last executing test programs: 2m58.522625012s ago: executing program 2 (id=1202): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="4b448756ca", 0x5}], 0x1}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 2m58.336347046s ago: executing program 2 (id=1205): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) unshare(0x22020600) openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x1}, 0x50) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x48212b8952c3aff5, 0x70bd25, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40014}, 0x700) syz_open_dev$vim2m(&(0x7f0000000180), 0x10000, 0x2) open(&(0x7f0000000000)='./file0\x00', 0x2000, 0x74) 2m57.734232484s ago: executing program 2 (id=1207): openat$ppp(0xffffffffffffff9c, 0x0, 0xc8902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) recvmmsg(0xffffffffffffffff, &(0x7f0000002100)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1}, 0x265c}], 0x2, 0xcb, 0x0) close(0x3) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r4, &(0x7f0000000080)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @loopback, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000500)={0x0, @in6={{0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @local}, 0x3}}}, 0x84) 2m57.174175882s ago: executing program 2 (id=1211): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000040)={0x12}) (fail_nth: 1) 2m53.374658394s ago: executing program 2 (id=1217): r0 = socket$kcm(0xa, 0x3, 0x73) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x3c, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e02721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0xb}}, @ip_tos_u8={{0x14, 0x29, 0x3e}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @remote}}}], 0x50}, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000001140)=0x10000) 2m53.02664124s ago: executing program 2 (id=1220): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x22, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 2m37.455382923s ago: executing program 32 (id=1220): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x22, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 2m37.446389996s ago: executing program 0 (id=1271): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) r3 = socket$pppoe(0x18, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r0) r5 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f00000000c0)={0x2000001f}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000002c0)={0xa0000013}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000580)) 2m36.01189287s ago: executing program 0 (id=1276): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = epoll_create1(0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) r3 = fcntl$dupfd(r0, 0x0, r1) r4 = epoll_create1(0x0) r5 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000040)={r5}) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000000704", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000006d000000"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e810cf782db44fd5617ec403ce69b0d12", 0x19}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e3, &(0x7f0000000180)={r5, r7}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x20000001}) 2m35.549553745s ago: executing program 0 (id=1277): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x15, "3eccd80000a60100"}) 2m35.418523337s ago: executing program 0 (id=1278): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8808200, 0x0, 0x1b, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0) r5 = fsopen(&(0x7f0000000100)='esdfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) setgroups(0x0, 0x0) setregid(0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774bb879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4cee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be00", 0x2000, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="e002000000000000f9ffffffffffffff05000000000000000200000000000000030000000000000002000000000000000500000008000000060000000000", @ANYRES32, @ANYRES32, @ANYBLOB="010000000400000000000000020000000000000037050000000000002b"], 0x0, 0x0, 0x0}) setgroups(0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0xee00, 0x0, 0x0, 0x0]) r6 = fsmount(r0, 0x1, 0x16) r7 = openat$cgroup_pressure(r6, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r7, &(0x7f0000000300)={'full', 0x20, 0x17a, 0x20, 0x200100002}, 0x2f) 2m33.72479598s ago: executing program 0 (id=1279): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001b80)=ANY=[@ANYBLOB="12011001000000401c1b3e1b0000000000010902240001000080010904000082030002000921fd6f000122eb000905810310"], 0x0) r2 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f00000000c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1, 0xf4}, {0x0, 0x0, 0xffff}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x2}]}, 0x4, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000030701fbffffff00000000000500000d090001"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x9}]}}}, {0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r7, 0xffffffffffffffff, 0x0) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 2m27.14251477s ago: executing program 0 (id=1286): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = epoll_create1(0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) r3 = fcntl$dupfd(r0, 0x0, r1) r4 = epoll_create1(0x0) r5 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000040)={r5}) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000006d000000"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e810cf782db44fd5617ec403ce69b0d12", 0x19}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e3, &(0x7f0000000180)={r5, r7}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x20000001}) 2m11.39809476s ago: executing program 33 (id=1286): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = epoll_create1(0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) r3 = fcntl$dupfd(r0, 0x0, r1) r4 = epoll_create1(0x0) r5 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000040)={r5}) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000000000000850000006d000000"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e810cf782db44fd5617ec403ce69b0d12", 0x19}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e3, &(0x7f0000000180)={r5, r7}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x20000001}) 8.280637947s ago: executing program 5 (id=1588): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000600)={0x0, 0x0, 0x54}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x8, 0x1, 0x1, 0x0, 0x8, 0x5, 0x8, 0x72, 0x7, 0xba, '\x00', 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) eventfd2(0x4, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x25000, 0x0, 0xf000, 0x0, 0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xdddd8000, 0x18, 0x8, 0x0, 0x4, 0x81, 0x0, 0x80, 0xe, 0x4, 0x3}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfd, 0x1c, 0x1a, 0xa8}, {0x10000, 0xd000, 0x0, 0x4, 0x0, 0x8f, 0xfe, 0x0, 0x0, 0xfc, 0x86, 0x1a}, {0xeeee8000, 0x30000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x80, 0x0, 0x4}, {0xd000, 0xeeee8000, 0x3, 0x82, 0x0, 0x10, 0x4, 0xe}, {0x6000}, {0x1, 0xfffe}, 0x0, 0x0, 0x0, 0x10, 0x1, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) 6.987495785s ago: executing program 5 (id=1602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000000000/0x3000)=nil, 0x3000) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) 6.922115855s ago: executing program 4 (id=1603): ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r2, &(0x7f00000001c0)=0x4000000001, 0x56) 6.714158128s ago: executing program 4 (id=1605): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000003c0)={0x2, 0x0, [{0x283}, {0xc001001f, 0x0, 0x5}]}) 6.61457559s ago: executing program 5 (id=1606): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x2, 0x1000, 0xe, 0x13, 0x1, 0x8, 0x3, 0x8, 0x0, 0x46, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x5, 0x3}, {0x3000, 0x3000, 0x1a, 0xc, 0x7f, 0x6, 0x7, 0x7f, 0x9, 0x2, 0x3, 0x6}, {0x1, 0x8000000, 0x0, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0xe000, 0x8092000, 0x8, 0xbd, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0xc, 0x9, 0x0, 0xf, 0x10, 0x3, 0x4, 0x0, 0x80, 0x9}, {0xdddd0000, 0xffff, 0x10, 0x4, 0x3, 0x3, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x40019, 0x0, 0xd000, 0x0, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x0, 0x4000000000000009, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x60000000003, 0x1000000000, 0x0, 0x10, 0xb46, 0x0, 0x7fffffff, 0x40000004, 0xffff, 0xffff7ffffffffffd, 0x5, 0x4802, 0x8000000000000000, 0x0, 0x0, 0x7d8000000000000], 0x1, 0x202}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x100000000005, 0x20, 0x3, 0x2, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x8000000, 0x8, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x40305839, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x100000000000000, 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.457251945s ago: executing program 4 (id=1608): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0xc0189436, 0x0) 6.346442861s ago: executing program 5 (id=1610): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x82100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0xffffff}]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0xffffff}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.267044266s ago: executing program 6 (id=1611): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x62) 6.205313814s ago: executing program 6 (id=1612): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000002640)=@x86={0x7f, 0x0, 0xf, 0x0, 0x0, 0x0, 0x4, 0x3, 0xc0, 0x3c, 0x3, 0x8, 0x0, 0x4, 0xc1, 0x1, 0xd, 0x5, 0x8, '\x00', 0xc2, 0xcd}) 6.045508115s ago: executing program 4 (id=1614): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x82100, 0x0) close(0x4) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 5.79332645s ago: executing program 6 (id=1618): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00') r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x20000004, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r2, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, 0x0, 0x36) ioctl$NBD_DISCONNECT(r0, 0xab08) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b700000000000000611190000000340006000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x47}, 0x48) r3 = socket$inet6(0xa, 0x3, 0x1) openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) msgget(0x3, 0x710) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000080)={0x8, 0x9, {0x0}, {}, 0x8f, 0x9c1}) sched_setscheduler(r5, 0x1, &(0x7f0000000100)=0x5712) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x81, 0xcec832c3ea1ed504) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_ECN={0x8, 0x6, 0x1}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2008085}, 0xd1) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000040000100feffffffffdbdf25017c0000040042800c00018006000600800a000014000280100017800c0001"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0x800c000) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(0x0, 0x16) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000000)={0x0, 'syzkaller1\x00', {0x4}, 0x1209}) 5.792673979s ago: executing program 1 (id=1619): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sched_setaffinity(0x0, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) fsopen(0x0, 0x0) capset(0x0, &(0x7f0000000040)={0x200000, 0x200000}) r1 = fsmount(r0, 0x1, 0x16) r2 = openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000300)={'full', 0x20, 0x17a, 0x20, 0x200100002}, 0x2f) 5.642052986s ago: executing program 5 (id=1620): syz_emit_ethernet(0x46, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004900003800000000000690780a210104ac1414aa070f09904b30ad2bb75f7e1e5dec740000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\x00\x00\x00'], 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x8, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/3\x00') socket$key(0xf, 0x3, 0x2) syz_io_uring_setup(0x2d64, &(0x7f0000000100)={0x0, 0x100577, 0x2, 0x0, 0x42}, 0x0, 0x0) socket(0x2, 0x3, 0xff) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) socket$kcm(0x23, 0x2, 0x0) 4.729994782s ago: executing program 1 (id=1621): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0xb, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f00000002c0), &(0x7f0000048000), 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 4.511108626s ago: executing program 6 (id=1622): socket(0x15, 0x80005, 0x0) unshare(0x2c020400) socket$rds(0x15, 0x5, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="13010000bd460e10490d1070900c010203010902120001000000000904000000d2", @ANYRES8], 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000029c0), 0x400006d, 0x20000004) 3.814383983s ago: executing program 1 (id=1623): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000140)={0x3, 0x0, 0xfec00000, 0x1000, &(0x7f000055e000/0x1000)=nil}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=[@uexit={0x0, 0x18}, @nested_create_vm={0x12d, 0x18, 0x2}, @uexit={0x0, 0x18}, @wrmsr={0x65, 0x20, {0x9af, 0x1000}}, @cpuid={0x64, 0x18, {0x818d, 0x101}}, @enable_nested={0x12c, 0x18}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @nested_create_vm={0x12d, 0x18, 0x2}, @enable_nested={0x12c, 0x18}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x2, @save_area=0x621, 0x6b, 0x100000001, 0x5}}, @uexit={0x0, 0x18}, @enable_nested={0x12c, 0x18}, @enable_nested={0x12c, 0x18}, @wr_crn={0x67, 0x20, {0x4, 0x81}}, @set_irq_handler={0xc8, 0x20, {0xa1, 0x1}}, @wr_crn={0x67, 0x20, {0x4, 0x44c}}, @nested_vmlaunch={0x12f, 0x18, 0x2}, @enable_nested={0x12c, 0x18}], 0x1f0}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x9, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.746767122s ago: executing program 4 (id=1624): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8808200, 0x0, 0x1b, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0) 2.75356796s ago: executing program 3 (id=1625): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100}, 0x94) 1.439336378s ago: executing program 4 (id=1626): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x181041, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x5, r1, 0x0, &(0x7f000000d000/0x1000)=nil, 0x1000, 0x40000055}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, 0x0) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r1, 0x0, &(0x7f0000000440)="d9", 0x1, 0xe}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x70e}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x2, r1, 0x0, &(0x7f000000a000/0x2000)=nil, 0x2000, 0x4}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000000b40)="0e", 0x1, 0x9}) 1.337693101s ago: executing program 3 (id=1627): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000100000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff86b703000008000000b704000000000000850000000300000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0xc}, 0x94) 1.193985967s ago: executing program 3 (id=1628): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x181041, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x5, r1, 0x0, &(0x7f0000000a40), 0x0, 0x4}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000140)={0x28, 0x4, 0x0, r1, 0x8, 0x2, 0x6874}) 1.144928489s ago: executing program 1 (id=1629): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x0, 0x0, 0x5e, 0x200000000000, 0x100000000000006}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000540)={{@local, 0x2}, 0x600, 0x9, 0xffffffff, 0x40}) 980.390678ms ago: executing program 3 (id=1630): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000240)='cpu.idle\x00', 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r2, &(0x7f0000000000), 0x0}, 0x20) 942.525037ms ago: executing program 1 (id=1631): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x7ff) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)=0x4}) 926.639499ms ago: executing program 5 (id=1632): timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) read$dsp(r2, &(0x7f00000000c0)=""/219, 0xdb) syz_usb_connect(0x1, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x201, 0x8a, 0x46, 0x3b, 0x8, 0x4fc, 0x231, 0x7b6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xac, 0x5, 0x10, 0x9, "", [{{0x9, 0x4, 0x58, 0x3, 0x0, 0xa4, 0x29, 0x39, 0x3}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 801.042276ms ago: executing program 6 (id=1633): socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() tkill(0x0, 0x12) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0xf, 0x20000000) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) msgrcv(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x2800) connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x38}, 0x1, 0x300}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x4924b68, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$IOMMU_IOAS_COPY$syz(r2, 0x3b83, &(0x7f0000000000)={0x28, 0x10000, 0x0, 0x0, 0x3ba897, 0x7fffffffffffffff, 0x8, 0x34aad6}) 718.529773ms ago: executing program 3 (id=1634): socket(0x10, 0x80002, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000080)={'gre0\x00', 0x0, 0x71f, 0x80, 0x0, 0x3, {{0x1f, 0x4, 0x0, 0x19, 0x7c, 0x64, 0x0, 0x8, 0x2f, 0x0, @local, @local, {[@generic={0x94, 0x7, "4ee9142ae8"}, @timestamp_prespec={0x44, 0x2c, 0x83, 0x3, 0x0, [{@remote, 0x10001}, {@broadcast, 0xfd}, {@local, 0x7fff}, {@multicast1, 0x8000}, {@loopback, 0x2}]}, @timestamp_addr={0x44, 0x34, 0x39, 0x1, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x400}, {@local}, {@loopback, 0xffd}, {@multicast1, 0x39648916}, {@empty, 0x9}, {@loopback, 0x8}]}]}}}}}) 186.906511ms ago: executing program 6 (id=1635): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x44, 0x10, 0x439, 0x70bd2b, 0x4000, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_PMTUDISC={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_netfilter(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000018c0)={0x14, 0x11, 0xa, 0x201, 0x70bd2a, 0x25dfdbfe, {0xa, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000009}, 0x0) 186.621582ms ago: executing program 3 (id=1636): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000040)=0xc8, 0x4) 0s ago: executing program 1 (id=1637): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8808200, 0x0, 0x1b, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0) kernel console output (not intermixed with test programs): x83 has an invalid bInterval 0, changing to 7 [ 436.696766][ T5803] usb 4-1: USB disconnect, device number 35 [ 436.703737][ T5951] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 436.703771][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.703794][ T5951] usb 2-1: Product: syz [ 436.703809][ T5951] usb 2-1: Manufacturer: syz [ 436.703825][ T5951] usb 2-1: SerialNumber: syz [ 436.731246][ T5951] usb 2-1: config 0 descriptor?? [ 436.776943][ T5951] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 436.776984][ T5951] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 437.392409][ T5951] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 437.412136][ T5951] em28xx 2-1:0.0: Config register raw data: 0xa1 [ 437.412163][ T5951] em28xx 2-1:0.0: I2S Audio (1 sample rate(s)) [ 437.412180][ T5951] em28xx 2-1:0.0: No AC97 audio processor [ 437.823674][ T5886] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 437.842142][ T5951] usb 2-1: USB disconnect, device number 36 [ 437.983778][ T5886] usb 3-1: Using ep0 maxpacket: 16 [ 437.995078][ T5886] usb 3-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 437.995110][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.995130][ T5886] usb 3-1: Product: syz [ 437.995143][ T5886] usb 3-1: Manufacturer: syz [ 437.995157][ T5886] usb 3-1: SerialNumber: syz [ 438.008872][ T5886] usb 3-1: config 0 descriptor?? [ 438.012607][ T5886] ums-onetouch 3-1:0.0: USB Mass Storage device detected [ 438.077384][ T9485] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 438.421753][ T5951] libceph: connect (1)[c::]:6789 error -101 [ 438.432937][ T5951] libceph: mon0 (1)[c::]:6789 connect error [ 438.550884][ T5951] libceph: connect (1)[c::]:6789 error -101 [ 438.551110][ T5951] libceph: mon0 (1)[c::]:6789 connect error [ 438.558822][ T9479] ceph: No mds server is up or the cluster is laggy [ 438.806750][ T5951] libceph: connect (1)[c::]:6789 error -101 [ 438.806970][ T5951] libceph: mon0 (1)[c::]:6789 connect error [ 438.904012][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1080'. [ 439.142260][ T5886] usb 3-1: USB disconnect, device number 28 [ 439.403939][ T6742] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 439.553708][ T6742] usb 4-1: Using ep0 maxpacket: 8 [ 439.555615][ T6742] usb 4-1: config 2 has an invalid interface number: 73 but max is 0 [ 439.555634][ T6742] usb 4-1: config 2 has no interface number 0 [ 439.555654][ T6742] usb 4-1: config 2 interface 73 has no altsetting 0 [ 439.557807][ T6742] usb 4-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice=c6.a5 [ 439.557826][ T6742] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.557839][ T6742] usb 4-1: Product: syz [ 439.557847][ T6742] usb 4-1: Manufacturer: syz [ 439.557856][ T6742] usb 4-1: SerialNumber: syz [ 440.405899][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.405947][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.912843][ T6742] usb 4-1: USB disconnect, device number 36 [ 442.414854][ T9528] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 442.974419][ T9530] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 443.206748][ T36] kauditd_printk_skb: 53 callbacks suppressed [ 443.206771][ T36] audit: type=1326 audit(1774163315.224:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.206823][ T36] audit: type=1326 audit(1774163315.224:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250517][ T36] audit: type=1326 audit(1774163315.254:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250578][ T36] audit: type=1326 audit(1774163315.254:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250622][ T36] audit: type=1326 audit(1774163315.254:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250664][ T36] audit: type=1326 audit(1774163315.254:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250705][ T36] audit: type=1326 audit(1774163315.254:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 443.250747][ T36] audit: type=1326 audit(1774163315.254:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9533 comm="syz.2.1090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f624c09c799 code=0x7ffc0000 [ 446.872963][ T9567] bond0: (slave bond_slave_1): Releasing backup interface [ 447.285848][ T9577] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 447.609603][ T36] audit: type=1326 audit(1774163319.574:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9578 comm="syz.0.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 447.609928][ T36] audit: type=1326 audit(1774163319.574:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9578 comm="syz.0.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 448.880888][ T9586] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 449.429113][ T36] kauditd_printk_skb: 7 callbacks suppressed [ 449.429136][ T36] audit: type=1326 audit(1774163321.444:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.429292][ T36] audit: type=1326 audit(1774163321.444:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.439835][ T36] audit: type=1326 audit(1774163321.454:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.440901][ T36] audit: type=1326 audit(1774163321.454:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.440953][ T36] audit: type=1326 audit(1774163321.454:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.476147][ T36] audit: type=1326 audit(1774163321.494:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.476208][ T36] audit: type=1326 audit(1774163321.494:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.476258][ T36] audit: type=1326 audit(1774163321.494:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.476305][ T36] audit: type=1326 audit(1774163321.494:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.1106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75005ac799 code=0x7ffc0000 [ 449.536858][ T9598] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 449.709617][ T5951] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 450.000161][ T5951] usb 5-1: Using ep0 maxpacket: 32 [ 450.021087][ T5951] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 450.021122][ T5951] usb 5-1: config 0 has no interface number 0 [ 450.038998][ T5951] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 450.039033][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.039054][ T5951] usb 5-1: Product: syz [ 450.039070][ T5951] usb 5-1: Manufacturer: syz [ 450.039086][ T5951] usb 5-1: SerialNumber: syz [ 450.046381][ T5951] usb 5-1: config 0 descriptor?? [ 451.151928][ T5951] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 451.195451][ T5951] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 451.362422][ T5951] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 451.583910][ T5965] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 451.652315][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 451.713857][ T5951] usb 5-1: USB disconnect, device number 24 [ 451.967058][ T5951] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 451.972370][ T9613] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 451.973657][ T5965] usb 1-1: Using ep0 maxpacket: 32 [ 451.981151][ T5965] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 451.981183][ T5965] usb 1-1: config 0 has no interface number 0 [ 451.984810][ T5965] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 451.984843][ T5965] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.984866][ T5965] usb 1-1: Product: syz [ 451.984882][ T5965] usb 1-1: Manufacturer: syz [ 451.984898][ T5965] usb 1-1: SerialNumber: syz [ 452.152615][ T5965] usb 1-1: config 0 descriptor?? [ 452.174180][ T5951] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 452.197219][ T5965] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 452.208605][ T5951] quatech2 5-1:0.51: device disconnected [ 452.407714][ T5965] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 452.504638][ T5965] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 452.976723][ T9629] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 452.985287][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 452.994577][ T5877] usb 1-1: USB disconnect, device number 42 [ 453.368506][ T5877] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 453.466222][ T5877] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 453.489445][ T5877] quatech2 1-1:0.51: device disconnected [ 453.671002][ T9633] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 453.751120][ T36] audit: type=1326 audit(1774163325.764:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9640 comm="syz.3.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09ff12c799 code=0x7ffc0000 [ 453.801562][ T9643] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 453.865369][ T5886] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 454.173610][ T5886] usb 5-1: Using ep0 maxpacket: 8 [ 454.176227][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 454.176271][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 454.176315][ T5886] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 454.176341][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.185040][ T5886] usb 5-1: config 0 descriptor?? [ 455.203571][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 455.221477][ T5886] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 455.248458][ T9656] FAULT_INJECTION: forcing a failure. [ 455.248458][ T9656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.248501][ T9656] CPU: 0 UID: 0 PID: 9656 Comm: syz.3.1127 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 455.248533][ T9656] Tainted: [L]=SOFTLOCKUP [ 455.248540][ T9656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 455.248552][ T9656] Call Trace: [ 455.248560][ T9656] [ 455.248570][ T9656] dump_stack_lvl+0xe8/0x150 [ 455.248617][ T9656] should_fail_ex+0x46b/0x600 [ 455.248651][ T9656] _copy_from_iter+0x1d3/0x1670 [ 455.248695][ T9656] ? __pfx__copy_from_iter+0x10/0x10 [ 455.248724][ T9656] ? trace_kmalloc+0x2a/0x110 [ 455.248762][ T9656] ? __kmalloc_noprof+0x408/0x7b0 [ 455.248796][ T9656] ? kernfs_fop_write_iter+0x159/0x540 [ 455.248833][ T9656] kernfs_fop_write_iter+0x19c/0x540 [ 455.248873][ T9656] vfs_write+0x629/0xba0 [ 455.248916][ T9656] ? __pfx_vfs_write+0x10/0x10 [ 455.248952][ T9656] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 455.248987][ T9656] ? lockdep_hardirqs_on+0x7a/0x110 [ 455.249022][ T9656] ? mutex_lock_nested+0x152/0x1d0 [ 455.249048][ T9656] ? fdget_pos+0x252/0x320 [ 455.249086][ T9656] ksys_write+0x156/0x270 [ 455.249121][ T9656] ? __pfx_ksys_write+0x10/0x10 [ 455.249165][ T9656] do_syscall_64+0x14d/0xf80 [ 455.249198][ T9656] ? trace_irq_disable+0x3b/0x150 [ 455.249221][ T9656] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.249245][ T9656] ? clear_bhb_loop+0x40/0x90 [ 455.249272][ T9656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.249304][ T9656] RIP: 0033:0x7f09ff12c799 [ 455.249326][ T9656] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.249346][ T9656] RSP: 002b:00007f09fd37e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 455.249372][ T9656] RAX: ffffffffffffffda RBX: 00007f09ff3a5fa0 RCX: 00007f09ff12c799 [ 455.249388][ T9656] RDX: 000000000000000b RSI: 00002000000006c0 RDI: 0000000000000003 [ 455.249401][ T9656] RBP: 00007f09fd37e090 R08: 0000000000000000 R09: 0000000000000000 [ 455.249414][ T9656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.249426][ T9656] R13: 00007f09ff3a6038 R14: 00007f09ff3a5fa0 R15: 00007ffccd9c6358 [ 455.249462][ T9656] [ 455.363784][ T9639] iowarrior 5-1:0.0: Error -90 while submitting URB [ 455.383524][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 455.403570][ T10] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 455.403591][ T10] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 455.403604][ T10] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 455.403616][ T10] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 455.403627][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 455.403640][ T10] usb 3-1: config 0 has no interface number 0 [ 455.403672][ T10] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 455.403689][ T10] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 455.403704][ T10] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 455.403726][ T10] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 455.403742][ T10] usb 3-1: Duplicate descriptor for config 0 interface 125 altsetting 1, skipping [ 455.403754][ T10] usb 3-1: config 0 interface 125 has no altsetting 0 [ 455.488475][ T10] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 455.488509][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.488531][ T10] usb 3-1: Product: syz [ 455.488555][ T10] usb 3-1: Manufacturer: syz [ 455.488571][ T10] usb 3-1: SerialNumber: syz [ 455.737000][ T10] usb 3-1: config 0 descriptor?? [ 455.806546][ T5886] usb 5-1: USB disconnect, device number 25 [ 456.137689][ T9670] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 456.536199][ T5965] usb 3-1: USB disconnect, device number 29 [ 461.585571][ T9712] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 462.273639][ T5877] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 462.599081][ T9720] binder: 9713:9720 ioctl c0884123 200000000280 returned -22 [ 462.698614][ T9720] smc: net device bond0 applied user defined pnetid SYZ2 [ 463.393370][ T5877] usb 3-1: New USB device found, idVendor=057b, idProduct=0000, bcdDevice= 0.00 [ 463.393445][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.428092][ T5877] usb-storage 3-1:32.0: USB Mass Storage device detected [ 463.467278][ T5877] usb-storage 3-1:32.0: Quirks match for vid 057b pid 0000: 1 [ 463.513839][ T9723] netlink: 'syz.3.1146': attribute type 1 has an invalid length. [ 463.628368][ T5877] usb 3-1: USB disconnect, device number 30 [ 465.192324][ T9747] netlink: 'syz.3.1153': attribute type 3 has an invalid length. [ 465.271431][ T9745] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 468.853379][ T9779] FAULT_INJECTION: forcing a failure. [ 468.853379][ T9779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 468.854243][ T9779] CPU: 0 UID: 0 PID: 9779 Comm: syz.2.1163 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 468.854278][ T9779] Tainted: [L]=SOFTLOCKUP [ 468.854286][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 468.854299][ T9779] Call Trace: [ 468.854307][ T9779] [ 468.854317][ T9779] dump_stack_lvl+0xe8/0x150 [ 468.854358][ T9779] should_fail_ex+0x46b/0x600 [ 468.854391][ T9779] _copy_from_user+0x2d/0xb0 [ 468.854425][ T9779] memdup_user+0x5e/0xd0 [ 468.854455][ T9779] strndup_user+0x68/0xd0 [ 468.854485][ T9779] __se_sys_mount+0x9d/0x420 [ 468.854514][ T9779] ? ksys_write+0x248/0x270 [ 468.854550][ T9779] ? __pfx___se_sys_mount+0x10/0x10 [ 468.854585][ T9779] ? __x64_sys_mount+0x20/0xc0 [ 468.854615][ T9779] do_syscall_64+0x14d/0xf80 [ 468.854648][ T9779] ? trace_irq_disable+0x3b/0x150 [ 468.854674][ T9779] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.854697][ T9779] ? clear_bhb_loop+0x40/0x90 [ 468.854725][ T9779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.854747][ T9779] RIP: 0033:0x7f624c09c799 [ 468.854769][ T9779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.854789][ T9779] RSP: 002b:00007f624a2ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 468.854815][ T9779] RAX: ffffffffffffffda RBX: 00007f624c315fa0 RCX: 00007f624c09c799 [ 468.854831][ T9779] RDX: 00002000000003c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 468.854846][ T9779] RBP: 00007f624a2ee090 R08: 00002000000004c0 R09: 0000000000000000 [ 468.854861][ T9779] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 468.854876][ T9779] R13: 00007f624c316038 R14: 00007f624c315fa0 R15: 00007ffc833a8ef8 [ 468.854912][ T9779] [ 470.080313][ T5877] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 470.092300][ T9793] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 470.504825][ T5877] usb 3-1: Using ep0 maxpacket: 16 [ 470.520364][ T5877] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b [ 470.520393][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 470.520406][ T5877] usb 3-1: Product: syz [ 470.520415][ T5877] usb 3-1: SerialNumber: syz [ 470.575379][ T5877] usb 3-1: config 0 descriptor?? [ 470.582718][ T5877] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 470.618762][ T5877] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 470.635916][ T5877] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 470.636019][ T5877] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 470.804870][ T9790] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1164'. [ 470.806874][ T9790] sg_write: data in/out 25820/46 bytes for SCSI command 0x8-- guessing data in; [ 470.806874][ T9790] program syz.2.1164 not setting count and/or reply_len properly [ 471.255671][ T9807] siw: device registration error -23 [ 471.267985][ T9807] binder: BINDER_SET_CONTEXT_MGR already set [ 471.268025][ T9807] binder: 9803:9807 ioctl 4018620d 200000000000 returned -16 [ 472.475165][ T5965] usb 3-1: USB disconnect, device number 31 [ 472.941107][ T9816] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 474.581805][ T9824] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1176'. [ 476.537049][ T9835] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1178'. [ 476.752426][ T9841] use of bytesused == 0 is deprecated and will be removed in the future, [ 476.752446][ T9841] use the actual size instead. [ 476.941090][ T9846] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1182'. [ 476.987599][ T9846] vlan0: entered promiscuous mode [ 476.987627][ T9846] bond0: entered promiscuous mode [ 476.987641][ T9846] bond_slave_0: entered promiscuous mode [ 476.987885][ T9846] bond_slave_1: entered promiscuous mode [ 477.476884][ T9851] siw: device registration error -23 [ 479.212843][ T9867] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 479.761459][ T9877] FAULT_INJECTION: forcing a failure. [ 479.761459][ T9877] name failslab, interval 1, probability 0, space 0, times 0 [ 479.761498][ T9877] CPU: 1 UID: 0 PID: 9877 Comm: syz.4.1188 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 479.761524][ T9877] Tainted: [L]=SOFTLOCKUP [ 479.761529][ T9877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 479.761540][ T9877] Call Trace: [ 479.761548][ T9877] [ 479.761555][ T9877] dump_stack_lvl+0xe8/0x150 [ 479.761587][ T9877] should_fail_ex+0x46b/0x600 [ 479.761615][ T9877] should_failslab+0xa8/0x100 [ 479.761635][ T9877] __kmalloc_noprof+0xdf/0x7b0 [ 479.761662][ T9877] ? rds_message_alloc+0x47/0x200 [ 479.761681][ T9877] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 479.761712][ T9877] rds_message_alloc+0x47/0x200 [ 479.761733][ T9877] rds_sendmsg+0xb0f/0x2130 [ 479.761766][ T9877] ? __pfx_rds_sendmsg+0x10/0x10 [ 479.761795][ T9877] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 479.761827][ T9877] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 479.761856][ T9877] ____sys_sendmsg+0x94c/0x9c0 [ 479.761882][ T9877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 479.761913][ T9877] ? import_iovec+0x73/0xa0 [ 479.761948][ T9877] ___sys_sendmsg+0x2a5/0x360 [ 479.761976][ T9877] ? __pfx____sys_sendmsg+0x10/0x10 [ 479.762032][ T9877] ? __fget_files+0x2a/0x420 [ 479.762059][ T9877] ? __fget_files+0x3a6/0x420 [ 479.762097][ T9877] __x64_sys_sendmsg+0x1c3/0x2a0 [ 479.762122][ T9877] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 479.762154][ T9877] ? __pfx_ksys_write+0x10/0x10 [ 479.762197][ T9877] do_syscall_64+0x14d/0xf80 [ 479.762242][ T9877] ? trace_irq_disable+0x3b/0x150 [ 479.762268][ T9877] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.762292][ T9877] ? clear_bhb_loop+0x40/0x90 [ 479.762319][ T9877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.762342][ T9877] RIP: 0033:0x7fb50b3ac799 [ 479.762365][ T9877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.762386][ T9877] RSP: 002b:00007fb5095e5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 479.762411][ T9877] RAX: ffffffffffffffda RBX: 00007fb50b626090 RCX: 00007fb50b3ac799 [ 479.762428][ T9877] RDX: 0000000000000040 RSI: 00002000000001c0 RDI: 0000000000000003 [ 479.762443][ T9877] RBP: 00007fb5095e5090 R08: 0000000000000000 R09: 0000000000000000 [ 479.762457][ T9877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.762470][ T9877] R13: 00007fb50b626128 R14: 00007fb50b626090 R15: 00007ffd92c63d28 [ 479.762504][ T9877] [ 483.256754][ T9893] siw: device registration error -23 [ 484.583543][ T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 484.743586][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 484.746083][ T10] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 484.746114][ T10] usb 2-1: config 0 has no interface number 0 [ 484.753353][ T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 484.754119][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.754143][ T10] usb 2-1: Product: syz [ 484.754158][ T10] usb 2-1: Manufacturer: syz [ 484.754172][ T10] usb 2-1: SerialNumber: syz [ 484.759461][ T10] usb 2-1: config 0 descriptor?? [ 484.802075][ T10] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 484.998915][ T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 485.021938][ T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 485.412371][ T5877] usb 2-1: USB disconnect, device number 37 [ 485.596360][ T9926] ipvlan2: entered promiscuous mode [ 485.601163][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -108 [ 485.655012][ T5877] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 485.823745][ T5877] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 485.825829][ T5877] quatech2 2-1:0.51: device disconnected [ 486.171506][ T9939] FAULT_INJECTION: forcing a failure. [ 486.171506][ T9939] name failslab, interval 1, probability 0, space 0, times 0 [ 486.171548][ T9939] CPU: 1 UID: 0 PID: 9939 Comm: syz.2.1211 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 486.171579][ T9939] Tainted: [L]=SOFTLOCKUP [ 486.171587][ T9939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 486.171600][ T9939] Call Trace: [ 486.171609][ T9939] [ 486.171620][ T9939] dump_stack_lvl+0xe8/0x150 [ 486.171660][ T9939] should_fail_ex+0x46b/0x600 [ 486.171696][ T9939] should_failslab+0xa8/0x100 [ 486.171720][ T9939] __kmalloc_noprof+0xdf/0x7b0 [ 486.171753][ T9939] ? kfree+0x4d/0x6c0 [ 486.171781][ T9939] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 486.171816][ T9939] tomoyo_realpath_from_path+0xe3/0x5d0 [ 486.171862][ T9939] ? tomoyo_path_number_perm+0x219/0x630 [ 486.171898][ T9939] tomoyo_path_number_perm+0x246/0x630 [ 486.171937][ T9939] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 486.171976][ T9939] ? __lock_acquire+0x6b5/0x2cf0 [ 486.172038][ T9939] ? __fget_files+0x2a/0x420 [ 486.172070][ T9939] ? __fget_files+0x2a/0x420 [ 486.172097][ T9939] ? __fget_files+0x3a6/0x420 [ 486.172124][ T9939] ? __fget_files+0x2a/0x420 [ 486.172172][ T9939] security_file_ioctl+0xc3/0x2a0 [ 486.172198][ T9939] __se_sys_ioctl+0x47/0x170 [ 486.172236][ T9939] do_syscall_64+0x14d/0xf80 [ 486.172271][ T9939] ? trace_irq_disable+0x3b/0x150 [ 486.172297][ T9939] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.172321][ T9939] ? clear_bhb_loop+0x40/0x90 [ 486.172349][ T9939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.172372][ T9939] RIP: 0033:0x7f624c09c799 [ 486.172401][ T9939] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 486.172421][ T9939] RSP: 002b:00007f624a2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 486.172447][ T9939] RAX: ffffffffffffffda RBX: 00007f624c315fa0 RCX: 00007f624c09c799 [ 486.172463][ T9939] RDX: 0000200000000040 RSI: 00000000c010640c RDI: 0000000000000003 [ 486.172479][ T9939] RBP: 00007f624a2ee090 R08: 0000000000000000 R09: 0000000000000000 [ 486.172494][ T9939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.172507][ T9939] R13: 00007f624c316038 R14: 00007f624c315fa0 R15: 00007ffc833a8ef8 [ 486.172545][ T9939] [ 486.172675][ T9939] ERROR: Out of memory at tomoyo_realpath_from_path. [ 488.393619][ T5811] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 488.393959][ T5811] Bluetooth: hci2: Injecting HCI hardware error event [ 488.397509][ T5811] Bluetooth: hci2: hardware error 0x00 [ 490.721438][ T36] kauditd_printk_skb: 9 callbacks suppressed [ 490.721460][ T36] audit: type=1326 audit(1774163362.734:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.721514][ T36] audit: type=1326 audit(1774163362.734:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.722528][ T36] audit: type=1326 audit(1774163362.734:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.722981][ T36] audit: type=1326 audit(1774163362.734:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.723128][ T36] audit: type=1326 audit(1774163362.734:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.724352][ T36] audit: type=1326 audit(1774163362.744:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.727458][ T36] audit: type=1326 audit(1774163362.744:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 490.728281][ T36] audit: type=1326 audit(1774163362.744:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9973 comm="syz.1.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 491.138058][ T9981] netlink: 'syz.0.1226': attribute type 83 has an invalid length. [ 491.178431][ T9986] FAULT_INJECTION: forcing a failure. [ 491.178431][ T9986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 491.178471][ T9986] CPU: 0 UID: 0 PID: 9986 Comm: syz.1.1227 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 491.178501][ T9986] Tainted: [L]=SOFTLOCKUP [ 491.178509][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 491.178522][ T9986] Call Trace: [ 491.178531][ T9986] [ 491.178540][ T9986] dump_stack_lvl+0xe8/0x150 [ 491.178579][ T9986] should_fail_ex+0x46b/0x600 [ 491.178612][ T9986] _copy_from_user+0x2d/0xb0 [ 491.178645][ T9986] __sys_bind+0x1cc/0x410 [ 491.178678][ T9986] ? __pfx___sys_bind+0x10/0x10 [ 491.178722][ T9986] ? __pfx_ksys_write+0x10/0x10 [ 491.178763][ T9986] __x64_sys_bind+0x7a/0x90 [ 491.178793][ T9986] do_syscall_64+0x14d/0xf80 [ 491.178828][ T9986] ? trace_irq_disable+0x3b/0x150 [ 491.178854][ T9986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.178876][ T9986] ? clear_bhb_loop+0x40/0x90 [ 491.178903][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.178925][ T9986] RIP: 0033:0x7f8f2277c799 [ 491.178946][ T9986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.178965][ T9986] RSP: 002b:00007f8f209ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 491.178990][ T9986] RAX: ffffffffffffffda RBX: 00007f8f229f6090 RCX: 00007f8f2277c799 [ 491.179006][ T9986] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000003 [ 491.179020][ T9986] RBP: 00007f8f209ad090 R08: 0000000000000000 R09: 0000000000000000 [ 491.179034][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.179047][ T9986] R13: 00007f8f229f6128 R14: 00007f8f229f6090 R15: 00007ffdc3839108 [ 491.179081][ T9986] [ 491.612228][ T9993] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 491.685634][ T9997] Attempt to restore checkpoint with obsolete wellknown handles [ 492.749513][ T5811] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 493.544248][T10024] siw: device registration error -23 [ 494.319405][T10028] FAULT_INJECTION: forcing a failure. [ 494.319405][T10028] name failslab, interval 1, probability 0, space 0, times 0 [ 494.319433][T10028] CPU: 1 UID: 0 PID: 10028 Comm: syz.4.1241 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 494.319452][T10028] Tainted: [L]=SOFTLOCKUP [ 494.319456][T10028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 494.319464][T10028] Call Trace: [ 494.319478][T10028] [ 494.319484][T10028] dump_stack_lvl+0xe8/0x150 [ 494.319508][T10028] should_fail_ex+0x46b/0x600 [ 494.319528][T10028] should_failslab+0xa8/0x100 [ 494.319542][T10028] __kmalloc_noprof+0xdf/0x7b0 [ 494.319562][T10028] ? tomoyo_encode+0x28b/0x550 [ 494.319580][T10028] tomoyo_encode+0x28b/0x550 [ 494.319598][T10028] tomoyo_realpath_from_path+0x58d/0x5d0 [ 494.319621][T10028] tomoyo_path_perm+0x283/0x560 [ 494.319640][T10028] ? tomoyo_path_perm+0x251/0x560 [ 494.319660][T10028] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 494.319699][T10028] ? hook_sb_umount+0x1e5/0x3b0 [ 494.319717][T10028] ? __pfx_hook_sb_umount+0x10/0x10 [ 494.319736][T10028] tomoyo_sb_umount+0xa4/0xf0 [ 494.319752][T10028] ? __pfx_tomoyo_sb_umount+0x10/0x10 [ 494.319769][T10028] ? safesetid_security_capable+0xa9/0x1a0 [ 494.319790][T10028] ? bpf_lsm_capable+0x9/0x20 [ 494.319804][T10028] ? security_capable+0x7e/0x2c0 [ 494.319820][T10028] security_sb_umount+0xb3/0x260 [ 494.319837][T10028] path_umount+0x36d/0xb40 [ 494.319860][T10028] __x64_sys_umount+0x12a/0x170 [ 494.319873][T10028] ? __pfx___x64_sys_umount+0x10/0x10 [ 494.319893][T10028] do_syscall_64+0x14d/0xf80 [ 494.319912][T10028] ? trace_irq_disable+0x3b/0x150 [ 494.319926][T10028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.319939][T10028] ? clear_bhb_loop+0x40/0x90 [ 494.319955][T10028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.319967][T10028] RIP: 0033:0x7fb50b3ac799 [ 494.319980][T10028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.319992][T10028] RSP: 002b:00007fb509606028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 494.320007][T10028] RAX: ffffffffffffffda RBX: 00007fb50b625fa0 RCX: 00007fb50b3ac799 [ 494.320016][T10028] RDX: 0000000000000000 RSI: 000000000000000b RDI: 00002000000002c0 [ 494.320024][T10028] RBP: 00007fb509606090 R08: 0000000000000000 R09: 0000000000000000 [ 494.320032][T10028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.320040][T10028] R13: 00007fb50b626038 R14: 00007fb50b625fa0 R15: 00007ffd92c63d28 [ 494.320059][T10028] [ 494.320071][T10028] ERROR: Out of memory at tomoyo_realpath_from_path. [ 495.194725][T10045] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 496.024398][T10048] netlink: 'syz.0.1248': attribute type 2 has an invalid length. [ 497.403711][ T1087] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 497.494195][ T36] audit: type=1326 audit(1774163369.504:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10059 comm="syz.1.1251" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x0 [ 497.571653][ T1087] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 497.588561][ T1087] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 497.588597][ T1087] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.588619][ T1087] usb 1-1: Product: syz [ 497.588635][ T1087] usb 1-1: Manufacturer: syz [ 497.588651][ T1087] usb 1-1: SerialNumber: syz [ 498.039884][ T1087] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 499.034363][ T1087] usb 1-1: USB disconnect, device number 43 [ 499.228519][ T5814] udevd[5814]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 502.574197][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.574278][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.113690][ T5877] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 507.200359][ T5804] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 507.218314][ T5804] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 507.223816][ T5804] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 507.228192][ T5804] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 507.239195][ T5804] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 507.273564][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 507.281313][ T5877] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 507.281345][ T5877] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 507.281366][ T5877] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 507.281387][ T5877] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 507.281407][ T5877] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 507.281429][ T5877] usb 2-1: config 0 has no interface number 0 [ 507.281476][ T5877] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 507.281506][ T5877] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 507.281532][ T5877] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 507.281570][ T5877] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 507.281600][ T5877] usb 2-1: config 0 interface 125 has no altsetting 0 [ 507.281620][ T5877] usb 2-1: config 0 interface 125 has no altsetting 2 [ 507.335772][ T5877] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 507.335808][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.335831][ T5877] usb 2-1: Product: syz [ 507.335847][ T5877] usb 2-1: Manufacturer: syz [ 507.335863][ T5877] usb 2-1: SerialNumber: syz [ 507.449983][ T5877] usb 2-1: config 0 descriptor?? [ 507.462677][ T5877] usb 2-1: selecting invalid altsetting 2 [ 507.664278][ C1] usb 2-1: async_complete: urb error -71 [ 507.664602][ C1] usb 2-1: async_complete: urb error -71 [ 507.664655][ C1] usb 2-1: async_complete: urb error -71 [ 507.664705][ C1] usb 2-1: async_complete: urb error -71 [ 507.667406][ T5877] get_1284_register: usb error -71 [ 507.708790][ T5877] usb 2-1: USB disconnect, device number 38 [ 509.289009][ T5804] Bluetooth: hci5: command tx timeout [ 511.353617][ T5804] Bluetooth: hci5: command tx timeout [ 513.153602][ T5803] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 513.305969][ T5803] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 513.306033][ T5803] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 513.306064][ T5803] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 513.306120][ T5803] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 513.306146][ T5803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.369403][ T5803] usb 1-1: config 0 descriptor?? [ 513.433606][ T5804] Bluetooth: hci5: command tx timeout [ 513.461804][T10165] FAULT_INJECTION: forcing a failure. [ 513.461804][T10165] name failslab, interval 1, probability 0, space 0, times 0 [ 513.461845][T10165] CPU: 1 UID: 0 PID: 10165 Comm: syz.4.1282 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 513.461877][T10165] Tainted: [L]=SOFTLOCKUP [ 513.461885][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 513.461898][T10165] Call Trace: [ 513.461907][T10165] [ 513.461916][T10165] dump_stack_lvl+0xe8/0x150 [ 513.461955][T10165] should_fail_ex+0x46b/0x600 [ 513.461990][T10165] should_failslab+0xa8/0x100 [ 513.462012][T10165] __kmalloc_cache_noprof+0x84/0x690 [ 513.462047][T10165] ? sdev_prefix_printk+0xd5/0x210 [ 513.462096][T10165] sdev_prefix_printk+0xd5/0x210 [ 513.462131][T10165] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 513.462167][T10165] ? __pfx_sdev_prefix_printk+0x10/0x10 [ 513.462204][T10165] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 513.462241][T10165] virtscsi_device_reset+0x6d/0x320 [ 513.462277][T10165] scsi_ioctl_reset+0x374/0x740 [ 513.462318][T10165] scsi_ioctl+0x8f5/0x2130 [ 513.462353][T10165] ? __pfx_scsi_ioctl+0x10/0x10 [ 513.462416][T10165] ? kasan_quarantine_put+0xbb/0x1f0 [ 513.462457][T10165] ? tomoyo_path_number_perm+0x219/0x630 [ 513.462491][T10165] ? tomoyo_path_number_perm+0x219/0x630 [ 513.462536][T10165] ? do_vfs_ioctl+0x117b/0x1540 [ 513.462561][T10165] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 513.462604][T10165] sg_ioctl+0x1125/0x21a0 [ 513.462637][T10165] ? __pfx_smack_file_ioctl+0x10/0x10 [ 513.462668][T10165] ? __pfx_sg_ioctl+0x10/0x10 [ 513.462707][T10165] ? __fget_files+0x2a/0x420 [ 513.462735][T10165] ? __fget_files+0x3a6/0x420 [ 513.462768][T10165] ? __fget_files+0x2a/0x420 [ 513.462799][T10165] ? bpf_lsm_file_ioctl+0x9/0x20 [ 513.462822][T10165] ? __pfx_sg_ioctl+0x10/0x10 [ 513.462847][T10165] __se_sys_ioctl+0xff/0x170 [ 513.462884][T10165] do_syscall_64+0x14d/0xf80 [ 513.462918][T10165] ? trace_irq_disable+0x3b/0x150 [ 513.462944][T10165] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.462965][T10165] ? clear_bhb_loop+0x40/0x90 [ 513.462992][T10165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.463015][T10165] RIP: 0033:0x7fb50b3ac799 [ 513.463036][T10165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.463055][T10165] RSP: 002b:00007fb5095e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.463090][T10165] RAX: ffffffffffffffda RBX: 00007fb50b626090 RCX: 00007fb50b3ac799 [ 513.463107][T10165] RDX: 0000200000000080 RSI: 0000000000002284 RDI: 0000000000000003 [ 513.463121][T10165] RBP: 00007fb5095e5090 R08: 0000000000000000 R09: 0000000000000000 [ 513.463134][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.463148][T10165] R13: 00007fb50b626128 R14: 00007fb50b626090 R15: 00007ffd92c63d28 [ 513.463182][T10165] [ 513.964696][ T5803] usbhid 1-1:0.0: can't add hid device: -71 [ 513.964834][ T5803] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 513.998829][ T5803] usb 1-1: USB disconnect, device number 44 [ 515.767649][ T5804] Bluetooth: hci5: command tx timeout [ 517.663570][ T5803] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 517.799819][ T5803] usb 5-1: device descriptor read/64, error -71 [ 517.913569][ T5965] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 518.033612][ T5803] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 518.063504][ T5965] usb 2-1: Using ep0 maxpacket: 16 [ 518.065369][ T5965] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 518.065395][ T5965] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 518.065409][ T5965] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 518.065420][ T5965] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 518.065432][ T5965] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 518.065445][ T5965] usb 2-1: config 0 has no interface number 0 [ 518.065472][ T5965] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 518.065490][ T5965] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 518.065503][ T5965] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 518.065524][ T5965] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 518.065542][ T5965] usb 2-1: config 0 interface 125 has no altsetting 2 [ 518.105537][ T5965] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 518.105559][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.105571][ T5965] usb 2-1: Product: syz [ 518.105580][ T5965] usb 2-1: Manufacturer: syz [ 518.105589][ T5965] usb 2-1: SerialNumber: syz [ 518.240705][ T5965] usb 2-1: config 0 descriptor?? [ 518.259473][ T5965] usb 2-1: selecting invalid altsetting 2 [ 518.283787][ T5803] usb 5-1: device descriptor read/64, error -71 [ 518.394730][ T5803] usb usb5-port1: attempt power cycle [ 518.466243][ T5965] usb 2-1: USB disconnect, device number 39 [ 518.733587][ T5803] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 518.754334][ T5803] usb 5-1: device descriptor read/8, error -71 [ 519.173616][ T5803] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 519.194304][ T5803] usb 5-1: device descriptor read/8, error -71 [ 519.304085][ T5803] usb usb5-port1: unable to enumerate USB device [ 520.255169][T10205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1294'. [ 520.412801][T10208] FAULT_INJECTION: forcing a failure. [ 520.412801][T10208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 520.412828][T10208] CPU: 0 UID: 0 PID: 10208 Comm: syz.4.1295 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 520.412847][T10208] Tainted: [L]=SOFTLOCKUP [ 520.412852][T10208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 520.412860][T10208] Call Trace: [ 520.412865][T10208] [ 520.412871][T10208] dump_stack_lvl+0xe8/0x150 [ 520.412896][T10208] should_fail_ex+0x46b/0x600 [ 520.412915][T10208] _copy_to_user+0x31/0xb0 [ 520.412935][T10208] drm_ioctl+0x6e0/0xb80 [ 520.412951][T10208] ? smk_tskacc+0x311/0x3a0 [ 520.412970][T10208] ? __pfx_drm_mode_getplane+0x10/0x10 [ 520.412991][T10208] ? __pfx_drm_ioctl+0x10/0x10 [ 520.413015][T10208] ? __fget_files+0x2a/0x420 [ 520.413040][T10208] ? bpf_lsm_file_ioctl+0x9/0x20 [ 520.413061][T10208] ? __pfx_drm_ioctl+0x10/0x10 [ 520.413090][T10208] __se_sys_ioctl+0xff/0x170 [ 520.413127][T10208] do_syscall_64+0x14d/0xf80 [ 520.413158][T10208] ? trace_irq_disable+0x3b/0x150 [ 520.413183][T10208] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.413202][T10208] ? clear_bhb_loop+0x40/0x90 [ 520.413217][T10208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.413230][T10208] RIP: 0033:0x7fb50b3ac799 [ 520.413243][T10208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 520.413254][T10208] RSP: 002b:00007fb509606028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 520.413270][T10208] RAX: ffffffffffffffda RBX: 00007fb50b625fa0 RCX: 00007fb50b3ac799 [ 520.413279][T10208] RDX: 00002000000000c0 RSI: 00000000c02064b6 RDI: 0000000000000003 [ 520.413287][T10208] RBP: 00007fb509606090 R08: 0000000000000000 R09: 0000000000000000 [ 520.413295][T10208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 520.413302][T10208] R13: 00007fb50b626038 R14: 00007fb50b625fa0 R15: 00007ffd92c63d28 [ 520.413329][T10208] [ 523.546940][T10222] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1299'. [ 524.073898][T10200] veth0_to_bridge: entered promiscuous mode [ 524.077990][T10205] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 524.228179][T10201] veth0_to_bridge: left promiscuous mode [ 524.515519][T10229] dummy0: entered allmulticast mode [ 524.663545][ T5803] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 524.813500][ T5803] usb 4-1: Using ep0 maxpacket: 16 [ 524.816293][ T5803] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 524.816325][ T5803] usb 4-1: config 0 has no interface number 0 [ 524.820038][ T5803] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 524.820069][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.820091][ T5803] usb 4-1: Product: syz [ 524.820108][ T5803] usb 4-1: Manufacturer: syz [ 524.820134][ T5803] usb 4-1: SerialNumber: syz [ 524.843740][ T5965] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 524.905301][ T5803] usb 4-1: config 0 descriptor?? [ 524.919192][ T5803] hub 4-1:0.132: bad descriptor, ignoring hub [ 524.919237][ T5803] hub 4-1:0.132: probe with driver hub failed with error -5 [ 524.948727][ T5803] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input12 [ 525.049780][ T5965] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 525.049818][ T5965] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 525.049865][ T5965] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 525.049891][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.351263][ T5965] usb 5-1: usb_control_msg returned -32 [ 525.351318][ T5965] usbtmc 5-1:16.0: can't read capabilities [ 525.606751][ T5965] usb 4-1: USB disconnect, device number 37 [ 525.609080][ T57] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.008375][ T57] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.252190][ T5877] usb 5-1: USB disconnect, device number 30 [ 526.281430][T10132] lo speed is unknown, defaulting to 1000 [ 526.354662][T10132] lo speed is unknown, defaulting to 1000 [ 526.701677][ T57] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.289600][ T57] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.770445][T10259] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1309'. [ 527.891751][T10132] chnl_net:caif_netlink_parms(): no params data found [ 528.033634][ T809] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 528.192620][ T809] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 528.192654][ T809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.192676][ T809] usb 2-1: Product: syz [ 528.192690][ T809] usb 2-1: Manufacturer: syz [ 528.192704][ T809] usb 2-1: SerialNumber: syz [ 528.318875][ T809] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 528.619431][ T5803] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 528.666110][ T57] veth0_to_bridge: left allmulticast mode [ 528.666292][ T57] veth0_to_bridge: left promiscuous mode [ 528.688727][ T57] bridge0: port 3(veth0_to_bridge) entered disabled state [ 528.855742][ T13] nci: nci_rsp_packet: unknown rsp opcode 0x405 [ 528.882363][ T57] bridge_slave_1: left allmulticast mode [ 528.882399][ T57] bridge_slave_1: left promiscuous mode [ 528.882976][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.009313][ T57] bridge_slave_0: left allmulticast mode [ 529.013018][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.509680][T10276] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1309'. [ 529.526881][T10269] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 529.993832][ T5803] usb 2-1: Service connection timeout for: 256 [ 529.993857][ T5803] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 530.040794][ T5803] ath9k_htc: Failed to initialize the device [ 530.119319][ T5803] usb 2-1: ath9k_htc: USB layer deinitialized [ 530.847974][T10281] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 531.753507][T10288] IPVS: set_ctl: invalid protocol: 135 127.0.0.1:20003 [ 531.969458][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 532.005421][ T5951] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 532.008851][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 532.030516][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 532.044507][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 532.045455][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 532.045520][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 532.153601][ T5951] usb 5-1: Using ep0 maxpacket: 8 [ 532.156189][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 532.156859][ T5951] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 532.156884][ T5951] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 532.156897][ T5951] usb 5-1: config 0 has no interface number 0 [ 532.159320][ T5951] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 532.159341][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.159353][ T5951] usb 5-1: Product: syz [ 532.159362][ T5951] usb 5-1: Manufacturer: syz [ 532.159370][ T5951] usb 5-1: SerialNumber: syz [ 532.171461][ T5951] usb 5-1: config 0 descriptor?? [ 532.220461][ T5951] uvcvideo 5-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 532.220498][ T5951] uvcvideo 5-1:0.31: No valid video chain found. [ 532.260102][ T57] bond0 (unregistering): Released all slaves [ 532.282073][ T57] bond1 (unregistering): Released all slaves [ 532.309606][ T57] bond2 (unregistering): Released all slaves [ 532.344871][ T57] bond3 (unregistering): Released all slaves [ 532.369466][ T57] bond4 (unregistering): Released all slaves [ 532.399479][ T57] bond5 (unregistering): Released all slaves [ 532.428617][ T57] bond6 (unregistering): Released all slaves [ 532.444569][ T5951] usb 5-1: USB disconnect, device number 31 [ 532.524625][T10132] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.524770][T10132] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.525028][T10132] bridge_slave_0: entered allmulticast mode [ 532.527656][T10132] bridge_slave_0: entered promiscuous mode [ 532.566877][T10132] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.567196][T10132] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.567572][T10132] bridge_slave_1: entered allmulticast mode [ 532.595267][T10132] bridge_slave_1: entered promiscuous mode [ 532.701238][T10132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.723918][T10132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.762272][ T5951] usb 2-1: USB disconnect, device number 40 [ 533.009710][T10132] team0: Port device team_slave_0 added [ 533.027517][T10294] FAULT_INJECTION: forcing a failure. [ 533.027517][T10294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 533.027559][T10294] CPU: 1 UID: 0 PID: 10294 Comm: syz.3.1316 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 533.027590][T10294] Tainted: [L]=SOFTLOCKUP [ 533.027598][T10294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 533.027611][T10294] Call Trace: [ 533.027620][T10294] [ 533.027629][T10294] dump_stack_lvl+0xe8/0x150 [ 533.027670][T10294] should_fail_ex+0x46b/0x600 [ 533.027704][T10294] _copy_to_user+0x31/0xb0 [ 533.027741][T10294] simple_read_from_buffer+0xe1/0x170 [ 533.027775][T10294] proc_fail_nth_read+0x1be/0x230 [ 533.027808][T10294] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.027839][T10294] ? rw_verify_area+0x2ac/0x4e0 [ 533.027871][T10294] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.027900][T10294] vfs_read+0x212/0xa80 [ 533.027943][T10294] ? __pfx_vfs_read+0x10/0x10 [ 533.027978][T10294] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 533.028015][T10294] ? lockdep_hardirqs_on+0x7a/0x110 [ 533.028049][T10294] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 533.028084][T10294] ? mutex_lock_nested+0x152/0x1d0 [ 533.028111][T10294] ? fdget_pos+0x252/0x320 [ 533.028158][T10294] ksys_read+0x156/0x270 [ 533.028194][T10294] ? __pfx_ksys_read+0x10/0x10 [ 533.028239][T10294] do_syscall_64+0x14d/0xf80 [ 533.028272][T10294] ? trace_irq_disable+0x3b/0x150 [ 533.028298][T10294] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.028322][T10294] ? clear_bhb_loop+0x40/0x90 [ 533.028351][T10294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.028372][T10294] RIP: 0033:0x7f09ff0ecfce [ 533.028394][T10294] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 533.028414][T10294] RSP: 002b:00007f09fd35cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 533.028437][T10294] RAX: ffffffffffffffda RBX: 00007f09fd35d6c0 RCX: 00007f09ff0ecfce [ 533.028460][T10294] RDX: 000000000000000f RSI: 00007f09fd35d0a0 RDI: 0000000000000005 [ 533.028473][T10294] RBP: 00007f09fd35d090 R08: 0000000000000000 R09: 0000000000000000 [ 533.028487][T10294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 533.028501][T10294] R13: 00007f09ff3a6128 R14: 00007f09ff3a6090 R15: 00007ffccd9c6358 [ 533.028536][T10294] [ 533.075922][T10132] team0: Port device team_slave_1 added [ 533.077817][T10290] lo speed is unknown, defaulting to 1000 [ 533.173853][T10290] lo speed is unknown, defaulting to 1000 [ 534.202749][ T5811] Bluetooth: hci2: command tx timeout [ 534.968811][T10132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 534.968831][T10132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 534.968863][T10132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 535.941462][T10132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 535.941482][T10132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 535.941513][T10132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 536.133956][ T5803] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 536.233827][ T5811] Bluetooth: hci2: command tx timeout [ 536.527304][ T36] audit: type=1326 audit(1774163408.454:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10320 comm="syz.1.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 536.527610][ T36] audit: type=1326 audit(1774163408.454:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10320 comm="syz.1.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2277c799 code=0x7ffc0000 [ 537.523810][ T5803] usb 5-1: Using ep0 maxpacket: 8 [ 537.526149][ T5803] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 537.533542][ T5803] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 537.533577][ T5803] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 537.533599][ T5803] usb 5-1: Product: syz [ 537.533615][ T5803] usb 5-1: Manufacturer: syz [ 537.533631][ T5803] usb 5-1: SerialNumber: syz [ 537.823617][T10319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.824221][T10319] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 537.853593][ T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 537.893275][T10331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1322'. [ 537.973788][ T5803] usb 5-1: palm_os_3_probe - error -110 getting connection information [ 537.973857][ T5803] visor 5-1:1.0: probe with driver visor failed with error -110 [ 538.059091][T10132] hsr_slave_0: entered promiscuous mode [ 538.060027][T10132] hsr_slave_1: entered promiscuous mode [ 538.060598][T10132] debugfs: 'hsr0' already exists in 'hsr' [ 538.060614][T10132] Cannot create hsr debugfs directory [ 538.063785][ T10] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 538.063814][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.063834][ T10] usb 2-1: Product: syz [ 538.063848][ T10] usb 2-1: Manufacturer: syz [ 538.063862][ T10] usb 2-1: SerialNumber: syz [ 538.129764][ T10] usb 2-1: config 0 descriptor?? [ 538.137921][ T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 538.177384][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 538.181471][ T10] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 538.181510][ T10] usb 2-1: media controller created [ 538.204640][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 538.262434][ T10] DVB: Unable to find symbol mt352_attach() [ 538.302838][ T10] DVB: Unable to find symbol nxt6000_attach() [ 538.302850][ T10] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 538.308069][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input13 [ 538.312130][ T10] dvb-usb: schedule remote query interval to 1000 msecs. [ 538.312151][ T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 538.312505][ T10] dvb-usb: bulk message failed: -22 (7/0) [ 538.312523][ T10] dvb-usb: bulk message failed: -22 (7/0) [ 538.313527][ T5811] Bluetooth: hci2: command tx timeout [ 538.467211][ T10] usb 2-1: USB disconnect, device number 41 [ 538.483573][ T57] hsr_slave_0: left promiscuous mode [ 538.523605][ T57] hsr_slave_1: left promiscuous mode [ 538.524769][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.524878][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.576000][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.576030][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.610078][ T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 538.698376][ T57] veth1_macvtap: left promiscuous mode [ 538.698559][ T57] veth0_macvtap: left promiscuous mode [ 538.698739][ T57] veth1_vlan: left promiscuous mode [ 538.698942][ T57] veth0_vlan: left promiscuous mode [ 538.966664][T10319] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 538.975658][T10319] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 539.118194][T10319] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 539.199060][T10319] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 539.199484][T10319] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 539.289537][T10319] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 539.665450][T10342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1327'. [ 539.694622][ T57] team0 (unregistering): Port device team_slave_1 removed [ 539.747570][ T57] team0 (unregistering): Port device team_slave_0 removed [ 540.021199][ T10] usb 5-1: USB disconnect, device number 32 [ 540.073520][ T5811] Bluetooth: hci5: command 0x0c1a tx timeout [ 541.490407][T10353] FAULT_INJECTION: forcing a failure. [ 541.490407][T10353] name failslab, interval 1, probability 0, space 0, times 0 [ 541.490447][T10353] CPU: 1 UID: 0 PID: 10353 Comm: syz.4.1329 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 541.490479][T10353] Tainted: [L]=SOFTLOCKUP [ 541.490487][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 541.490500][T10353] Call Trace: [ 541.490508][T10353] [ 541.490517][T10353] dump_stack_lvl+0xe8/0x150 [ 541.490557][T10353] should_fail_ex+0x46b/0x600 [ 541.490592][T10353] should_failslab+0xa8/0x100 [ 541.490619][T10353] __kmalloc_noprof+0xdf/0x7b0 [ 541.490652][T10353] ? __kmalloc_cache_noprof+0x3a6/0x690 [ 541.490687][T10353] ? qp_broker_alloc+0x86a/0x2150 [ 541.490708][T10353] ? qp_broker_alloc+0x3b0/0x2150 [ 541.490734][T10353] qp_broker_alloc+0x86a/0x2150 [ 541.490775][T10353] vmci_qp_broker_alloc+0x92/0xc0 [ 541.490807][T10353] vmci_host_unlocked_ioctl+0x14b6/0x2850 [ 541.490853][T10353] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 541.490916][T10353] ? kasan_quarantine_put+0xbb/0x1f0 [ 541.490959][T10353] ? tomoyo_path_number_perm+0x219/0x630 [ 541.490997][T10353] ? tomoyo_path_number_perm+0x219/0x630 [ 541.491037][T10353] ? do_vfs_ioctl+0x117b/0x1540 [ 541.491061][T10353] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 541.491106][T10353] ? __asan_memset+0x22/0x50 [ 541.491142][T10353] ? __pfx_smack_file_ioctl+0x10/0x10 [ 541.491187][T10353] ? __fget_files+0x2a/0x420 [ 541.491215][T10353] ? __fget_files+0x3a6/0x420 [ 541.491241][T10353] ? __fget_files+0x2a/0x420 [ 541.491274][T10353] ? bpf_lsm_file_ioctl+0x9/0x20 [ 541.491307][T10353] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 541.491344][T10353] __se_sys_ioctl+0xff/0x170 [ 541.491382][T10353] do_syscall_64+0x14d/0xf80 [ 541.491416][T10353] ? trace_irq_disable+0x3b/0x150 [ 541.491442][T10353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.491465][T10353] ? clear_bhb_loop+0x40/0x90 [ 541.491494][T10353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.491517][T10353] RIP: 0033:0x7fb50b3ac799 [ 541.491538][T10353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.491558][T10353] RSP: 002b:00007fb5095c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.491582][T10353] RAX: ffffffffffffffda RBX: 00007fb50b626180 RCX: 00007fb50b3ac799 [ 541.491599][T10353] RDX: 0000200000000080 RSI: 00000000000007a8 RDI: 0000000000000003 [ 541.491614][T10353] RBP: 00007fb5095c4090 R08: 0000000000000000 R09: 0000000000000000 [ 541.491628][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.491641][T10353] R13: 00007fb50b626218 R14: 00007fb50b626180 R15: 00007ffd92c63d28 [ 541.491677][T10353] [ 543.864318][ T5811] Bluetooth: hci2: command 0x0c1a tx timeout [ 543.864601][ T5811] Bluetooth: hci5: command 0x0c1a tx timeout [ 545.217123][T10381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 545.404062][ T5877] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 545.713328][ T5877] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 545.713487][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.713512][ T5877] usb 5-1: Product: syz [ 545.713527][ T5877] usb 5-1: Manufacturer: syz [ 545.713543][ T5877] usb 5-1: SerialNumber: syz [ 545.787902][ T5877] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 545.840659][ T5858] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 545.948635][ T5804] Bluetooth: hci5: command 0x0c1a tx timeout [ 545.948676][ T5804] Bluetooth: hci2: command 0x0c1a tx timeout [ 546.088190][T10377] nfs: Unknown parameter ' ' [ 546.103182][T10290] chnl_net:caif_netlink_parms(): no params data found [ 546.304790][T10377] tmpfs: Unknown parameter 'usrquota˙˙˙˙' [ 547.211142][ T5858] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 547.211349][ T5858] ath9k_htc: Failed to initialize the device [ 547.345889][ T5858] usb 5-1: ath9k_htc: USB layer deinitialized [ 547.753618][T10401] serio: Serial port ptm0 [ 547.894093][T10290] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.896341][T10290] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.896613][T10290] bridge_slave_0: entered allmulticast mode [ 547.931744][T10290] bridge_slave_0: entered promiscuous mode [ 547.952536][T10290] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.963631][T10290] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.963896][T10290] bridge_slave_1: entered allmulticast mode [ 547.993757][ T5811] Bluetooth: hci2: command 0x0c1a tx timeout [ 548.016568][T10290] bridge_slave_1: entered promiscuous mode [ 548.018607][T10132] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 548.106023][ T57] IPVS: stop unused estimator thread 0... [ 548.302243][T10132] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 548.313444][ T6742] usb 5-1: USB disconnect, device number 33 [ 548.486462][T10132] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 548.565822][T10290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.566115][T10132] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 548.617625][T10290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.736675][T10417] team0: Port device vlan3 added [ 548.773611][ T5951] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 548.812340][T10290] team0: Port device team_slave_0 added [ 548.834470][T10290] team0: Port device team_slave_1 added [ 548.942977][T10290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 548.943006][T10290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 548.943036][T10290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 548.953630][ T5951] usb 5-1: Using ep0 maxpacket: 16 [ 548.957099][T10290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 548.957115][T10290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 548.957353][T10290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.054590][ T5951] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 549.054622][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.054640][ T5951] usb 5-1: Product: syz [ 549.054652][ T5951] usb 5-1: Manufacturer: syz [ 549.054665][ T5951] usb 5-1: SerialNumber: syz [ 549.401831][ T5951] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 549.440713][ T5951] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 549.441165][ T5951] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 549.441229][ T5951] usb 5-1: media controller created [ 549.504787][ T5951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 549.623895][ T6742] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 549.645681][T10429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 549.656473][T10429] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 549.694020][T10290] hsr_slave_0: entered promiscuous mode [ 549.700978][T10290] hsr_slave_1: entered promiscuous mode [ 549.784075][ T5951] zl10353_read_register: readreg error (reg=127, ret==-110) [ 550.929319][T10429] syzkaller1: entered promiscuous mode [ 550.929348][T10429] syzkaller1: entered allmulticast mode [ 550.960358][ T5951] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 551.453593][ T6742] usb 2-1: device descriptor read/64, error -71 [ 551.502460][ T5858] usb 5-1: USB disconnect, device number 34 [ 551.589332][T10132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 551.709456][ T6742] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 551.775711][T10132] 8021q: adding VLAN 0 to HW filter on device team0 [ 551.840801][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.843813][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 551.853639][ T6742] usb 2-1: Using ep0 maxpacket: 16 [ 551.855962][ T6742] usb 2-1: config index 0 descriptor too short (expected 51443, got 18) [ 551.858740][ T6742] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 551.858767][ T6742] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.858787][ T6742] usb 2-1: Product: syz [ 551.858801][ T6742] usb 2-1: Manufacturer: syz [ 551.858814][ T6742] usb 2-1: SerialNumber: syz [ 551.868229][ T6742] r8152-cfgselector 2-1: Unknown version 0x0000 [ 551.868253][ T6742] r8152-cfgselector 2-1: config 0 descriptor?? [ 552.099637][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.099924][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 552.419063][T10463] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 552.687566][T10441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 552.688130][T10441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 552.691095][T10441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 552.691667][T10441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 552.722319][T10441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 552.722927][T10441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 552.733616][ T1087] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 552.766220][T10441] netlink: 'syz.1.1347': attribute type 11 has an invalid length. [ 552.822848][ T5951] r8152-cfgselector 2-1: USB disconnect, device number 43 [ 552.856548][T10290] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 552.891862][ T1087] usb 4-1: Using ep0 maxpacket: 16 [ 552.897416][ T1087] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 552.897447][ T1087] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.897467][ T1087] usb 4-1: Product: syz [ 552.897480][ T1087] usb 4-1: Manufacturer: syz [ 552.897494][ T1087] usb 4-1: SerialNumber: syz [ 552.908689][ T1087] r8152-cfgselector 4-1: Unknown version 0x0000 [ 552.908713][ T1087] r8152-cfgselector 4-1: config 0 descriptor?? [ 552.993194][T10290] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 553.027814][T10290] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 555.819539][ T1087] r8152-cfgselector 4-1: Unknown version 0x0000 [ 555.820157][ T1087] r8152-cfgselector 4-1: bad CDC descriptors [ 555.843999][T10290] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 555.894050][ T1087] r8152-cfgselector 4-1: USB disconnect, device number 38 [ 555.962289][T10473] openvswitch: netlink: ufid size 260 bytes exceeds the range (1, 16) [ 555.962316][T10473] openvswitch: netlink: Message has 16 unknown bytes. [ 557.233932][ T5858] usb 2-1: new low-speed USB device number 44 using dummy_hcd [ 557.723463][ T5858] usb 2-1: Invalid ep0 maxpacket: 64 [ 558.139007][ T5858] usb 2-1: new low-speed USB device number 45 using dummy_hcd [ 558.893488][ T5858] usb 2-1: Invalid ep0 maxpacket: 64 [ 558.894062][ T5858] usb usb2-port1: attempt power cycle [ 560.803589][ T5858] usb 2-1: new low-speed USB device number 46 using dummy_hcd [ 560.833953][ T5858] usb 2-1: device descriptor read/8, error -71 [ 561.189151][T10290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.246440][T10290] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.324031][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.324278][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.349850][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.349998][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.157750][T10132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 564.764250][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.764329][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.946700][T10290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 565.403531][ T5803] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 565.575921][ T5803] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 565.575958][ T5803] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 565.576008][ T5803] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 565.576035][ T5803] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.834346][ T5803] usb 5-1: usb_control_msg returned -32 [ 565.834398][ T5803] usbtmc 5-1:16.0: can't read capabilities [ 566.052413][T10290] veth0_vlan: entered promiscuous mode [ 566.138048][T10290] veth1_vlan: entered promiscuous mode [ 567.232286][T10290] veth0_macvtap: entered promiscuous mode [ 567.255553][ T5858] usb 5-1: USB disconnect, device number 35 [ 567.257580][T10290] veth1_macvtap: entered promiscuous mode [ 567.394804][T10290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 567.462189][T10290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 567.511195][ T57] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.511474][ T57] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.511997][ T57] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.512205][ T57] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.648472][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 567.661831][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 567.677547][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 567.682939][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 567.685940][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 569.592906][T10591] Bluetooth: MGMT ver 1.23 [ 569.753574][ T5811] Bluetooth: hci3: command tx timeout [ 569.792535][T10578] lo speed is unknown, defaulting to 1000 [ 569.811281][T10578] lo speed is unknown, defaulting to 1000 [ 572.539111][ T5811] Bluetooth: hci3: command tx timeout [ 572.725178][ T8524] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 572.725202][ T8524] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 574.443524][ T809] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 574.660704][ T5811] Bluetooth: hci3: command tx timeout [ 576.138701][ T6196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 576.138726][ T6196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 576.163512][ T809] usb 4-1: Using ep0 maxpacket: 16 [ 576.171086][ T809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.171110][ T809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.171125][ T809] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 576.171161][ T809] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 576.171179][ T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.242888][ T809] usb 4-1: config 0 descriptor?? [ 576.513552][ T5886] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 576.687472][ T5886] usb 5-1: Using ep0 maxpacket: 16 [ 576.690057][ T5886] usb 5-1: config index 0 descriptor too short (expected 51443, got 18) [ 576.694179][ T5886] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 576.694207][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.694229][ T5886] usb 5-1: Product: syz [ 576.694246][ T5886] usb 5-1: Manufacturer: syz [ 576.694261][ T5886] usb 5-1: SerialNumber: syz [ 576.697227][ T809] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 576.697261][ T809] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 576.717502][ T5886] r8152-cfgselector 5-1: Unknown version 0x0000 [ 576.717530][ T5886] r8152-cfgselector 5-1: config 0 descriptor?? [ 576.725589][ T5811] Bluetooth: hci3: command tx timeout [ 576.851201][ T809] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 576.851250][ T809] microsoft 0003:045E:07DA.0008: no inputs found [ 576.851267][ T809] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 576.888836][ T809] usb 4-1: USB disconnect, device number 39 [ 577.051622][T10649] fido_id[10649]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 577.147591][T10646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.148213][T10646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.151446][T10646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.152069][T10646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.178073][T10646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.178615][T10646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.181529][T10646] netlink: 'syz.4.1387': attribute type 11 has an invalid length. [ 577.235707][ T5858] r8152-cfgselector 5-1: USB disconnect, device number 36 [ 577.552266][T10578] chnl_net:caif_netlink_parms(): no params data found [ 578.496699][ T12] bridge_slave_1: left allmulticast mode [ 578.496731][ T12] bridge_slave_1: left promiscuous mode [ 578.496950][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.626269][ T12] bridge_slave_0: left allmulticast mode [ 578.626304][ T12] bridge_slave_0: left promiscuous mode [ 578.626569][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.816868][ T10] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 578.899101][T10675] FAULT_INJECTION: forcing a failure. [ 578.899101][T10675] name failslab, interval 1, probability 0, space 0, times 0 [ 578.899144][T10675] CPU: 0 UID: 0 PID: 10675 Comm: syz.1.1388 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 578.899184][T10675] Tainted: [L]=SOFTLOCKUP [ 578.899193][T10675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 578.899207][T10675] Call Trace: [ 578.899217][T10675] [ 578.899227][T10675] dump_stack_lvl+0xe8/0x150 [ 578.899267][T10675] should_fail_ex+0x46b/0x600 [ 578.899303][T10675] should_failslab+0xa8/0x100 [ 578.899328][T10675] kmem_cache_alloc_noprof+0x87/0x680 [ 578.899362][T10675] ? skb_clone+0x212/0x3a0 [ 578.899392][T10675] skb_clone+0x212/0x3a0 [ 578.899421][T10675] __netlink_deliver_tap+0x404/0x850 [ 578.899467][T10675] ? netlink_deliver_tap+0x2e/0x1b0 [ 578.899500][T10675] netlink_deliver_tap+0x19c/0x1b0 [ 578.899531][T10675] netlink_unicast+0x805/0x9f0 [ 578.899569][T10675] ? __pfx_netlink_unicast+0x10/0x10 [ 578.899599][T10675] ? netlink_sendmsg+0x650/0xb40 [ 578.899628][T10675] ? skb_put+0x11b/0x210 [ 578.899666][T10675] netlink_sendmsg+0x813/0xb40 [ 578.899706][T10675] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.899746][T10675] ? unwind_get_return_address+0x4d/0x90 [ 578.899783][T10675] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 578.899821][T10675] ____sys_sendmsg+0x94c/0x9c0 [ 578.899852][T10675] ? __pfx_____sys_sendmsg+0x10/0x10 [ 578.899887][T10675] ? import_iovec+0x73/0xa0 [ 578.899937][T10675] ___sys_sendmsg+0x2a5/0x360 [ 578.899967][T10675] ? __pfx____sys_sendmsg+0x10/0x10 [ 578.900032][T10675] ? __fget_files+0x2a/0x420 [ 578.900059][T10675] ? __fget_files+0x3a6/0x420 [ 578.900099][T10675] __x64_sys_sendmsg+0x1c3/0x2a0 [ 578.900127][T10675] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 578.900170][T10675] ? __pfx_ksys_write+0x10/0x10 [ 578.900215][T10675] do_syscall_64+0x14d/0xf80 [ 578.900251][T10675] ? trace_irq_disable+0x3b/0x150 [ 578.900278][T10675] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.900302][T10675] ? clear_bhb_loop+0x40/0x90 [ 578.900330][T10675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.900353][T10675] RIP: 0033:0x7f8f2277c799 [ 578.900375][T10675] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 578.900394][T10675] RSP: 002b:00007f8f209ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 578.900419][T10675] RAX: ffffffffffffffda RBX: 00007f8f229f5fa0 RCX: 00007f8f2277c799 [ 578.900436][T10675] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 578.900450][T10675] RBP: 00007f8f209ce090 R08: 0000000000000000 R09: 0000000000000000 [ 578.900464][T10675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.900478][T10675] R13: 00007f8f229f6038 R14: 00007f8f229f5fa0 R15: 00007ffdc3839108 [ 578.900511][T10675] [ 578.964925][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 578.970774][ T10] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 578.970804][ T10] usb 5-1: config 0 has no interface number 0 [ 578.978727][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 578.978758][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.978780][ T10] usb 5-1: Product: syz [ 578.978794][ T10] usb 5-1: Manufacturer: syz [ 578.978809][ T10] usb 5-1: SerialNumber: syz [ 578.997680][ T10] usb 5-1: config 0 descriptor?? [ 579.029336][ T10] hub 5-1:0.132: bad descriptor, ignoring hub [ 579.029375][ T10] hub 5-1:0.132: probe with driver hub failed with error -5 [ 579.056544][ T10] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input15 [ 581.865511][ T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 581.903522][ T809] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 582.023499][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 582.060136][ T10] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 582.060173][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.060197][ T10] usb 4-1: Product: syz [ 582.060214][ T10] usb 4-1: Manufacturer: syz [ 582.060231][ T10] usb 4-1: SerialNumber: syz [ 582.066865][ T10] usb 4-1: config 0 descriptor?? [ 582.073569][ T809] usb 7-1: Using ep0 maxpacket: 16 [ 582.096470][ T809] usb 7-1: config index 0 descriptor too short (expected 51443, got 18) [ 582.100613][ T809] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 582.100642][ T809] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.100662][ T809] usb 7-1: Product: syz [ 582.100677][ T809] usb 7-1: Manufacturer: syz [ 582.100692][ T809] usb 7-1: SerialNumber: syz [ 582.107307][ T10] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 582.115325][ T809] r8152-cfgselector 7-1: Unknown version 0x0000 [ 582.115350][ T809] r8152-cfgselector 7-1: config 0 descriptor?? [ 582.416121][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.531264][T10693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.531925][T10693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.550640][T10693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.551227][T10693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.560970][T10693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 582.563056][T10693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 582.583706][T10693] netlink: 'syz.6.1399': attribute type 11 has an invalid length. [ 582.646243][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 582.691219][ T12] bond0 (unregistering): Released all slaves [ 583.648213][T10712] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 583.839121][ T809] r8152-cfgselector 7-1: USB disconnect, device number 2 [ 583.845981][T10578] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.859353][T10578] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.859626][T10578] bridge_slave_0: entered allmulticast mode [ 583.868216][T10578] bridge_slave_0: entered promiscuous mode [ 583.897263][T10578] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.897442][T10578] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.897711][T10578] bridge_slave_1: entered allmulticast mode [ 583.900750][T10578] bridge_slave_1: entered promiscuous mode [ 584.227803][T10578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 584.262840][T10578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 584.315364][ T5803] usb 4-1: USB disconnect, device number 40 [ 584.778054][T10717] m1I: entered promiscuous mode [ 584.790309][T10578] team0: Port device team_slave_0 added [ 585.931459][T10578] team0: Port device team_slave_1 added [ 586.413890][ T12] hsr_slave_0: left promiscuous mode [ 586.482651][ T12] hsr_slave_1: left promiscuous mode [ 586.488711][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.601606][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.975137][ T31] usb 5-1: USB disconnect, device number 37 [ 589.103628][ T809] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 589.259019][ T809] usb 4-1: Using ep0 maxpacket: 16 [ 589.266301][ T809] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 589.266333][ T809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.266356][ T809] usb 4-1: Product: syz [ 589.266371][ T809] usb 4-1: Manufacturer: syz [ 589.266386][ T809] usb 4-1: SerialNumber: syz [ 589.291954][ T809] usb 4-1: config 0 descriptor?? [ 589.348350][ T809] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 590.540051][ T31] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 590.723749][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 590.728573][ T31] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 590.728609][ T31] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 590.728640][ T31] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 590.728667][ T31] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 590.728720][ T31] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 590.728747][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.816201][ T12] team0 (unregistering): Port device team_slave_1 removed [ 590.899896][ T12] team0 (unregistering): Port device team_slave_0 removed [ 591.097713][ T5886] usb 4-1: USB disconnect, device number 41 [ 591.154077][ T31] usb 5-1: GET_CAPABILITIES returned 0 [ 591.154143][ T31] usbtmc 5-1:16.0: can't read capabilities [ 591.239882][T10766] random: crng reseeded on system resumption [ 591.873513][ T31] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 592.148128][T10786] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 593.433908][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64 [ 593.457867][ T31] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 593.457917][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.457940][ T31] usb 4-1: Product: syz [ 593.457957][ T31] usb 4-1: Manufacturer: syz [ 593.457973][ T31] usb 4-1: SerialNumber: syz [ 593.589163][ T31] usb 4-1: config 0 descriptor?? [ 593.643229][ T31] uvcvideo 4-1:0.0: Found UVC 0.00 device syz (18ec:3288) [ 593.643270][ T31] uvcvideo 4-1:0.0: No valid video chain found. [ 593.800081][ T31] usb 4-1: USB disconnect, device number 42 [ 593.857160][ T809] usb 5-1: USB disconnect, device number 38 [ 594.061048][T10578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 594.061068][T10578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 594.061101][T10578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 594.122015][T10578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 594.122034][T10578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 594.122067][T10578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 594.692328][T10578] hsr_slave_0: entered promiscuous mode [ 594.707788][T10578] hsr_slave_1: entered promiscuous mode [ 594.708832][T10578] debugfs: 'hsr0' already exists in 'hsr' [ 594.708859][T10578] Cannot create hsr debugfs directory [ 596.929866][ T6197] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.931646][ T6197] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.932124][ T6197] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 596.932169][ T6197] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 598.788771][T10830] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 602.403525][ T5858] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 602.636218][ T5858] usb 5-1: Using ep0 maxpacket: 16 [ 602.658754][ T5858] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 602.658789][ T5858] usb 5-1: config 0 has no interface number 0 [ 602.679499][ T5858] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 602.679536][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.679559][ T5858] usb 5-1: Product: syz [ 602.679576][ T5858] usb 5-1: Manufacturer: syz [ 602.679591][ T5858] usb 5-1: SerialNumber: syz [ 602.725633][ T5858] usb 5-1: config 0 descriptor?? [ 602.733516][ T31] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 602.750317][ T5858] hub 5-1:0.132: bad descriptor, ignoring hub [ 602.750357][ T5858] hub 5-1:0.132: probe with driver hub failed with error -5 [ 602.780385][ T5858] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input16 [ 602.916192][ T31] usb 7-1: config 0 has no interfaces? [ 602.918572][ T31] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 602.918606][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 602.918628][ T31] usb 7-1: SerialNumber: syz [ 602.986136][ T31] usb 7-1: config 0 descriptor?? [ 603.197974][ T31] usb 7-1: USB disconnect, device number 3 [ 605.089811][T10578] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 605.299599][T10578] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 605.555531][T10578] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 605.573516][ T809] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 605.628141][T10578] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 605.723656][ T809] usb 7-1: Using ep0 maxpacket: 16 [ 605.735323][ T809] usb 7-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 605.735354][ T809] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.735375][ T809] usb 7-1: Product: syz [ 605.735390][ T809] usb 7-1: Manufacturer: syz [ 605.735405][ T809] usb 7-1: SerialNumber: syz [ 605.961382][T10902] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 605.987202][ T809] usb 7-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 606.002396][ T809] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 606.002818][ T809] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 606.002866][ T809] usb 7-1: media controller created [ 606.072461][ T809] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 606.223712][T10891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 606.232307][T10891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 606.292953][T10891] syzkaller1: entered promiscuous mode [ 606.292984][T10891] syzkaller1: entered allmulticast mode [ 606.404024][ T809] zl10353_read_register: readreg error (reg=127, ret==-110) [ 606.679530][ T809] dvb_usb_gl861 7-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 606.957985][T10578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 607.043643][ T10] usb 7-1: USB disconnect, device number 4 [ 607.131081][T10578] 8021q: adding VLAN 0 to HW filter on device team0 [ 607.178752][ T6196] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.179769][ T6196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 607.257206][ T6196] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.257372][ T6196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 609.085808][T10578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 609.153844][ T31] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 609.285339][ T5886] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 609.306928][ T31] usb 7-1: config 0 has no interfaces? [ 609.308488][ T31] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 609.308520][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 609.308543][ T31] usb 7-1: SerialNumber: syz [ 609.364018][ T31] usb 7-1: config 0 descriptor?? [ 609.443503][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 609.446248][ T5886] usb 2-1: too many configurations: 56, using maximum allowed: 8 [ 609.448444][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 609.448492][ T5886] usb 2-1: can't read configurations, error -61 [ 609.573491][ T5886] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 609.591590][ T5858] usb 5-1: USB disconnect, device number 39 [ 609.602806][ T31] usb 7-1: USB disconnect, device number 5 [ 609.871091][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 609.872170][ T5886] usb 2-1: too many configurations: 56, using maximum allowed: 8 [ 609.875995][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 609.876039][ T5886] usb 2-1: can't read configurations, error -61 [ 609.881925][ T5886] usb usb2-port1: attempt power cycle [ 610.567051][ T5886] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 610.664511][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 611.271927][ T5886] usb 2-1: too many configurations: 56, using maximum allowed: 8 [ 611.295350][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 611.295396][ T5886] usb 2-1: can't read configurations, error -61 [ 611.533484][ T5886] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 611.554379][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 611.558965][ T5886] usb 2-1: too many configurations: 56, using maximum allowed: 8 [ 611.580334][ T5886] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 611.580362][ T5886] usb 2-1: can't read configurations, error -61 [ 611.580631][ T5886] usb usb2-port1: unable to enumerate USB device [ 611.687147][T10578] veth0_vlan: entered promiscuous mode [ 611.706666][T10578] veth1_vlan: entered promiscuous mode [ 613.227541][T10979] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 613.679916][T10578] veth0_macvtap: entered promiscuous mode [ 613.742276][T10981] 9p: Bad value for 'wfdno' [ 613.766708][T10578] veth1_macvtap: entered promiscuous mode [ 613.923820][T10578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.968939][T10578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 614.003579][ T57] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.006831][ T57] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.008506][ T57] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.010032][ T57] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.138104][T10990] comedi comedi4: bad chanlist[0]=0x00040007 chan=7 range length=2 [ 614.313988][ T5858] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 614.403573][ T31] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 614.493795][ T5858] usb 5-1: Using ep0 maxpacket: 16 [ 614.524274][ T5858] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 614.524310][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.524334][ T5858] usb 5-1: Product: syz [ 614.524352][ T5858] usb 5-1: Manufacturer: syz [ 614.524368][ T5858] usb 5-1: SerialNumber: syz [ 614.574086][ T5858] usb 5-1: config 0 descriptor?? [ 614.589016][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 614.589954][ T31] usb 2-1: too many configurations: 228, using maximum allowed: 8 [ 614.607654][ T31] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 614.607699][ T31] usb 2-1: can't read configurations, error -61 [ 614.615938][ T5858] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 614.733518][ T31] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 614.778425][ T1861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.778448][ T1861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.886646][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 614.887546][ T31] usb 2-1: too many configurations: 228, using maximum allowed: 8 [ 614.889725][ T31] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 614.889765][ T31] usb 2-1: can't read configurations, error -61 [ 614.890214][ T31] usb usb2-port1: attempt power cycle [ 615.001385][ T6197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 615.001410][ T6197] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 615.226818][ T31] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 615.254649][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 615.255516][ T31] usb 2-1: too many configurations: 228, using maximum allowed: 8 [ 615.257690][ T31] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 615.257729][ T31] usb 2-1: can't read configurations, error -61 [ 615.379582][ T10] usb 5-1: USB disconnect, device number 40 [ 615.389441][ T31] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 615.404363][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 615.405231][ T31] usb 2-1: too many configurations: 228, using maximum allowed: 8 [ 615.407526][ T31] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 615.407569][ T31] usb 2-1: can't read configurations, error -61 [ 615.411576][ T31] usb usb2-port1: unable to enumerate USB device [ 617.403479][ T10] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 618.739915][ T10] usb 5-1: device descriptor read/all, error -71 [ 619.186969][T11032] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 621.139221][T11045] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1477'. [ 622.423526][ T809] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 622.585508][ T809] usb 5-1: config 0 has no interfaces? [ 622.586731][ T809] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 622.586762][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 622.586784][ T809] usb 5-1: SerialNumber: syz [ 622.638816][ T809] usb 5-1: config 0 descriptor?? [ 622.860071][ T31] usb 5-1: USB disconnect, device number 43 [ 623.571385][T11091] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 624.288313][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1489'. [ 624.660545][T11117] FAULT_INJECTION: forcing a failure. [ 624.660545][T11117] name failslab, interval 1, probability 0, space 0, times 0 [ 624.660611][T11117] CPU: 0 UID: 0 PID: 11117 Comm: syz.4.1492 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 624.660644][T11117] Tainted: [L]=SOFTLOCKUP [ 624.660652][T11117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 624.660665][T11117] Call Trace: [ 624.660674][T11117] [ 624.660684][T11117] dump_stack_lvl+0xe8/0x150 [ 624.660710][T11117] should_fail_ex+0x46b/0x600 [ 624.660730][T11117] should_failslab+0xa8/0x100 [ 624.660745][T11117] kmem_cache_alloc_noprof+0x87/0x680 [ 624.660766][T11117] ? skb_clone+0x212/0x3a0 [ 624.660780][T11117] ? lockdep_hardirqs_on+0x7a/0x110 [ 624.660802][T11117] skb_clone+0x212/0x3a0 [ 624.660818][T11117] pfkey_sendmsg+0x4a3/0x1120 [ 624.660834][T11117] ? __pfx___schedule+0x10/0x10 [ 624.660859][T11117] ? __lock_acquire+0x6b5/0x2cf0 [ 624.660872][T11117] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 624.660905][T11117] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 624.660927][T11117] ____sys_sendmsg+0x94c/0x9c0 [ 624.660945][T11117] ? __pfx_____sys_sendmsg+0x10/0x10 [ 624.660963][T11117] ? import_iovec+0x73/0xa0 [ 624.660985][T11117] ___sys_sendmsg+0x2a5/0x360 [ 624.661002][T11117] ? __pfx____sys_sendmsg+0x10/0x10 [ 624.661034][T11117] ? irqentry_exit+0x59e/0x620 [ 624.661054][T11117] ? lockdep_hardirqs_on+0x7a/0x110 [ 624.661088][T11117] __sys_sendmmsg+0x282/0x4e0 [ 624.661105][T11117] ? __pfx___sys_sendmmsg+0x10/0x10 [ 624.661126][T11117] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 624.661151][T11117] ? ksys_write+0x248/0x270 [ 624.661172][T11117] ? __pfx_ksys_write+0x10/0x10 [ 624.661195][T11117] __x64_sys_sendmmsg+0xa0/0xc0 [ 624.661209][T11117] do_syscall_64+0x14d/0xf80 [ 624.661229][T11117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.661243][T11117] ? clear_bhb_loop+0x40/0x90 [ 624.661259][T11117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.661272][T11117] RIP: 0033:0x7fb50b3ac799 [ 624.661285][T11117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 624.661297][T11117] RSP: 002b:00007fb5095e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 624.661313][T11117] RAX: ffffffffffffffda RBX: 00007fb50b626090 RCX: 00007fb50b3ac799 [ 624.661322][T11117] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000006 [ 624.661331][T11117] RBP: 00007fb5095e5090 R08: 0000000000000000 R09: 0000000000000000 [ 624.661339][T11117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 624.661347][T11117] R13: 00007fb50b626128 R14: 00007fb50b626090 R15: 00007ffd92c63d28 [ 624.661367][T11117] [ 626.958116][ T10] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 626.999641][ T10] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 627.339185][T11137] fido_id[11137]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 628.058313][T11143] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 628.690356][T11160] comedi comedi3: comedi_config --init_data is deprecated [ 628.728718][T11160] netlink: 'syz.6.1506': attribute type 1 has an invalid length. [ 628.898425][ T6742] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 628.983505][T10994] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 629.093655][ T6742] usb 6-1: Using ep0 maxpacket: 32 [ 629.095764][ T6742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.095801][ T6742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.095846][ T6742] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 629.095875][ T6742] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.107806][ T6742] usb 6-1: config 0 descriptor?? [ 629.133467][T10994] usb 7-1: Using ep0 maxpacket: 16 [ 629.136259][T10994] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 629.136287][T10994] usb 7-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 629.136313][T10994] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 629.136444][T10994] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 629.136472][T10994] usb 7-1: config 0 interface 0 has no altsetting 0 [ 629.139303][T10994] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 629.139330][T10994] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 629.139350][T10994] usb 7-1: Product: syz [ 629.139364][T10994] usb 7-1: Manufacturer: syz [ 629.139379][T10994] usb 7-1: SerialNumber: syz [ 629.183103][T10994] usb 7-1: config 0 descriptor?? [ 629.185639][T11160] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 629.388342][T10994] usb 7-1: Can not set alternate setting to 1, error: -71 [ 629.388455][T10994] synaptics_usb 7-1:0.0: probe with driver synaptics_usb failed with error -71 [ 629.450717][T10994] usb 7-1: USB disconnect, device number 6 [ 629.601633][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.601777][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.631545][ T6742] usbhid 6-1:0.0: can't add hid device: -71 [ 629.631683][ T6742] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 629.657932][ T6742] usb 6-1: USB disconnect, device number 2 [ 629.819712][T11173] program syz.1.1508 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 630.215596][T11184] program syz.6.1511 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 631.281784][T11191] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 636.305439][T11206] FAULT_INJECTION: forcing a failure. [ 636.305439][T11206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 636.305483][T11206] CPU: 0 UID: 0 PID: 11206 Comm: syz.1.1517 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 636.305514][T11206] Tainted: [L]=SOFTLOCKUP [ 636.305523][T11206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 636.305537][T11206] Call Trace: [ 636.305546][T11206] [ 636.305557][T11206] dump_stack_lvl+0xe8/0x150 [ 636.305597][T11206] should_fail_ex+0x46b/0x600 [ 636.305632][T11206] _copy_from_user+0x2d/0xb0 [ 636.305667][T11206] ___sys_sendmsg+0x1c6/0x360 [ 636.305698][T11206] ? __pfx____sys_sendmsg+0x10/0x10 [ 636.305759][T11206] ? __fget_files+0x2a/0x420 [ 636.305788][T11206] ? __fget_files+0x3a6/0x420 [ 636.305828][T11206] __x64_sys_sendmsg+0x1c3/0x2a0 [ 636.305855][T11206] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 636.305890][T11206] ? __pfx_ksys_write+0x10/0x10 [ 636.305936][T11206] do_syscall_64+0x14d/0xf80 [ 636.305971][T11206] ? trace_irq_disable+0x3b/0x150 [ 636.306008][T11206] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.306034][T11206] ? clear_bhb_loop+0x40/0x90 [ 636.306062][T11206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.306086][T11206] RIP: 0033:0x7f8f2277c799 [ 636.306108][T11206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 636.306128][T11206] RSP: 002b:00007f8f209ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 636.306154][T11206] RAX: ffffffffffffffda RBX: 00007f8f229f6090 RCX: 00007f8f2277c799 [ 636.306171][T11206] RDX: 0000000000000000 RSI: 00002000000015c0 RDI: 0000000000000006 [ 636.306186][T11206] RBP: 00007f8f209ad090 R08: 0000000000000000 R09: 0000000000000000 [ 636.306200][T11206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 636.306213][T11206] R13: 00007f8f229f6128 R14: 00007f8f229f6090 R15: 00007ffdc3839108 [ 636.306248][T11206] [ 637.525926][T11221] comedi comedi4: bad chanlist[0]=0x00040007 chan=7 range length=2 [ 637.733533][ T5951] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 637.883469][ T5951] usb 4-1: Using ep0 maxpacket: 16 [ 637.885765][ T5951] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 637.885793][ T5951] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 637.885807][ T5951] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 637.885820][ T5951] usb 4-1: config 0 has no interface number 1 [ 637.885856][ T5951] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 637.885874][ T5951] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 637.885889][ T5951] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 637.885910][ T5951] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 637.885928][ T5951] usb 4-1: config 0 interface 125 has no altsetting 0 [ 637.885940][ T5951] usb 4-1: config 0 interface 0 has no altsetting 0 [ 637.887865][ T5951] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 637.887885][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.887897][ T5951] usb 4-1: Product: syz [ 637.887906][ T5951] usb 4-1: Manufacturer: syz [ 637.887916][ T5951] usb 4-1: SerialNumber: syz [ 637.892683][ T5951] usb 4-1: config 0 descriptor?? [ 638.233296][ T6742] usb 4-1: USB disconnect, device number 43 [ 638.411357][ T5951] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 638.460726][ T5951] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 638.573122][T11239] fido_id[11239]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 639.436385][T11255] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 639.436785][T11255] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 641.028482][T11262] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 641.363687][ T36] audit: type=1326 audit(1774163513.364:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11264 comm="syz.3.1536" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09ff12c799 code=0x0 [ 641.904335][T10994] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 641.915509][T10994] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 642.306218][T10994] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 642.615507][ T6742] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 643.244628][T10994] usb 5-1: device descriptor read/64, error -71 [ 643.333415][ T6742] usb 6-1: Using ep0 maxpacket: 16 [ 643.335906][ T6742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.335943][ T6742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.335987][ T6742] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 643.336014][ T6742] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.413959][ T6742] usb 6-1: config 0 descriptor?? [ 643.525477][T10994] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 643.653485][T10994] usb 5-1: device descriptor read/64, error -71 [ 643.775947][T10994] usb usb5-port1: attempt power cycle [ 643.842661][T11290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.855556][T11290] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.861100][T11290] afs: Unknown parameter '18446744073709551615' [ 643.908258][ T6742] usbhid 6-1:0.0: can't add hid device: -71 [ 643.908402][ T6742] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 643.948532][ T6742] usb 6-1: USB disconnect, device number 3 [ 644.228104][T11297] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 644.833562][T10994] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 645.181768][T11301] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 645.559121][T10994] usb 5-1: device descriptor read/8, error -71 [ 645.794225][T11308] netlink: 67 bytes leftover after parsing attributes in process `syz.1.1548'. [ 646.313934][ T5951] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 646.463899][ T5951] usb 7-1: Using ep0 maxpacket: 16 [ 646.470516][ T5951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 646.470565][ T5951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 646.508659][ T5951] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 646.508695][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.508718][ T5951] usb 7-1: Product: syz [ 646.508734][ T5951] usb 7-1: Manufacturer: syz [ 646.508750][ T5951] usb 7-1: SerialNumber: syz [ 646.553091][ T5951] usb 7-1: config 0 descriptor?? [ 646.562252][ T5951] hub 7-1:0.0: bad descriptor, ignoring hub [ 646.562295][ T5951] hub 7-1:0.0: probe with driver hub failed with error -5 [ 646.583674][ T5858] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 646.584439][ T5951] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 646.718028][T11332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1557'. [ 647.033447][ T5858] usb 2-1: Using ep0 maxpacket: 16 [ 647.038281][ T5858] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 647.038304][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.038317][ T5858] usb 2-1: Product: syz [ 647.038327][ T5858] usb 2-1: Manufacturer: syz [ 647.038336][ T5858] usb 2-1: SerialNumber: syz [ 647.373639][ T5803] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 647.389402][ T5858] usb 2-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 647.475312][ T5858] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 647.475782][ T5858] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 647.475841][ T5858] usb 2-1: media controller created [ 647.510264][ T5951] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 647.525212][ T5803] usb 6-1: Using ep0 maxpacket: 32 [ 647.540086][ T5803] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 647.540120][ T5803] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 647.547525][ T5858] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 647.776099][T11341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 647.794135][ T5803] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 647.794157][ T5803] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 647.794171][ T5803] usb 6-1: Product: syz [ 647.794181][ T5803] usb 6-1: Manufacturer: syz [ 647.794190][ T5803] usb 6-1: SerialNumber: syz [ 647.936222][T11343] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 648.382803][ T5951] usb 7-1: USB disconnect, device number 7 [ 648.643218][T11341] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 648.702588][ T5803] usb 6-1: config 0 descriptor?? [ 648.730186][T10443] udevd[10443]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 648.933839][ T5858] zl10353_read_register: readreg error (reg=127, ret==-110) [ 649.037225][T11341] syzkaller1: entered promiscuous mode [ 649.037258][T11341] syzkaller1: entered allmulticast mode [ 649.037522][ T1087] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 649.077139][ T1087] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 649.232863][T11351] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 649.693080][ T5858] dvb_usb_gl861 2-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 649.733608][ T5951] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 649.873688][ T5951] usb 7-1: device descriptor read/64, error -71 [ 650.064692][ T5803] usb 2-1: USB disconnect, device number 56 [ 650.123531][ T5951] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 650.253652][ T5951] usb 7-1: device descriptor read/64, error -71 [ 650.333565][T10994] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 650.367889][ T5951] usb usb7-port1: attempt power cycle [ 650.453645][T11362] FAULT_INJECTION: forcing a failure. [ 650.453645][T11362] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 650.453747][T11362] CPU: 0 UID: 0 PID: 11362 Comm: syz.1.1566 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 650.453776][T11362] Tainted: [L]=SOFTLOCKUP [ 650.453785][T11362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 650.453798][T11362] Call Trace: [ 650.453808][T11362] [ 650.453818][T11362] dump_stack_lvl+0xe8/0x150 [ 650.453856][T11362] should_fail_ex+0x46b/0x600 [ 650.453890][T11362] _copy_from_user+0x2d/0xb0 [ 650.453923][T11362] __ia32_sys_rt_sigreturn+0x379/0x8e0 [ 650.453955][T11362] ? __lock_acquire+0x6b5/0x2cf0 [ 650.453988][T11362] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 650.454046][T11362] ? __task_pid_nr_ns+0x28/0x470 [ 650.454080][T11362] do_syscall_64+0x14d/0xf80 [ 650.454115][T11362] ? trace_irq_disable+0x3b/0x150 [ 650.454142][T11362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.454166][T11362] ? clear_bhb_loop+0x40/0x90 [ 650.454192][T11362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.454215][T11362] RIP: 0033:0x7f8f2271db19 [ 650.454238][T11362] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25 [ 650.454257][T11362] RSP: 002b:00007f8f209cda80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 650.454283][T11362] RAX: ffffffffffffffda RBX: 00007f8f229f5fa0 RCX: 00007f8f2271db19 [ 650.454300][T11362] RDX: 00007f8f209cda80 RSI: 00007f8f209cdbb0 RDI: 0000000000000021 [ 650.454316][T11362] RBP: 00007f8f209ce090 R08: 0000000000000000 R09: 0000000000000000 [ 650.454329][T11362] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 650.454343][T11362] R13: 00007f8f229f6038 R14: 00007f8f229f5fa0 R15: 00007ffdc3839108 [ 650.454367][T11362] [ 650.666732][T10994] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 650.666756][T10994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.672826][T10994] usb 4-1: config 0 descriptor?? [ 650.704871][ T5951] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 650.729185][ T5951] usb 7-1: device descriptor read/8, error -71 [ 650.874566][ T5803] usb 6-1: USB disconnect, device number 4 [ 650.993552][ T5951] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 651.014281][ T5951] usb 7-1: device descriptor read/8, error -71 [ 651.131852][ T5951] usb usb7-port1: unable to enumerate USB device [ 651.847881][T11378] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 653.044674][T11388] KVM: debugfs: duplicate directory 11388-4 [ 653.549770][T11394] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 653.808791][ T1087] usb 4-1: USB disconnect, device number 44 [ 654.611963][T11416] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 655.057512][T11430] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 656.558662][T11469] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 656.725511][T11473] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 656.961211][T11486] kvm: kvm [11480]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 657.511181][T11504] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 657.868126][ T36] audit: type=1326 audit(1774163529.884:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11498 comm="syz.3.1617" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f09ff12c799 code=0x0 [ 659.424214][ T5858] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 660.273537][ T5858] usb 7-1: Using ep0 maxpacket: 16 [ 660.348698][ T5858] usb 7-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 660.348736][ T5858] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.348759][ T5858] usb 7-1: Product: syz [ 660.348776][ T5858] usb 7-1: Manufacturer: syz [ 660.348793][ T5858] usb 7-1: SerialNumber: syz [ 660.406573][ T5858] usb 7-1: config 0 descriptor?? [ 660.414660][ T5858] ums-onetouch 7-1:0.0: USB Mass Storage device detected [ 662.212266][ T809] usb 7-1: USB disconnect, device number 12 [ 664.295097][ T5794] unregister_netdevice: waiting for syz_tun to become free. Usage count = 2 [ 664.295550][ T5794] ref_tracker: netdev@ffff88805a9c86a0 has 1/1 users at [ 664.295550][ T5794] netdev_get_by_index+0x79/0xb0 [ 664.295550][ T5794] fib6_nh_init+0x202/0x1f90 [ 664.295550][ T5794] ip6_route_info_create_nh+0x16a/0xad0 [ 664.295550][ T5794] ip6_route_add+0x6e/0x1d0 [ 664.295550][ T5794] addrconf_prefix_route+0x3a2/0x480 [ 664.295550][ T5794] addrconf_add_linklocal+0x262/0x4a0 [ 664.295550][ T5794] addrconf_addr_gen+0x2f8/0x360 [ 664.295550][ T5794] addrconf_notify+0xb1e/0x1050 [ 664.295550][ T5794] notifier_call_chain+0x1be/0x400 [ 664.295550][ T5794] __dev_notify_flags+0x1a9/0x310 [ 664.295550][ T5794] netif_change_flags+0xe8/0x1a0 [ 664.295550][ T5794] do_setlink+0xf82/0x4590 [ 664.295550][ T5794] rtnl_newlink+0x15a9/0x1be0 [ 664.295550][ T5794] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 664.295550][ T5794] netlink_rcv_skb+0x232/0x4b0 [ 664.295550][ T5794] netlink_unicast+0x831/0x9f0 [ 664.295550][ T5794]