33/0x70 [ 1805.017437][T26849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1805.023788][T26849] RIP: 0023:0xf6feef6c [ 1805.027873][T26849] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 1805.047520][T26849] RSP: 002b:00000000f53dd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1805.055977][T26849] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000 [ 1805.063986][T26849] RDX: 00000000000001f2 RSI: 0000000000000000 RDI: 0000000000000000 [ 1805.071987][T26849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1805.079989][T26849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1805.087977][T26849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1805.095981][T26849] [ 1805.099598][T26849] Kernel Offset: disabled [ 1805.103944][T26849] Rebooting in 86400 seconds..