last executing test programs: 16m24.793290644s ago: executing program 0 (id=30): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0x40}, 0x18) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)) 16m21.973984989s ago: executing program 0 (id=35): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r0 = syz_clone3(&(0x7f00000004c0)={0x8038000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000280), {0x2e}, &(0x7f0000000300)=""/128, 0x80, &(0x7f00000006c0)=""/252, &(0x7f0000000480)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x8}, 0x58) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'sit0\x00'}) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000"], 0x50) r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000380)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480}, 0x94) ptrace$poke(0x5, r0, &(0x7f0000000540), 0x8) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000640)=@abs={0x1, 0x0, 0x4e24}, 0x6e) r7 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCVHANGUP(r7, 0x5437, 0x0) syz_io_uring_setup(0x7141, &(0x7f0000000000)={0x0, 0xb4d3, 0x20000, 0x0, 0x224}, &(0x7f0000000080), &(0x7f00000000c0)) ioctl$TCSETSF(r6, 0x5404, &(0x7f00000002c0)={0x9, 0x8, 0x7f, 0xffff, 0x16, "0000ff004000"}) 16m20.813715386s ago: executing program 0 (id=38): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001400010025bd7000fddbdf2501"], 0x4c}, 0x1, 0x0, 0x0, 0x40480cc}, 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setaffinity(r0, 0x8, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00', r5}, 0xe) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 16m18.989232165s ago: executing program 0 (id=42): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0) fsmount(r0, 0x0, 0x5) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs2/binder0\x00', 0x802, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r3 = socket$unix(0x1, 0x3, 0x0) bind$unix(r3, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e20}, 0x6e) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711203000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3d, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f00000001c0)="d6"}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000640)={0x10, 0x0, &(0x7f00000025c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) 16m17.770308189s ago: executing program 0 (id=45): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r3, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 16m16.278923308s ago: executing program 0 (id=47): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002cc0)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x25dfdbff, {}, [{0x34, 0x1, [@m_ife={0x30, 0x7, 0x0, 0x0, {{0x8}, {0x4}, {0x6, 0x6, 'zW'}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x200408d4) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e22, @broadcast}}) 15m59.700240619s ago: executing program 32 (id=47): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7f, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002cc0)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x25dfdbff, {}, [{0x34, 0x1, [@m_ife={0x30, 0x7, 0x0, 0x0, {{0x8}, {0x4}, {0x6, 0x6, 'zW'}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x200408d4) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e22, @broadcast}}) 5m29.429260504s ago: executing program 4 (id=1473): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() r2 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x2, 0x0, 0x3}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket$can_j1939(0x1d, 0x2, 0x7) io_setup(0x8, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) openat$fb0(0xffffffffffffff9c, 0x0, 0x180300, 0x0) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x50, 0x1, 0x5, 0x97aa}, {0x20, 0xfe, 0x2, 0xfffff038}, {0x6, 0xfc, 0x40, 0x5}]}, 0x10) write$binfmt_aout(r6, 0x0, 0xfdef) r8 = syz_io_uring_setup(0x7acd, &(0x7f0000000240)={0x0, 0xf96a, 0x20, 0x3, 0xe6}, 0x0, &(0x7f00000000c0)) io_uring_enter(r8, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 5m26.786374263s ago: executing program 4 (id=1475): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = semget(0x0, 0x4, 0x39c) semop(r0, &(0x7f0000000080)=[{0x3, 0x8001, 0x1000}], 0x1) semop(r0, &(0x7f0000000000)=[{0x0, 0x5, 0x800}, {0x1, 0xffff, 0x1000}, {0x0, 0x7fc0, 0x800}], 0x3) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000240)=[0x7fff]) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) socket$key(0xf, 0x3, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000d80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000070000000900010073797a310000000028000000000a010800000000000000000a00000008000240000000010900010073797a300000000028000000000a030000000000000000000a00000008000240000000000900010073797a30"], 0x98}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x1c, 0x42, 0x1, 0x7fff9, 0x4, {0x1}, [@typed={0x8, 0x20, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008094) sendmsg$key(r2, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000010c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000009ffe50a000000100004800900010073797a3004"], 0x24}}, 0x0) 5m18.656079431s ago: executing program 4 (id=1486): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r1 = syz_open_dev$usbmon(0x0, 0x7, 0x2a200) r2 = io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001580)) r3 = getpgrp(0xffffffffffffffff) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r7, &(0x7f0000004200)='t', 0x1) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, 0x0) ptrace$getenv(0x4201, r3, 0x1000, &(0x7f0000001200)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000014c0)=[{&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000180)=""/102, 0x66}, {&(0x7f0000000000)=""/39, 0x27}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)}, {&(0x7f0000001240)=""/179, 0xb3}, {&(0x7f0000001300)=""/93, 0x5d}, {&(0x7f0000001380)=""/180, 0xb4}, {0x0}], 0x9) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) 5m16.73347144s ago: executing program 4 (id=1488): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) r2 = syz_open_dev$usbmon(0x0, 0x7, 0x2a200) r3 = io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000001580)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) r5 = getpgrp(0xffffffffffffffff) sched_setaffinity(r5, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r9, &(0x7f0000004200)='t', 0x1) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x50009417, &(0x7f0000001780)={{r3}, r4, 0x93bf162153066b5b, @unused=[0x7bc6, 0x1, 0x3, 0xffffffff], @subvolid=0xda3}) ptrace$getenv(0x4201, r5, 0x1000, &(0x7f0000001200)) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000014c0)=[{0x0}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)}, {&(0x7f0000001240)=""/179, 0xb3}, {&(0x7f0000001300)=""/93, 0x5d}, {&(0x7f0000001380)=""/180, 0xb4}, {&(0x7f0000001440)=""/17, 0x11}, {&(0x7f0000001480)=""/26, 0x1a}], 0x8) close_range(r1, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c2c1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029e4daefaea47f8cd5a4f1dee71093ebc076363e14f78dd3b129b4b3ae5a7a085297416f1f1a8aeefa517ed1525ec76469b8b469851cc56c6016d9067dac3de3818856014c98ce8f36dac4d8cdb1f25e3c5de7bdab78066d2418c12e0acde73c05fc80a0658c7fbc52812a8423323a80e8a968e0ace13290fe8f862c1e7233c26f73ca24e5e441dd406e136df3a3996865e0693d955c691c675c3f6191b225d82ea4c6a7b2c1ed690c17768cd2b21ab0ac2ca7673eb9c00d635e146555db84b8a9061c3ca8bbefd2ae2b80f4a0", 0x213}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000cc0)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e", 0x32}], 0x1}}], 0x2, 0x54004) 5m7.824325525s ago: executing program 4 (id=1498): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r1 = syz_open_dev$usbmon(0x0, 0x7, 0x2a200) r2 = io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001580)) r3 = getpgrp(0xffffffffffffffff) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r7, &(0x7f0000004200)='t', 0x1) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, 0x0) ptrace$getenv(0x4201, r3, 0x1000, &(0x7f0000001200)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000014c0)=[{&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000180)=""/102, 0x66}, {&(0x7f0000000000)=""/39, 0x27}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)}, {&(0x7f0000001240)=""/179, 0xb3}, {&(0x7f0000001300)=""/93, 0x5d}, {&(0x7f0000001380)=""/180, 0xb4}, {0x0}], 0x9) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) 5m5.840769878s ago: executing program 4 (id=1501): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x202, 0x0) r2 = dup2(r1, r0) read$FUSE(r2, 0x0, 0xfffffffffffffde3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000050000000000000000000100000a3c000000090a010200000000000000000a0000040900020073795e310000000008000a40fffffffc0900010073797a3100000000080005400000000b"], 0x64}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r9, 0x0, 0x1, 0xe) ioctl$sock_inet_udp_SIOCINQ(r10, 0x5760, 0x0) write(r7, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000ffdbdf253800000008000300", @ANYRES32=r11, @ANYBLOB="0c0058007f000000000000000c0058"], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x80) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d00, 0x0, 0x1}]}) 4m50.190818104s ago: executing program 33 (id=1501): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x202, 0x0) r2 = dup2(r1, r0) read$FUSE(r2, 0x0, 0xfffffffffffffde3) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000050000000000000000000100000a3c000000090a010200000000000000000a0000040900020073795e310000000008000a40fffffffc0900010073797a3100000000080005400000000b"], 0x64}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r9, 0x0, 0x1, 0xe) ioctl$sock_inet_udp_SIOCINQ(r10, 0x5760, 0x0) write(r7, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000ffdbdf253800000008000300", @ANYRES32=r11, @ANYBLOB="0c0058007f000000000000000c0058"], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x80) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d00, 0x0, 0x1}]}) 2m7.404075386s ago: executing program 2 (id=1841): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r1 = syz_open_dev$usbmon(0x0, 0x7, 0x2a200) r2 = io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001580)) r3 = getpgrp(0xffffffffffffffff) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r7, &(0x7f0000004200)='t', 0x1) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, 0x0) ptrace$getenv(0x4201, r3, 0x1000, &(0x7f0000001200)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000014c0)=[{&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000180)=""/102, 0x66}, {&(0x7f0000000000)=""/39, 0x27}, {&(0x7f0000001200)}, {0x0}, {0x0}, {&(0x7f0000001480)=""/26, 0x1a}], 0x7) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) 2m4.099568981s ago: executing program 2 (id=1844): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) cachestat(0xffffffffffffffff, 0x0, 0x0, 0xee) ioctl$BLKFINISHZONE(0xffffffffffffffff, 0x40101288, &(0x7f00000000c0)={0x9, 0x6fe4}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x20008014) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x529ae000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000100000027bf0000000500"], 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r5, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r4, 0x4040942c, &(0x7f0000000380)={0x0, 0x3, [0x4, 0x1b, 0x2b, 0x8, 0x8000, 0x1]}) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m54.703843941s ago: executing program 2 (id=1863): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x8, @mcast2, 0x4}, 0x1c, 0x0}}], 0x1, 0x0) 1m54.534101842s ago: executing program 2 (id=1864): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2009a3, 0x0, 0x0, 0x0, 0xc6c}, [@call={0x85, 0x0, 0x0, 0xc4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) 1m53.19073065s ago: executing program 1 (id=1870): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x5f501}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x11}, 0x40004) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000680)="76389e6a65585578f830e9000000", 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m51.589376199s ago: executing program 1 (id=1871): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) cachestat(0xffffffffffffffff, 0x0, 0x0, 0xee) ioctl$BLKFINISHZONE(0xffffffffffffffff, 0x40101288, &(0x7f00000000c0)={0x9, 0x6fe4}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0x20008014) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x529ae000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000100000027bf0000000500"], 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r5, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r4, 0x4040942c, &(0x7f0000000380)={0x0, 0x3, [0x4, 0x1b, 0x2b, 0x8, 0x8000, 0x1]}) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m50.761516247s ago: executing program 2 (id=1873): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000fb00f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x6a, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380), 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) 1m49.358154582s ago: executing program 1 (id=1877): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={0x0, 0x0, 0x8}, 0x14) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r2}}, 0x48) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)}, 0x45) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440)={0x0, 0x7fb}, &(0x7f0000000040)=0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000680)=@newtaction={0xc4, 0x30, 0x829, 0x0, 0x2, {}, [{0xb0, 0x1, [@m_skbedit={0x40, 0x1, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x4, 0x5, 0x4}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x6c, 0xd, 0x0, 0x0, {{0x7}, {0x30, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @private1={0xfc, 0x1, '\x00', 0x1}}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}, @TCA_CT_ZONE={0x6, 0x4, 0x5}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0x15, 0x6, "53af4ab2dbfe759c864c760e4c92e0bb30"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x666cfab0da37cad9}}}}]}]}, 0xc4}}, 0x0) sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0xbc, 0x3ed, 0x100, 0x70bd29, 0x25dfdbfc, "4066e9a8a634c030b5a4c922427ea50622c80b462519a73aea97c6bf66641b1069497e97b3c857d89d5273485aa468cb66e661eeeefa2a67dd9bb8b4b9e571ea7592afb5e17c620cffccb94cc317e7461f1ad8c2e0b782a8601dba9c44c081ac299b00fcbd6444ebc119df634af4b2d10112273be12ea01283fabf5922858f563d9d5faf371a0dd7262f555ff7a6c5f2993323ce13cf6b0b91cce33df8142791408ae11c2381de8470b59f", ["", "", "", "", "", "", ""]}, 0xbc}, 0x1, 0x0, 0x0, 0x889}, 0x20000000) openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x10, &(0x7f0000000700)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@ldst={0x1, 0x2, 0x6, 0xa, 0x9, 0x8, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x21}, 0x94) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi2\x00', 0x109400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcl818\x00', [0x8001, 0x6, 0x1, 0x0, 0x80002, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x4be, 0x9, 0x8, 0x1100004, 0x6, 0x9, 0x1, 0x80, 0x3, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0x820b, 0x8, 0x9, 0x8, 0x8, 0x10000, 0xfffffff7]}) 1m48.070694115s ago: executing program 1 (id=1878): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r1 = syz_open_dev$usbmon(0x0, 0x7, 0x2a200) r2 = io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000001580)) r3 = getpgrp(0xffffffffffffffff) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r7, &(0x7f0000004200)='t', 0x1) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, 0x0) ptrace$getenv(0x4201, r3, 0x1000, &(0x7f0000001200)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000014c0)=[{&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000180)=""/102, 0x66}, {&(0x7f0000000000)=""/39, 0x27}, {0x0}, {&(0x7f0000001200)}, {0x0}, {0x0}, {&(0x7f0000001480)=""/26, 0x1a}], 0x8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) 1m46.455848147s ago: executing program 1 (id=1880): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="be2e5f1347b7788de40e694c4e266947eaa1d0501d948eba8420c1f83e90921d9fa7ed821ae71e5db37c3f043ce70ea2ebf9753c482f4cabb6a54544bb3ec332676f1a9755", 0x45}, {&(0x7f00000001c0)="1648477f03734adcf6ec1b24f0ad4b02a1dbf0c503d752aa4d17694ec6bd3068c27c428157297de7f15d516225964d1f4fc2e8341369316fdeab74c1d342657b1bb0aae3b56e4e2cdf16419ca7a32eefde", 0x51}], 0x2}, 0x20001810) bind$tipc(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000009a40), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000009b00)={0x0, 0x0, &(0x7f0000009ac0)={&(0x7f0000009a80)={0x30, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {0x0, 0x4000}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x4008004) (async) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x2c, r3, 0x10, 0x70bd26, 0x25dfdbfb, {{}, {}, {0x10, 0x18, {0x1, @bearer=@l2={'eth', 0x3a, 'wg2\x00'}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x40810}, 0x0) (async) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={@fallback, 0xffffffffffffffff, 0x32, 0x2}, 0x20) (async) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r5, 0x0) io_setup(0x1, &(0x7f00000004c0)) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) syz_usb_connect(0x2, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000145f405e04bd84b689010203010902240001000000000904ed0002ff5d010009050303000000050009058a03"], 0x0) (async) r6 = socket$netlink(0x10, 0x3, 0x9) syz_kvm_setup_cpu$x86(r5, r5, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000000)="0f01ca67dfc9b803008ec8f2abf266dbb967060f017aef2ef30fc77500b826008ee0b874008ec066d040f3", 0x2b}], 0x1, 0x20, &(0x7f0000000140)=[@vmwrite={0x8, 0x0, 0x3, 0x0, 0x2, 0x0, 0x3, 0x0, 0x6}], 0x1) (async) r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000600)={'gretap0\x00', 0x0, 0x40, 0x80, 0xffffffff, 0x3, {{0xd, 0x4, 0x0, 0x6, 0x34, 0x66, 0x0, 0x6, 0x4, 0x0, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x18}, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x1c, 0x5, 0x3, 0x1, [{@dev={0xac, 0x14, 0x14, 0x18}, 0x22}, {@rand_addr=0x64010102, 0x6}, {@local, 0x13cdb849}]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000300000000000000200000008500000054000000952c96954e4825773f"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) syz_usb_control_io(r7, 0x0, 0x0) (async) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000500), 0x200) syz_usb_control_io(r7, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000080000000804"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_ep_write(r7, 0x81, 0x0, 0x0) (async) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000480)={0x1, &(0x7f0000000440)=[{0x9, 0x1000}]}) (async) prctl$PR_SET_NAME(0xf, &(0x7f0000000580)='$\'\x00') (async) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14, 0x3ed, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x3f7, 0x1, 0x0, 0x0, {0x7}}}, 0x28}}, 0x4) (async) syz_open_dev$loop(&(0x7f0000000200), 0x7ff, 0xc602) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r5, 0x58, &(0x7f0000000340)}, 0x4) 1m46.310528215s ago: executing program 2 (id=1882): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000fb00f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x6a, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7be}, 0x28) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0}, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x2, &(0x7f0000000100)) sched_setaffinity(0x0, 0xff3a, &(0x7f0000000180)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) 1m39.828644893s ago: executing program 1 (id=1895): r0 = socket$netlink(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x191a40, 0x4) statx(r2, &(0x7f00000000c0)='./file0\x00', 0x0, 0x40, &(0x7f0000000100)) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000003c0)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 1m31.080237831s ago: executing program 34 (id=1882): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000fb00f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x6a, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7be}, 0x28) ioctl$KVM_RUN(r3, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0}, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x2, &(0x7f0000000100)) sched_setaffinity(0x0, 0xff3a, &(0x7f0000000180)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) 1m23.83980549s ago: executing program 35 (id=1895): r0 = socket$netlink(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x191a40, 0x4) statx(r2, &(0x7f00000000c0)='./file0\x00', 0x0, 0x40, &(0x7f0000000100)) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000003c0)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) 16.853352004s ago: executing program 3 (id=2046): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44045}, 0xc090) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', 0x0, 0x0, 0x24, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setresgid(0xee00, 0xee01, 0x0) getpriority(0x2, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r3, &(0x7f0000000100), 0x18) sendmsg$can_j1939(r3, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ec}}, 0x18, &(0x7f00000004c0)={0x0}}, 0x0) syz_io_uring_setup(0x79a8, &(0x7f0000000500)={0x0, 0x8dcb, 0x4220, 0x1, 0xaf}, 0x0, &(0x7f0000000300)) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_GETPDP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="2d090000000000000000020000000800020000000000080001", @ANYBLOB], 0x2c}}, 0x0) 14.925863188s ago: executing program 3 (id=2048): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x8e82, 0x100, 0x14, 0x2ac}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x2, 0x0, 0x0, 0x0) 13.525916s ago: executing program 3 (id=2049): openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x40040, 0xd2, 0xf}, 0x18) socket$kcm(0x2b, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 11.743881108s ago: executing program 3 (id=2053): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 11.09782648s ago: executing program 5 (id=2055): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r1, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r2 = dup(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfffd) close_range(r0, 0xffffffffffffffff, 0x0) 10.190500672s ago: executing program 5 (id=2056): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) request_key(&(0x7f0000000340)='id_legacy\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000003c0)='/dev/vsock\x00', 0xfffffffffffffffe) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x100) dup3(r2, 0xffffffffffffffff, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f0000000180)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 9.733867075s ago: executing program 3 (id=2058): sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001e580)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff2b}], 0x2) 6.765836985s ago: executing program 5 (id=2059): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r3, &(0x7f0000000480)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x60}, 0x80, 0x0}}], 0x2, 0x480d4) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_emit_vhci(&(0x7f00000017c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x1, 0x4}, {0x4, 0x4}}}}, 0x11) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, 0x0) keyctl$clear(0x7, 0x0) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) close(r6) 4.479079855s ago: executing program 5 (id=2061): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)=ANY=[@ANYRES32], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001340)={0x2, 0x6, 0x4, 0x3, 0x2, 0x0, 0x70bd27, 0x25dfdbfc}, 0x10}}, 0xc884) 2.547173336s ago: executing program 5 (id=2063): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000300)={&(0x7f0000ff7000/0x7000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000000f000/0x3000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) preadv(r0, &(0x7f0000001200)=[{&(0x7f0000000080)=""/4097, 0xffffff51}], 0x1, 0x3f, 0x6a76) 2.327014273s ago: executing program 6 (id=2064): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) fcntl$setstatus(r1, 0x4, 0x6800) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(0xffffffffffffffff, r2, 0x3, 0x0) 2.062403447s ago: executing program 6 (id=2065): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r1, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r2 = dup(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfffd) close_range(r0, 0xffffffffffffffff, 0x0) 1.783679621s ago: executing program 5 (id=2066): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xa0000004}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014}) 1.318529198s ago: executing program 3 (id=2067): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) open$dir(&(0x7f0000000300)='./file0/file0\x00', 0x2001, 0x20) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setgroups(0x0, 0x0) sched_rr_get_interval(0xffffffffffffffff, &(0x7f00000001c0)) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) modify_ldt$write(0x1, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r5 = syz_open_pts(r4, 0x0) ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) 1.182879947s ago: executing program 6 (id=2068): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x3516, 0x2, 0x0, 0x0, 0x0) 945.605728ms ago: executing program 6 (id=2069): openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000001e580)=@newtaction={0x18, 0x1e, 0x109, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x2b1e}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = dup(r2) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1) ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000000040)) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfeed, 0xffffffffffffffff) 169.787677ms ago: executing program 6 (id=2070): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000840)=[{&(0x7f0000000000)='X', 0x1}], 0x1) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000080)={0x2013}) r2 = socket$netlink(0x10, 0x3, 0x15) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 0s ago: executing program 6 (id=2071): prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000000000/0x3000)=nil) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xfffffffc, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$pptp(0x18, 0x1, 0x2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$unix(r4, &(0x7f0000003bc0)=[{{&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x24000000}}, {{&(0x7f0000000640)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4000800}}], 0x2, 0x40000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) syz_genetlink_get_family_id$nbd(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0xf0, 0x1c, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0xfff, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}}, 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0) kernel console output (not intermixed with test programs): _adv: batadv0: Adding interface: batadv_slave_0 [ 826.142338][T11012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.142370][T11012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 826.163536][T11012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 826.163552][T11012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.163575][T11012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 827.258873][T11012] hsr_slave_0: entered promiscuous mode [ 827.260365][T11012] hsr_slave_1: entered promiscuous mode [ 827.305590][T11012] debugfs: 'hsr0' already exists in 'hsr' [ 827.305623][T11012] Cannot create hsr debugfs directory [ 832.481004][T11135] netlink: 'syz.3.1553': attribute type 10 has an invalid length. [ 832.569550][T11139] FAULT_INJECTION: forcing a failure. [ 832.569550][T11139] name failslab, interval 1, probability 0, space 0, times 0 [ 832.569589][T11139] CPU: 0 UID: 0 PID: 11139 Comm: syz.1.1554 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 832.569621][T11139] Tainted: [L]=SOFTLOCKUP [ 832.569629][T11139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 832.569643][T11139] Call Trace: [ 832.569652][T11139] [ 832.569662][T11139] dump_stack_lvl+0xe8/0x150 [ 832.569698][T11139] should_fail_ex+0x46c/0x600 [ 832.569733][T11139] ? __alloc_skb+0x1dc/0x3a0 [ 832.569759][T11139] should_failslab+0xa8/0x100 [ 832.569787][T11139] ? __alloc_skb+0x1dc/0x3a0 [ 832.569811][T11139] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 832.569844][T11139] ? lockdep_hardirqs_on+0x7b/0x110 [ 832.569870][T11139] ? __alloc_skb+0x198/0x3a0 [ 832.569895][T11139] __alloc_skb+0x1dc/0x3a0 [ 832.569925][T11139] netlink_sendmsg+0x5c6/0xb30 [ 832.569968][T11139] ? __pfx_netlink_sendmsg+0x10/0x10 [ 832.570008][T11139] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 832.570040][T11139] ? __pfx_netlink_sendmsg+0x10/0x10 [ 832.570071][T11139] __sock_sendmsg+0x21c/0x270 [ 832.570111][T11139] ____sys_sendmsg+0x508/0x810 [ 832.570147][T11139] ? __pfx_____sys_sendmsg+0x10/0x10 [ 832.570186][T11139] ? import_iovec+0x74/0xa0 [ 832.570212][T11139] ___sys_sendmsg+0x21f/0x2a0 [ 832.570244][T11139] ? __pfx____sys_sendmsg+0x10/0x10 [ 832.570317][T11139] ? __fget_files+0x2a/0x420 [ 832.570341][T11139] ? __fget_files+0x3a6/0x420 [ 832.570377][T11139] __x64_sys_sendmsg+0x1a1/0x260 [ 832.570410][T11139] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 832.570450][T11139] ? __pfx_ksys_write+0x10/0x10 [ 832.570496][T11139] do_syscall_64+0xec/0xf80 [ 832.570519][T11139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.570542][T11139] ? trace_irq_disable+0x37/0x100 [ 832.570567][T11139] ? clear_bhb_loop+0x60/0xb0 [ 832.570596][T11139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.570619][T11139] RIP: 0033:0x7fab42e1f749 [ 832.570639][T11139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.570659][T11139] RSP: 002b:00007fab41086038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.570684][T11139] RAX: ffffffffffffffda RBX: 00007fab43075fa0 RCX: 00007fab42e1f749 [ 832.570701][T11139] RDX: 0000000000040040 RSI: 0000200000000080 RDI: 0000000000000004 [ 832.570715][T11139] RBP: 00007fab41086090 R08: 0000000000000000 R09: 0000000000000000 [ 832.570730][T11139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 832.570743][T11139] R13: 00007fab43076038 R14: 00007fab43075fa0 R15: 00007fff505aa258 [ 832.570778][T11139] [ 832.869958][T11135] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 835.239004][T11163] Bluetooth: MGMT ver 1.23 [ 835.269331][T11012] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 835.304807][T11012] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 835.345134][T11012] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 835.375669][T11012] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 835.411471][ T5960] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 835.421402][ T5891] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 835.514526][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1564'. [ 835.556502][T11012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.567978][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 835.568027][ T5960] usb 3-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 835.568053][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.599914][ T5960] usb 3-1: config 0 descriptor?? [ 835.619415][ T5891] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 835.619543][ T5891] usb 6-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 835.619571][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.652026][ T5891] usb 6-1: config 0 descriptor?? [ 835.698661][T11012] 8021q: adding VLAN 0 to HW filter on device team0 [ 835.737992][ T3085] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.738314][ T3085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 835.855137][ T9745] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.856134][ T9745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 836.025967][ T5960] wacom 0003:056A:5000.0009: item fetching failed at offset 6/7 [ 836.026849][ T5960] wacom 0003:056A:5000.0009: parse failed [ 836.026963][ T5960] wacom 0003:056A:5000.0009: probe with driver wacom failed with error -22 [ 836.127750][ T5891] wacom 0003:056A:5000.000A: item fetching failed at offset 6/7 [ 836.128840][ T5891] wacom 0003:056A:5000.000A: parse failed [ 836.128965][ T5891] wacom 0003:056A:5000.000A: probe with driver wacom failed with error -22 [ 836.669508][T11012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.529942][ T6451] usb 6-1: USB disconnect, device number 27 [ 838.536673][ T8385] usb 3-1: USB disconnect, device number 34 [ 842.599520][T11012] veth0_vlan: entered promiscuous mode [ 842.621649][T11012] veth1_vlan: entered promiscuous mode [ 843.091335][ T5933] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 843.208224][T11012] veth0_macvtap: entered promiscuous mode [ 843.218472][T11225] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1577'. [ 843.251441][T11012] veth1_macvtap: entered promiscuous mode [ 844.972494][ T5933] usb 2-1: device not accepting address 30, error -71 [ 845.035401][T11012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 845.545285][T11012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 845.583204][ T58] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.586485][ T58] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.621483][ T58] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.628812][ T58] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 846.142186][ T44] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 846.291431][ T44] usb 6-1: Using ep0 maxpacket: 32 [ 846.297908][ T44] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 846.297938][ T44] usb 6-1: config 0 has no interface number 0 [ 846.328657][ T44] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 846.328700][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.328722][ T44] usb 6-1: Product: syz [ 846.328739][ T44] usb 6-1: Manufacturer: syz [ 846.328755][ T44] usb 6-1: SerialNumber: syz [ 846.375960][ T44] usb 6-1: config 0 descriptor?? [ 846.388938][ T44] smsc95xx v2.0.0 [ 846.859920][T11242] net_ratelimit: 6 callbacks suppressed [ 846.859939][T11242] netlink: zone id is out of range [ 846.859947][T11242] netlink: zone id is out of range [ 846.859956][T11242] netlink: zone id is out of range [ 846.859963][T11242] netlink: zone id is out of range [ 846.859971][T11242] netlink: zone id is out of range [ 846.859979][T11242] netlink: zone id is out of range [ 846.859987][T11242] netlink: zone id is out of range [ 846.859995][T11242] netlink: zone id is out of range [ 846.860003][T11242] netlink: zone id is out of range [ 846.860010][T11242] netlink: zone id is out of range [ 846.943794][ T44] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 846.943828][ T44] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 847.222761][ T44] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 847.223084][ T44] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -61 [ 848.190783][ T9757] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 848.190808][ T9757] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 848.385574][ T9751] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 848.385600][ T9751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 848.503272][T11234] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1579'. [ 849.786361][ T5863] usb 6-1: USB disconnect, device number 28 [ 852.212918][T11288] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1591'. [ 855.404196][ T44] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 855.773378][ T44] usb 7-1: Using ep0 maxpacket: 32 [ 855.775870][ T44] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 855.775899][ T44] usb 7-1: config 0 has no interface number 0 [ 855.779003][ T44] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 855.779035][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.779059][ T44] usb 7-1: Product: syz [ 855.779075][ T44] usb 7-1: Manufacturer: syz [ 855.779092][ T44] usb 7-1: SerialNumber: syz [ 855.804564][ T44] usb 7-1: config 0 descriptor?? [ 855.840035][ T44] smsc95xx v2.0.0 [ 857.973285][T11320] FAULT_INJECTION: forcing a failure. [ 857.973285][T11320] name failslab, interval 1, probability 0, space 0, times 0 [ 857.973337][T11320] CPU: 1 UID: 0 PID: 11320 Comm: syz.1.1602 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 857.973369][T11320] Tainted: [L]=SOFTLOCKUP [ 857.973378][T11320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 857.973394][T11320] Call Trace: [ 857.973403][T11320] [ 857.973413][T11320] dump_stack_lvl+0xe8/0x150 [ 857.973451][T11320] should_fail_ex+0x46c/0x600 [ 857.973490][T11320] should_failslab+0xa8/0x100 [ 857.973515][T11320] __kmalloc_cache_node_noprof+0x8b/0x700 [ 857.973554][T11320] ? __get_vm_area_node+0x172/0x350 [ 857.973593][T11320] __get_vm_area_node+0x172/0x350 [ 857.973632][T11320] __vmalloc_node_range_noprof+0x371/0x16a0 [ 857.973669][T11320] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.973721][T11320] ? is_bpf_text_address+0x26/0x2b0 [ 857.973755][T11320] ? kernel_text_address+0xa5/0xe0 [ 857.973796][T11320] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 857.973836][T11320] ? __lock_acquire+0x6b6/0x2cf0 [ 857.973879][T11320] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.973905][T11320] __vmalloc_noprof+0xd2/0x120 [ 857.973940][T11320] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.973972][T11320] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.974007][T11320] bpf_prog_alloc+0x3c/0x1a0 [ 857.974038][T11320] bpf_prog_load+0x735/0x1a10 [ 857.974075][T11320] ? get_pid_task+0x20/0x1f0 [ 857.974110][T11320] ? __pfx_bpf_prog_load+0x10/0x10 [ 857.974147][T11320] ? __might_fault+0xb0/0x130 [ 857.974205][T11320] ? bpf_lsm_bpf+0x9/0x20 [ 857.974225][T11320] ? security_bpf+0x7e/0x300 [ 857.974264][T11320] __sys_bpf+0x507/0x860 [ 857.974293][T11320] ? __pfx___sys_bpf+0x10/0x10 [ 857.974337][T11320] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 857.974388][T11320] ? ksys_write+0x230/0x260 [ 857.974424][T11320] ? __pfx_ksys_write+0x10/0x10 [ 857.974466][T11320] __x64_sys_bpf+0x7c/0x90 [ 857.974492][T11320] do_syscall_64+0xec/0xf80 [ 857.974515][T11320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.974537][T11320] ? trace_irq_disable+0x37/0x100 [ 857.974563][T11320] ? clear_bhb_loop+0x60/0xb0 [ 857.974592][T11320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.974615][T11320] RIP: 0033:0x7fab42e1f749 [ 857.974636][T11320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 857.974657][T11320] RSP: 002b:00007fab41044038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 857.974682][T11320] RAX: ffffffffffffffda RBX: 00007fab43076180 RCX: 00007fab42e1f749 [ 857.974699][T11320] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 857.974715][T11320] RBP: 00007fab41044090 R08: 0000000000000000 R09: 0000000000000000 [ 857.974729][T11320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 857.974743][T11320] R13: 00007fab43076218 R14: 00007fab43076180 R15: 00007fff505aa258 [ 857.974779][T11320] [ 857.974790][T11320] syz.1.1602: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 857.974863][T11320] CPU: 1 UID: 0 PID: 11320 Comm: syz.1.1602 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 857.974893][T11320] Tainted: [L]=SOFTLOCKUP [ 857.974901][T11320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 857.974915][T11320] Call Trace: [ 857.974924][T11320] [ 857.974933][T11320] dump_stack_lvl+0xe8/0x150 [ 857.974965][T11320] warn_alloc+0x22e/0x3b0 [ 857.975001][T11320] ? should_fail_ex+0x344/0x600 [ 857.975038][T11320] ? __pfx_warn_alloc+0x10/0x10 [ 857.975074][T11320] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 857.975109][T11320] ? __get_vm_area_node+0x172/0x350 [ 857.975147][T11320] ? __get_vm_area_node+0x2e2/0x350 [ 857.975187][T11320] __vmalloc_node_range_noprof+0x396/0x16a0 [ 857.975245][T11320] ? is_bpf_text_address+0x26/0x2b0 [ 857.975280][T11320] ? kernel_text_address+0xa5/0xe0 [ 857.975328][T11320] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 857.975367][T11320] ? __lock_acquire+0x6b6/0x2cf0 [ 857.975418][T11320] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.975445][T11320] __vmalloc_noprof+0xd2/0x120 [ 857.975479][T11320] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.975511][T11320] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 857.975546][T11320] bpf_prog_alloc+0x3c/0x1a0 [ 857.975578][T11320] bpf_prog_load+0x735/0x1a10 [ 857.975614][T11320] ? get_pid_task+0x20/0x1f0 [ 857.975655][T11320] ? __pfx_bpf_prog_load+0x10/0x10 [ 857.975683][T11320] ? __might_fault+0xb0/0x130 [ 857.975740][T11320] ? bpf_lsm_bpf+0x9/0x20 [ 857.975760][T11320] ? security_bpf+0x7e/0x300 [ 857.975797][T11320] __sys_bpf+0x507/0x860 [ 857.975826][T11320] ? __pfx___sys_bpf+0x10/0x10 [ 857.975850][T11320] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 857.975899][T11320] ? ksys_write+0x230/0x260 [ 857.975935][T11320] ? __pfx_ksys_write+0x10/0x10 [ 857.975978][T11320] __x64_sys_bpf+0x7c/0x90 [ 857.976003][T11320] do_syscall_64+0xec/0xf80 [ 857.976026][T11320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.976049][T11320] ? trace_irq_disable+0x37/0x100 [ 857.976074][T11320] ? clear_bhb_loop+0x60/0xb0 [ 857.976102][T11320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 857.976125][T11320] RIP: 0033:0x7fab42e1f749 [ 857.976144][T11320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 857.976164][T11320] RSP: 002b:00007fab41044038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 857.976186][T11320] RAX: ffffffffffffffda RBX: 00007fab43076180 RCX: 00007fab42e1f749 [ 857.976204][T11320] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 857.976218][T11320] RBP: 00007fab41044090 R08: 0000000000000000 R09: 0000000000000000 [ 857.976233][T11320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 857.976246][T11320] R13: 00007fab43076218 R14: 00007fab43076180 R15: 00007fff505aa258 [ 857.976282][T11320] [ 857.976292][T11320] Mem-Info: [ 857.976302][T11320] active_anon:254 inactive_anon:9697 isolated_anon:0 [ 857.976302][T11320] active_file:27328 inactive_file:37340 isolated_file:0 [ 857.976302][T11320] unevictable:768 dirty:110 writeback:0 [ 857.976302][T11320] slab_reclaimable:12579 slab_unreclaimable:103884 [ 857.976302][T11320] mapped:35835 shmem:7082 pagetables:1039 [ 857.976302][T11320] sec_pagetables:0 bounce:0 [ 857.976302][T11320] kernel_misc_reclaimable:0 [ 857.976302][T11320] free:1303532 free_pcp:4413 free_cma:0 [ 857.976370][T11320] Node 0 active_anon:1016kB inactive_anon:38788kB active_file:109036kB inactive_file:149360kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143300kB dirty:440kB writeback:0kB shmem:26792kB kernel_stack:14704kB pagetables:4008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 857.976425][T11320] Node 1 active_anon:0kB inactive_anon:0kB active_file:276kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 857.976477][T11320] Node 0 DMA free:15324kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 857.976545][T11320] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 857.976585][T11320] Node 0 DMA32 free:1296340kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1016kB inactive_anon:38788kB active_file:109036kB inactive_file:149360kB unevictable:1536kB writepending:440kB zspages:0kB present:3129332kB managed:2574692kB mlocked:0kB bounce:0kB free_pcp:17652kB local_pcp:10716kB free_cma:0kB [ 857.976656][T11320] lowmem_reserve[]: 0 0 1 1 1 [ 857.976693][T11320] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 857.976760][T11320] lowmem_reserve[]: 0 0 0 0 0 [ 857.976797][T11320] Node 1 Normal free:3902464kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:276kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 857.976865][T11320] lowmem_reserve[]: 0 0 0 0 0 [ 857.976909][T11320] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15324kB [ 857.977078][T11320] Node 0 DMA32: 1*4kB (M) 1372*8kB (UM) 1091*16kB (UE) 384*32kB (UME) 515*64kB (UME) 374*128kB (UME) 267*256kB (UM) 123*512kB (UME) 73*1024kB (UM) 27*2048kB (UME) 223*4096kB (M) = 1296340kB [ 857.977263][T11320] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 857.977385][T11320] Node 1 Normal: 190*4kB (UM) 49*8kB (UME) 28*16kB (UE) 184*32kB (UME) 87*64kB (UE) 22*128kB (UME) 12*256kB (UME) 13*512kB (UME) 2*1024kB (UM) 2*2048kB (UE) 945*4096kB (M) = 3902464kB [ 857.977579][T11320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 857.977600][T11320] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 857.977619][T11320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 857.977639][T11320] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 857.977658][T11320] 71747 total pagecache pages [ 857.977667][T11320] 0 pages in swap cache [ 857.977675][T11320] Free swap = 124996kB [ 857.977683][T11320] Total swap = 124996kB [ 857.977693][T11320] 2097051 pages RAM [ 857.977701][T11320] 0 pages HighMem/MovableOnly [ 857.977709][T11320] 421352 pages reserved [ 857.977717][T11320] 0 pages cma reserved [ 858.887010][ T44] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 858.887671][ T44] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71 [ 859.042144][ T44] usb 7-1: USB disconnect, device number 2 [ 860.325817][ T44] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 861.121433][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 861.124132][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 861.124168][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 861.124193][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 861.124246][ T44] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 861.124272][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.209372][ T44] usb 2-1: config 0 descriptor?? [ 861.456466][T11332] 9p: Bad value for 'wfdno' [ 861.569370][T11340] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1609'. [ 861.610666][ T44] usbhid 2-1:0.0: can't add hid device: -71 [ 861.610799][ T44] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 861.640117][ T44] usb 2-1: USB disconnect, device number 32 [ 866.252215][T11360] random: crng reseeded on system resumption [ 866.367049][ T9545] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 867.296309][T11353] FAULT_INJECTION: forcing a failure. [ 867.296309][T11353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 867.296350][T11353] CPU: 1 UID: 0 PID: 11353 Comm: syz.6.1613 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 867.296382][T11353] Tainted: [L]=SOFTLOCKUP [ 867.296391][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 867.296404][T11353] Call Trace: [ 867.296413][T11353] [ 867.296423][T11353] dump_stack_lvl+0xe8/0x150 [ 867.296461][T11353] should_fail_ex+0x46c/0x600 [ 867.296507][T11353] _copy_from_user+0x2d/0xb0 [ 867.296532][T11353] kstrtouint_from_user+0xc4/0x170 [ 867.296567][T11353] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 867.296619][T11353] proc_fail_nth_write+0x88/0x200 [ 867.296655][T11353] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 867.296714][T11353] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 867.296752][T11353] vfs_write+0x287/0xb40 [ 867.296796][T11353] ? __pfx_vfs_write+0x10/0x10 [ 867.296833][T11353] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 867.296858][T11353] ? lockdep_hardirqs_on+0x7b/0x110 [ 867.296881][T11353] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 867.296905][T11353] ? mutex_lock_nested+0x154/0x1d0 [ 867.296935][T11353] ? fdget_pos+0x253/0x320 [ 867.296972][T11353] ksys_write+0x14b/0x260 [ 867.297004][T11353] ? __fget_files+0x3a6/0x420 [ 867.297030][T11353] ? __pfx_ksys_write+0x10/0x10 [ 867.297076][T11353] do_syscall_64+0xec/0xf80 [ 867.297100][T11353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.297123][T11353] ? trace_irq_disable+0x37/0x100 [ 867.297148][T11353] ? clear_bhb_loop+0x60/0xb0 [ 867.297177][T11353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.297200][T11353] RIP: 0033:0x7f8cfa7ae1ff [ 867.297220][T11353] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 867.297241][T11353] RSP: 002b:00007f8cf8a16030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 867.297264][T11353] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8cfa7ae1ff [ 867.297280][T11353] RDX: 0000000000000001 RSI: 00007f8cf8a160a0 RDI: 0000000000000007 [ 867.297293][T11353] RBP: 00007f8cf8a16090 R08: 0000000000000000 R09: 0000000000000000 [ 867.297307][T11353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 867.297320][T11353] R13: 00007f8cfaa06038 R14: 00007f8cfaa05fa0 R15: 00007ffe8c8c6958 [ 867.297358][T11353] [ 867.871275][ T9545] usb 4-1: Using ep0 maxpacket: 32 [ 867.873647][ T9545] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 867.873675][ T9545] usb 4-1: config 0 has no interface number 0 [ 867.881382][ T9545] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 867.881414][ T9545] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.881437][ T9545] usb 4-1: Product: syz [ 867.881453][ T9545] usb 4-1: Manufacturer: syz [ 867.881470][ T9545] usb 4-1: SerialNumber: syz [ 867.965082][ T9545] usb 4-1: config 0 descriptor?? [ 867.996572][ T9545] smsc95xx v2.0.0 [ 868.514078][T11374] net_ratelimit: 6 callbacks suppressed [ 868.514099][T11374] netlink: zone id is out of range [ 868.514109][T11374] netlink: zone id is out of range [ 868.514117][T11374] netlink: zone id is out of range [ 868.514126][T11374] netlink: zone id is out of range [ 868.514136][T11374] netlink: zone id is out of range [ 868.514144][T11374] netlink: zone id is out of range [ 868.514153][T11374] netlink: zone id is out of range [ 868.514162][T11374] netlink: zone id is out of range [ 868.514171][T11374] netlink: zone id is out of range [ 868.514179][T11374] netlink: zone id is out of range [ 868.515379][ T9545] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 868.515473][ T9545] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 868.718005][ T9545] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 868.718364][ T9545] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61 [ 868.742533][T11376] netlink: 'syz.6.1618': attribute type 1 has an invalid length. [ 868.742555][T11376] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1618'. [ 870.514748][ T5942] usb 4-1: USB disconnect, device number 48 [ 870.598795][T11388] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1622'. [ 871.021294][ T5942] usb 4-1: new full-speed USB device number 49 using dummy_hcd [ 871.893611][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 871.893670][ T5942] usb 4-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 871.893703][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 871.901983][ T5942] usb 4-1: config 0 descriptor?? [ 872.326879][ T5942] wacom 0003:056A:5000.000B: item fetching failed at offset 6/7 [ 872.327725][ T5942] wacom 0003:056A:5000.000B: parse failed [ 872.327840][ T5942] wacom 0003:056A:5000.000B: probe with driver wacom failed with error -22 [ 874.373344][ T9695] usb 4-1: USB disconnect, device number 49 [ 874.932772][ T9695] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 875.052959][T11398] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1625'. [ 875.096693][ T9695] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 875.096728][ T9695] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 875.096744][ T9695] usb 4-1: Product: syz [ 875.096755][ T9695] usb 4-1: Manufacturer: syz [ 875.096765][ T9695] usb 4-1: SerialNumber: syz [ 875.106020][ T9695] usb 4-1: config 0 descriptor?? [ 875.176158][ T9695] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 050 [ 876.480844][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 876.480918][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 877.037942][ T9695] (null): failure reading functionality [ 877.049666][ T9695] i2c i2c-1: failure reading functionality [ 877.094990][ T9695] i2c i2c-1: connected i2c-tiny-usb device [ 877.126920][ T9695] usb 4-1: USB disconnect, device number 50 [ 877.323123][T11418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1620'. [ 877.796739][T11425] netlink: 'syz.6.1632': attribute type 1 has an invalid length. [ 877.796768][T11425] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1632'. [ 877.941863][ T8385] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 879.791280][ T8385] usb 4-1: Using ep0 maxpacket: 32 [ 879.794834][ T8385] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 879.794862][ T8385] usb 4-1: config 0 has no interface number 0 [ 880.274703][ T6492] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 880.294851][ T8385] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 880.294887][ T8385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 880.294911][ T8385] usb 4-1: Product: syz [ 880.294927][ T8385] usb 4-1: Manufacturer: syz [ 880.294943][ T8385] usb 4-1: SerialNumber: syz [ 880.327638][ T8385] usb 4-1: config 0 descriptor?? [ 880.375312][ T8385] smsc95xx v2.0.0 [ 880.423528][ T6492] usb 7-1: config 0 has an invalid interface number: 95 but max is 0 [ 880.423563][ T6492] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 880.423585][ T6492] usb 7-1: config 0 has no interface number 0 [ 880.423695][ T6492] usb 7-1: config 0 interface 95 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 880.426813][ T6492] usb 7-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 880.426879][ T6492] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 880.426894][ T6492] usb 7-1: Product: syz [ 880.426905][ T6492] usb 7-1: Manufacturer: syz [ 880.426916][ T6492] usb 7-1: SerialNumber: syz [ 880.535034][ T6492] usb 7-1: config 0 descriptor?? [ 880.912410][T11444] net_ratelimit: 6 callbacks suppressed [ 880.912428][T11444] netlink: zone id is out of range [ 880.912437][T11444] netlink: zone id is out of range [ 880.912445][T11444] netlink: zone id is out of range [ 880.912451][T11444] netlink: zone id is out of range [ 880.912459][T11444] netlink: zone id is out of range [ 880.912467][T11444] netlink: zone id is out of range [ 880.912475][T11444] netlink: zone id is out of range [ 880.912482][T11444] netlink: zone id is out of range [ 880.912490][T11444] netlink: zone id is out of range [ 880.912497][T11444] netlink: zone id is out of range [ 880.916471][ T8385] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 880.916537][ T8385] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 882.137789][ T8385] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 882.138276][ T8385] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61 [ 882.158167][ T6549] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 882.335315][ T6492] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 882.335384][ T6492] usb 7-1: MIDIStreaming interface descriptor not found [ 882.363981][ T6549] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 882.364032][ T6549] usb 2-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 882.364058][ T6549] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 882.405423][ T6549] usb 2-1: config 0 descriptor?? [ 884.145368][ T6492] usb 7-1: USB disconnect, device number 3 [ 884.170932][ T6549] usbhid 2-1:0.0: can't add hid device: -71 [ 884.171065][ T6549] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 884.241586][ T6549] usb 2-1: USB disconnect, device number 33 [ 884.928806][ T8385] usb 4-1: USB disconnect, device number 51 [ 884.996592][T11464] netlink: 'syz.1.1646': attribute type 1 has an invalid length. [ 884.996619][T11464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1646'. [ 885.292936][T11470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1647'. [ 886.911235][T11476] FAULT_INJECTION: forcing a failure. [ 886.911235][T11476] name failslab, interval 1, probability 0, space 0, times 0 [ 886.911296][T11476] CPU: 1 UID: 0 PID: 11476 Comm: syz.6.1644 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 886.911328][T11476] Tainted: [L]=SOFTLOCKUP [ 886.911337][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 886.911351][T11476] Call Trace: [ 886.911360][T11476] [ 886.911370][T11476] dump_stack_lvl+0xe8/0x150 [ 886.911408][T11476] should_fail_ex+0x46c/0x600 [ 886.911446][T11476] should_failslab+0xa8/0x100 [ 886.911472][T11476] __kmalloc_cache_noprof+0x84/0x6d0 [ 886.911510][T11476] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 886.911545][T11476] tcp_sendmsg_fastopen+0x1de/0x5e0 [ 886.911582][T11476] tcp_sendmsg_locked+0x4ca3/0x5520 [ 886.911634][T11476] ? __lock_acquire+0x6b6/0x2cf0 [ 886.911680][T11476] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 886.911705][T11476] ? lockdep_hardirqs_on+0x7b/0x110 [ 886.911728][T11476] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 886.911752][T11476] ? rt_mutex_slowunlock+0x493/0x8a0 [ 886.911792][T11476] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 886.911832][T11476] ? __local_bh_enable_ip+0x1af/0x2c0 [ 886.911860][T11476] ? lockdep_hardirqs_on+0x7b/0x110 [ 886.911888][T11476] tcp_sendmsg+0x2f/0x50 [ 886.911915][T11476] __sock_sendmsg+0x19c/0x270 [ 886.911957][T11476] __sys_sendto+0x3c7/0x520 [ 886.911986][T11476] ? __pfx___sys_sendto+0x10/0x10 [ 886.912047][T11476] ? ksys_write+0x230/0x260 [ 886.912083][T11476] ? __pfx_ksys_write+0x10/0x10 [ 886.912123][T11476] __x64_sys_sendto+0xde/0x100 [ 886.912154][T11476] do_syscall_64+0xec/0xf80 [ 886.912177][T11476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.912201][T11476] ? trace_irq_disable+0x37/0x100 [ 886.912226][T11476] ? clear_bhb_loop+0x60/0xb0 [ 886.912255][T11476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.912279][T11476] RIP: 0033:0x7f8cfa7af749 [ 886.912306][T11476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 886.912326][T11476] RSP: 002b:00007f8cf89d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 886.912350][T11476] RAX: ffffffffffffffda RBX: 00007f8cfaa06180 RCX: 00007f8cfa7af749 [ 886.912368][T11476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 886.912382][T11476] RBP: 00007f8cf89d4090 R08: 00002000000018c0 R09: 0000000000000010 [ 886.912397][T11476] R10: 0000000020020084 R11: 0000000000000246 R12: 0000000000000001 [ 886.912411][T11476] R13: 00007f8cfaa06218 R14: 00007f8cfaa06180 R15: 00007ffe8c8c6958 [ 886.912448][T11476] [ 887.584799][T11478] overlayfs: failed to resolve './bus': -2 [ 891.915914][ T5947] usb 6-1: new full-speed USB device number 29 using dummy_hcd [ 892.245864][ T44] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 892.270976][ T5947] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 892.283091][ T5947] usb 6-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 892.283124][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.015577][ T5947] usb 6-1: config 0 descriptor?? [ 893.161270][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 893.187957][ T44] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 893.187989][ T44] usb 4-1: config 0 has no interface number 0 [ 893.209342][ T5947] usb 6-1: can't set config #0, error -71 [ 893.253458][ T44] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 893.253491][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 893.253514][ T44] usb 4-1: Product: syz [ 893.253530][ T44] usb 4-1: Manufacturer: syz [ 893.253547][ T44] usb 4-1: SerialNumber: syz [ 893.298907][ T5947] usb 6-1: USB disconnect, device number 29 [ 893.310094][ T44] usb 4-1: config 0 descriptor?? [ 893.316286][ T6549] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 893.337142][ T44] smsc95xx v2.0.0 [ 893.491460][ T6549] usb 7-1: Using ep0 maxpacket: 8 [ 893.499468][ T6549] usb 7-1: unable to get BOS descriptor or descriptor too short [ 893.515400][ T6549] usb 7-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 109 [ 893.515492][ T6549] usb 7-1: config 8 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 893.515524][ T6549] usb 7-1: config 8 interface 0 has no altsetting 0 [ 893.550507][ T6549] usb 7-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 893.576667][ T6549] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 893.577121][ T6549] usb 7-1: Product: syz [ 893.577513][ T6549] usb 7-1: Manufacturer: syz [ 893.577531][ T6549] usb 7-1: SerialNumber: syz [ 894.478287][T11501] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 894.735712][ T6549] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 894.736326][ T6549] usb 7-1: selecting invalid altsetting 0 [ 894.772957][T11514] net_ratelimit: 6 callbacks suppressed [ 894.772976][T11514] netlink: zone id is out of range [ 894.772984][T11514] netlink: zone id is out of range [ 894.772992][T11514] netlink: zone id is out of range [ 894.773000][T11514] netlink: zone id is out of range [ 894.773007][T11514] netlink: zone id is out of range [ 894.773015][T11514] netlink: zone id is out of range [ 894.773023][T11514] netlink: zone id is out of range [ 894.773031][T11514] netlink: zone id is out of range [ 894.773039][T11514] netlink: zone id is out of range [ 894.773046][T11514] netlink: zone id is out of range [ 894.775220][ T44] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 894.775250][ T44] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 894.910020][T11515] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 894.936644][T11513] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 894.962974][ T6549] usb 7-1: USB disconnect, device number 4 [ 894.980544][ T44] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 894.980886][ T44] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61 [ 896.630129][T11529] random: crng reseeded on system resumption [ 896.723037][ T8385] usb 4-1: USB disconnect, device number 52 [ 900.083677][T11545] FAULT_INJECTION: forcing a failure. [ 900.083677][T11545] name failslab, interval 1, probability 0, space 0, times 0 [ 900.083720][T11545] CPU: 0 UID: 0 PID: 11545 Comm: syz.3.1671 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 900.083752][T11545] Tainted: [L]=SOFTLOCKUP [ 900.083760][T11545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 900.083774][T11545] Call Trace: [ 900.083783][T11545] [ 900.083793][T11545] dump_stack_lvl+0xe8/0x150 [ 900.083830][T11545] should_fail_ex+0x46c/0x600 [ 900.083865][T11545] ? __alloc_skb+0x1dc/0x3a0 [ 900.083890][T11545] should_failslab+0xa8/0x100 [ 900.083914][T11545] ? __alloc_skb+0x1dc/0x3a0 [ 900.083936][T11545] kmem_cache_alloc_node_noprof+0x8b/0x6f0 [ 900.083971][T11545] ? lockdep_hardirqs_on+0x7b/0x110 [ 900.083997][T11545] ? __alloc_skb+0x198/0x3a0 [ 900.084023][T11545] __alloc_skb+0x1dc/0x3a0 [ 900.084054][T11545] netlink_sendmsg+0x5c6/0xb30 [ 900.084097][T11545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 900.084138][T11545] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 900.084177][T11545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 900.084210][T11545] __sock_sendmsg+0x21c/0x270 [ 900.084250][T11545] ____sys_sendmsg+0x508/0x810 [ 900.084286][T11545] ? __pfx_____sys_sendmsg+0x10/0x10 [ 900.084330][T11545] ? import_iovec+0x74/0xa0 [ 900.084356][T11545] ___sys_sendmsg+0x21f/0x2a0 [ 900.084389][T11545] ? __pfx____sys_sendmsg+0x10/0x10 [ 900.084457][T11545] ? __fget_files+0x2a/0x420 [ 900.084482][T11545] ? __fget_files+0x3a6/0x420 [ 900.084518][T11545] __x64_sys_sendmsg+0x1a1/0x260 [ 900.084551][T11545] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 900.084592][T11545] ? __pfx_ksys_write+0x10/0x10 [ 900.084637][T11545] do_syscall_64+0xec/0xf80 [ 900.084660][T11545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.084682][T11545] ? trace_irq_disable+0x37/0x100 [ 900.084707][T11545] ? clear_bhb_loop+0x60/0xb0 [ 900.084736][T11545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.084759][T11545] RIP: 0033:0x7f84f97bf749 [ 900.084779][T11545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.084799][T11545] RSP: 002b:00007f84f7a1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 900.084824][T11545] RAX: ffffffffffffffda RBX: 00007f84f9a15fa0 RCX: 00007f84f97bf749 [ 900.084841][T11545] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 900.084855][T11545] RBP: 00007f84f7a1e090 R08: 0000000000000000 R09: 0000000000000000 [ 900.084869][T11545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 900.084883][T11545] R13: 00007f84f9a16038 R14: 00007f84f9a15fa0 R15: 00007ffc36fb30b8 [ 900.084919][T11545] [ 911.418690][T11597] FAULT_INJECTION: forcing a failure. [ 911.418690][T11597] name failslab, interval 1, probability 0, space 0, times 0 [ 911.418750][T11597] CPU: 0 UID: 0 PID: 11597 Comm: syz.2.1685 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 911.418782][T11597] Tainted: [L]=SOFTLOCKUP [ 911.418790][T11597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 911.418804][T11597] Call Trace: [ 911.418813][T11597] [ 911.418823][T11597] dump_stack_lvl+0xe8/0x150 [ 911.418860][T11597] should_fail_ex+0x46c/0x600 [ 911.418897][T11597] should_failslab+0xa8/0x100 [ 911.418921][T11597] __kmalloc_noprof+0xe0/0x7e0 [ 911.418955][T11597] ? tomoyo_encode+0x28b/0x550 [ 911.418984][T11597] tomoyo_encode+0x28b/0x550 [ 911.419012][T11597] tomoyo_realpath_from_path+0x58d/0x5d0 [ 911.419037][T11597] ? tomoyo_domain+0xd9/0x130 [ 911.419066][T11597] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 911.419099][T11597] tomoyo_path_number_perm+0x1e8/0x5a0 [ 911.419134][T11597] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 911.419164][T11597] ? __lock_acquire+0x6b6/0x2cf0 [ 911.419200][T11597] ? do_raw_spin_lock+0x121/0x290 [ 911.419263][T11597] ? __fget_files+0x2a/0x420 [ 911.419292][T11597] ? __fget_files+0x2a/0x420 [ 911.419316][T11597] ? __fget_files+0x3a6/0x420 [ 911.419340][T11597] ? __fget_files+0x2a/0x420 [ 911.419370][T11597] security_file_ioctl+0xcb/0x2d0 [ 911.419412][T11597] __se_sys_ioctl+0x47/0x170 [ 911.419447][T11597] do_syscall_64+0xec/0xf80 [ 911.419471][T11597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.419498][T11597] ? trace_irq_disable+0x37/0x100 [ 911.419524][T11597] ? clear_bhb_loop+0x60/0xb0 [ 911.419553][T11597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.419576][T11597] RIP: 0033:0x7f7fddb9f749 [ 911.419602][T11597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 911.419623][T11597] RSP: 002b:00007f7fdbdfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 911.419647][T11597] RAX: ffffffffffffffda RBX: 00007f7fdddf5fa0 RCX: 00007f7fddb9f749 [ 911.419669][T11597] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a [ 911.419683][T11597] RBP: 00007f7fdbdfe090 R08: 0000000000000000 R09: 0000000000000000 [ 911.419697][T11597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 911.419711][T11597] R13: 00007f7fdddf6038 R14: 00007f7fdddf5fa0 R15: 00007fff03631148 [ 911.419814][T11597] [ 911.420290][T11597] ERROR: Out of memory at tomoyo_realpath_from_path. [ 911.420398][T11597] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 911.694437][ T5947] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 911.762985][ T804] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 912.115205][ T5947] usb 7-1: Using ep0 maxpacket: 32 [ 912.120747][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 912.120784][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 912.120801][ T5947] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 912.120834][ T5947] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 912.120851][ T5947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 912.131308][ T804] usb 6-1: Using ep0 maxpacket: 16 [ 912.196734][ T804] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 912.196765][ T804] usb 6-1: config 0 has an invalid descriptor of length 231, skipping remainder of the config [ 912.196787][ T804] usb 6-1: config 0 has no interface number 0 [ 912.199566][ T5947] usb 7-1: config 0 descriptor?? [ 912.245404][ T804] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 912.245427][ T804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=21 [ 912.245442][ T804] usb 6-1: Product: syz [ 912.245453][ T804] usb 6-1: Manufacturer: syz [ 912.245464][ T804] usb 6-1: SerialNumber: syz [ 912.286619][ T804] usb 6-1: config 0 descriptor?? [ 912.339055][ T804] uvcvideo 6-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 912.339084][ T804] uvcvideo 6-1:0.105: No valid video chain found. [ 912.455333][T11602] 9p: Bad value for 'wfdno' [ 912.817545][T11600] Invalid argument reading file caps for ./file0 [ 913.752511][ T9545] usb 6-1: USB disconnect, device number 30 [ 913.934604][ T5947] usbhid 7-1:0.0: can't add hid device: -71 [ 913.934919][ T5947] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 913.947166][ T5947] usb 7-1: USB disconnect, device number 5 [ 914.209362][T11618] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 914.404740][ T38] audit: type=1326 audit(1766882905.847:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.404800][ T38] audit: type=1326 audit(1766882905.847:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.411808][ T38] audit: type=1326 audit(1766882905.847:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.411868][ T38] audit: type=1326 audit(1766882905.857:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.411918][ T38] audit: type=1326 audit(1766882905.857:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.414198][ T38] audit: type=1326 audit(1766882905.857:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.1.1693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 914.635141][ T38] audit: type=1800 audit(1766882906.067:158): pid=11626 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1693" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 914.687667][T11620] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1693'. [ 919.576531][T11504] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 921.469041][T11504] usb 2-1: Using ep0 maxpacket: 32 [ 921.496676][T11504] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 921.496714][T11504] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 921.496739][T11504] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 921.496897][T11504] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 921.496924][T11504] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.633519][T11504] usb 2-1: config 0 descriptor?? [ 922.091292][T11504] usbhid 2-1:0.0: can't add hid device: -71 [ 922.091404][T11504] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 922.199038][T11504] usb 2-1: USB disconnect, device number 34 [ 922.684336][T11667] FAULT_INJECTION: forcing a failure. [ 922.684336][T11667] name failslab, interval 1, probability 0, space 0, times 0 [ 922.684376][T11667] CPU: 0 UID: 0 PID: 11667 Comm: syz.2.1708 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 922.684408][T11667] Tainted: [L]=SOFTLOCKUP [ 922.684416][T11667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 922.684430][T11667] Call Trace: [ 922.684439][T11667] [ 922.684449][T11667] dump_stack_lvl+0xe8/0x150 [ 922.684486][T11667] should_fail_ex+0x46c/0x600 [ 922.684530][T11667] should_failslab+0xa8/0x100 [ 922.684556][T11667] __kmalloc_noprof+0xe0/0x7e0 [ 922.684598][T11667] ? tomoyo_encode+0x28b/0x550 [ 922.684626][T11667] tomoyo_encode+0x28b/0x550 [ 922.684655][T11667] tomoyo_realpath_from_path+0x58d/0x5d0 [ 922.684680][T11667] ? tomoyo_domain+0xd9/0x130 [ 922.684710][T11667] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 922.684743][T11667] tomoyo_path_number_perm+0x1e8/0x5a0 [ 922.684778][T11667] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 922.684809][T11667] ? __lock_acquire+0x6b6/0x2cf0 [ 922.684844][T11667] ? do_raw_spin_lock+0x121/0x290 [ 922.684908][T11667] ? __fget_files+0x2a/0x420 [ 922.684937][T11667] ? __fget_files+0x2a/0x420 [ 922.684960][T11667] ? __fget_files+0x3a6/0x420 [ 922.684983][T11667] ? __fget_files+0x2a/0x420 [ 922.685012][T11667] security_file_ioctl+0xcb/0x2d0 [ 922.685047][T11667] __se_sys_ioctl+0x47/0x170 [ 922.685081][T11667] do_syscall_64+0xec/0xf80 [ 922.685104][T11667] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.685126][T11667] ? trace_irq_disable+0x37/0x100 [ 922.685151][T11667] ? clear_bhb_loop+0x60/0xb0 [ 922.685179][T11667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.685201][T11667] RIP: 0033:0x7f7fddb9f749 [ 922.685221][T11667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 922.685241][T11667] RSP: 002b:00007f7fdbdfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 922.685265][T11667] RAX: ffffffffffffffda RBX: 00007f7fdddf5fa0 RCX: 00007f7fddb9f749 [ 922.685281][T11667] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a [ 922.685295][T11667] RBP: 00007f7fdbdfe090 R08: 0000000000000000 R09: 0000000000000000 [ 922.685309][T11667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 922.685322][T11667] R13: 00007f7fdddf6038 R14: 00007f7fdddf5fa0 R15: 00007fff03631148 [ 922.685359][T11667] [ 922.685381][T11667] ERROR: Out of memory at tomoyo_realpath_from_path. [ 923.467816][ C0] vcan0: j1939_tp_txtimer: 0xffff88804a967c00: tx aborted with unknown reason: -2 [ 923.472049][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804a964000: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 923.475837][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804a967c00: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 923.653816][T11679] FAULT_INJECTION: forcing a failure. [ 923.653816][T11679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 923.653856][T11679] CPU: 0 UID: 0 PID: 11679 Comm: syz.5.1713 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 923.653888][T11679] Tainted: [L]=SOFTLOCKUP [ 923.653896][T11679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 923.653909][T11679] Call Trace: [ 923.653918][T11679] [ 923.653932][T11679] dump_stack_lvl+0xe8/0x150 [ 923.653969][T11679] should_fail_ex+0x46c/0x600 [ 923.654004][T11679] _copy_from_user+0x2d/0xb0 [ 923.654028][T11679] ___sys_recvmsg+0x12e/0x510 [ 923.654057][T11679] ? get_pid_task+0x20/0x1f0 [ 923.654086][T11679] ? get_pid_task+0x20/0x1f0 [ 923.654121][T11679] ? __pfx____sys_recvmsg+0x10/0x10 [ 923.654156][T11679] ? __fget_files+0x2a/0x420 [ 923.654199][T11679] ? __fget_files+0x3a6/0x420 [ 923.654234][T11679] __x64_sys_recvmsg+0x19e/0x260 [ 923.654267][T11679] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 923.654308][T11679] ? __pfx_ksys_write+0x10/0x10 [ 923.654353][T11679] do_syscall_64+0xec/0xf80 [ 923.654376][T11679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.654398][T11679] ? trace_irq_disable+0x37/0x100 [ 923.654422][T11679] ? clear_bhb_loop+0x60/0xb0 [ 923.654450][T11679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.654478][T11679] RIP: 0033:0x7f0acda9f749 [ 923.654497][T11679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 923.654517][T11679] RSP: 002b:00007f0acbcfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 923.654542][T11679] RAX: ffffffffffffffda RBX: 00007f0acdcf5fa0 RCX: 00007f0acda9f749 [ 923.654559][T11679] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 923.654574][T11679] RBP: 00007f0acbcfe090 R08: 0000000000000000 R09: 0000000000000000 [ 923.654588][T11679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 923.654602][T11679] R13: 00007f0acdcf6038 R14: 00007f0acdcf5fa0 R15: 00007fff60d30bc8 [ 923.654638][T11679] [ 923.989765][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1711'. [ 924.133874][T11684] input: syz1 as /devices/virtual/input/input16 [ 925.483908][T11704] FAULT_INJECTION: forcing a failure. [ 925.483908][T11704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 925.483950][T11704] CPU: 1 UID: 0 PID: 11704 Comm: syz.6.1701 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 925.483982][T11704] Tainted: [L]=SOFTLOCKUP [ 925.483991][T11704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 925.484005][T11704] Call Trace: [ 925.484013][T11704] [ 925.484023][T11704] dump_stack_lvl+0xe8/0x150 [ 925.484061][T11704] should_fail_ex+0x46c/0x600 [ 925.484099][T11704] _copy_from_iter+0x1cd/0x1630 [ 925.484133][T11704] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 925.484170][T11704] ? __pfx__copy_from_iter+0x10/0x10 [ 925.484211][T11704] ? set_page_refcounted+0xa0/0x1e0 [ 925.484235][T11704] ? page_copy_sane+0x4e/0x280 [ 925.484279][T11704] copy_page_from_iter+0xdd/0x170 [ 925.484319][T11704] tun_get_user+0x1d40/0x3de0 [ 925.484353][T11704] ? tun_get_user+0x6fc/0x3de0 [ 925.484397][T11704] ? __pfx_tun_get_user+0x10/0x10 [ 925.484439][T11704] ? __lock_acquire+0x6b6/0x2cf0 [ 925.484473][T11704] ? kstrtoull+0x12f/0x1d0 [ 925.484510][T11704] ? ref_tracker_alloc+0x2fe/0x450 [ 925.484540][T11704] ? get_pid_task+0x20/0x1f0 [ 925.484574][T11704] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 925.484607][T11704] ? tun_get+0x1c/0x2f0 [ 925.484635][T11704] ? tun_get+0x1c/0x2f0 [ 925.484669][T11704] ? tun_get+0x1c/0x2f0 [ 925.484695][T11704] ? tun_get+0x1c/0x2f0 [ 925.484729][T11704] tun_chr_write_iter+0x119/0x200 [ 925.484760][T11704] vfs_write+0x5d5/0xb40 [ 925.484798][T11704] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 925.484826][T11704] ? __pfx_vfs_write+0x10/0x10 [ 925.484869][T11704] ? __fget_files+0x2a/0x420 [ 925.484903][T11704] ksys_write+0x14b/0x260 [ 925.484938][T11704] ? __pfx_ksys_write+0x10/0x10 [ 925.484983][T11704] do_syscall_64+0xec/0xf80 [ 925.485005][T11704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.485027][T11704] ? trace_irq_disable+0x37/0x100 [ 925.485051][T11704] ? clear_bhb_loop+0x60/0xb0 [ 925.485079][T11704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.485101][T11704] RIP: 0033:0x7f8cfa7ae1ff [ 925.485121][T11704] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 925.485141][T11704] RSP: 002b:00007f8cf8a16000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 925.485166][T11704] RAX: ffffffffffffffda RBX: 00007f8cfaa05fa0 RCX: 00007f8cfa7ae1ff [ 925.485182][T11704] RDX: 000000000000004e RSI: 0000200000000600 RDI: 00000000000000c8 [ 925.485197][T11704] RBP: 00007f8cf8a16090 R08: 0000000000000000 R09: 0000000000000000 [ 925.485210][T11704] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 925.485223][T11704] R13: 00007f8cfaa06038 R14: 00007f8cfaa05fa0 R15: 00007ffe8c8c6958 [ 925.485265][T11704] [ 925.614708][T11644] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 926.081211][T11644] usb 2-1: Using ep0 maxpacket: 32 [ 926.083850][T11644] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 926.083883][T11644] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 926.083907][T11644] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 926.083949][T11644] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 926.083972][T11644] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.088814][T11644] usb 2-1: config 0 descriptor?? [ 927.101304][T11698] 9p: Bad value for 'wfdno' [ 927.311624][T11644] usbhid 2-1:0.0: can't add hid device: -71 [ 927.311752][T11644] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 927.327233][T11644] usb 2-1: USB disconnect, device number 35 [ 927.497127][T11733] input: syz1 as /devices/virtual/input/input17 [ 933.701217][ T44] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 933.844957][ T38] audit: type=1326 audit(1766882925.287:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11760 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 933.845798][ T38] audit: type=1326 audit(1766882925.287:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11760 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 933.848615][ T38] audit: type=1326 audit(1766882925.287:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11760 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 933.849450][ T38] audit: type=1326 audit(1766882925.287:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11760 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 933.851227][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 933.854316][ T44] usb 4-1: unable to get BOS descriptor or descriptor too short [ 933.855943][ T44] usb 4-1: config 9 has an invalid interface number: 129 but max is 0 [ 933.855970][ T44] usb 4-1: config 9 has no interface number 0 [ 933.856008][ T44] usb 4-1: config 9 interface 129 has no altsetting 0 [ 933.926085][ T44] usb 4-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice=d0.9c [ 933.926120][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 934.070725][ T44] usb 4-1: can't set config #9, error -71 [ 934.079230][ T44] usb 4-1: USB disconnect, device number 53 [ 934.320972][T11772] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1737'. [ 935.724898][T11781] input: syz1 as /devices/virtual/input/input18 [ 936.925563][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.925640][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.526389][T11803] FAULT_INJECTION: forcing a failure. [ 938.526389][T11803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 938.526439][T11803] CPU: 1 UID: 0 PID: 11803 Comm: syz.1.1746 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 938.526497][T11803] Tainted: [L]=SOFTLOCKUP [ 938.526511][T11803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 938.526525][T11803] Call Trace: [ 938.526533][T11803] [ 938.526543][T11803] dump_stack_lvl+0xe8/0x150 [ 938.526580][T11803] should_fail_ex+0x46c/0x600 [ 938.526619][T11803] _copy_from_user+0x2d/0xb0 [ 938.526643][T11803] do_tcp_setsockopt+0x47d/0x1f40 [ 938.526685][T11803] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 938.526728][T11803] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 938.526753][T11803] ? lockdep_hardirqs_on+0x7b/0x110 [ 938.526776][T11803] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 938.526800][T11803] ? mutex_lock_nested+0x154/0x1d0 [ 938.526829][T11803] ? sock_common_setsockopt+0x36/0xc0 [ 938.526851][T11803] ? tcp_setsockopt+0x3d/0xe0 [ 938.526883][T11803] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 938.526910][T11803] smc_setsockopt+0x232/0xab0 [ 938.526951][T11803] ? __pfx_smc_setsockopt+0x10/0x10 [ 938.526997][T11803] ? __fget_files+0x2a/0x420 [ 938.527021][T11803] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 938.527053][T11803] ? __pfx_smc_setsockopt+0x10/0x10 [ 938.527090][T11803] do_sock_setsockopt+0x17c/0x1b0 [ 938.527124][T11803] __x64_sys_setsockopt+0x145/0x1b0 [ 938.527160][T11803] do_syscall_64+0xec/0xf80 [ 938.527182][T11803] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.527205][T11803] ? trace_irq_disable+0x37/0x100 [ 938.527231][T11803] ? clear_bhb_loop+0x60/0xb0 [ 938.527260][T11803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.527283][T11803] RIP: 0033:0x7fab42e1f749 [ 938.527303][T11803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 938.527324][T11803] RSP: 002b:00007fab41086038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 938.527349][T11803] RAX: ffffffffffffffda RBX: 00007fab43075fa0 RCX: 00007fab42e1f749 [ 938.527365][T11803] RDX: 000000000000000c RSI: 0000000000000006 RDI: 0000000000000003 [ 938.527379][T11803] RBP: 00007fab41086090 R08: 0000000000000004 R09: 0000000000000000 [ 938.527393][T11803] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 938.527407][T11803] R13: 00007fab43076038 R14: 00007fab43075fa0 R15: 00007fff505aa258 [ 938.527445][T11803] [ 939.141213][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 941.294625][ T38] audit: type=1326 audit(1766882932.737:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.296005][ T38] audit: type=1326 audit(1766882932.737:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.298417][ T38] audit: type=1326 audit(1766882932.737:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.298966][ T38] audit: type=1326 audit(1766882932.737:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.299666][ T38] audit: type=1326 audit(1766882932.737:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.345473][ T38] audit: type=1326 audit(1766882932.737:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.345656][ T38] audit: type=1326 audit(1766882932.737:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.345785][ T38] audit: type=1326 audit(1766882932.787:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.347520][ T38] audit: type=1326 audit(1766882932.787:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fab42e1df90 code=0x7ffc0000 [ 941.358886][ T38] audit: type=1326 audit(1766882932.797:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11826 comm="syz.1.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 941.521214][ T6549] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 943.758536][T11839] input: syz1 as /devices/virtual/input/input19 [ 944.655150][T11843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1758'. [ 944.846343][T11851] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1763'. [ 944.942658][T11644] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 945.023718][ T6549] usb 3-1: device not accepting address 35, error -71 [ 945.681210][T11644] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 945.681240][T11644] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 945.682505][T11644] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 945.682534][T11644] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 945.682555][T11644] usb 2-1: SerialNumber: syz [ 946.273395][T11872] syz.6.1767 (11872): /proc/11871/oom_adj is deprecated, please use /proc/11871/oom_score_adj instead. [ 947.517390][T11644] usb 2-1: 0:2 : does not exist [ 947.703247][T11644] usb 2-1: USB disconnect, device number 36 [ 947.904473][T11882] FAULT_INJECTION: forcing a failure. [ 947.904473][T11882] name failslab, interval 1, probability 0, space 0, times 0 [ 947.904513][T11882] CPU: 0 UID: 0 PID: 11882 Comm: syz.6.1770 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 947.904545][T11882] Tainted: [L]=SOFTLOCKUP [ 947.904554][T11882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 947.904568][T11882] Call Trace: [ 947.904576][T11882] [ 947.904586][T11882] dump_stack_lvl+0xe8/0x150 [ 947.904622][T11882] should_fail_ex+0x46c/0x600 [ 947.904659][T11882] ? mas_alloc_nodes+0x291/0x350 [ 947.904693][T11882] should_failslab+0xa8/0x100 [ 947.904718][T11882] ? mas_alloc_nodes+0x291/0x350 [ 947.904750][T11882] kmem_cache_alloc_noprof+0x84/0x6c0 [ 947.904792][T11882] mas_alloc_nodes+0x291/0x350 [ 947.904833][T11882] mas_preallocate+0x2e0/0x670 [ 947.904874][T11882] ? __pfx_mas_preallocate+0x10/0x10 [ 947.904937][T11882] ? __mas_set_range+0x12f/0x3c0 [ 947.904980][T11882] __split_vma+0x2fd/0x9e0 [ 947.905019][T11882] ? __pfx___split_vma+0x10/0x10 [ 947.905060][T11882] ? mas_find+0xb0e/0xd30 [ 947.905087][T11882] vms_gather_munmap_vmas+0x4c6/0x12f0 [ 947.905135][T11882] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 947.905175][T11882] ? mas_find+0xb0e/0xd30 [ 947.905204][T11882] mmap_region+0x742/0x1d00 [ 947.905253][T11882] ? __pfx_mmap_region+0x10/0x10 [ 947.905289][T11882] ? is_bpf_text_address+0x26/0x2b0 [ 947.905377][T11882] ? kstrtoull+0x12f/0x1d0 [ 947.905412][T11882] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 947.905432][T11882] ? __lock_acquire+0x6b6/0x2cf0 [ 947.905461][T11882] ? cap_mmap_addr+0xb0/0x100 [ 947.905485][T11882] ? bpf_lsm_mmap_addr+0x9/0x20 [ 947.905509][T11882] ? security_mmap_addr+0x71/0x270 [ 947.905538][T11882] do_mmap+0xc23/0x10c0 [ 947.905564][T11882] ? lockdep_hardirqs_on+0x7b/0x110 [ 947.905581][T11882] ? __pfx_do_mmap+0x10/0x10 [ 947.905600][T11882] ? rwbase_write_lock+0x56f/0x750 [ 947.905629][T11882] vm_mmap_pgoff+0x2a9/0x4d0 [ 947.905655][T11882] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 947.905673][T11882] ? ksys_write+0x230/0x260 [ 947.905698][T11882] ? __pfx_ksys_write+0x10/0x10 [ 947.905725][T11882] ? __x64_sys_mmap+0x7f/0x140 [ 947.905746][T11882] do_syscall_64+0xec/0xf80 [ 947.905762][T11882] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.905777][T11882] ? trace_irq_disable+0x37/0x100 [ 947.905795][T11882] ? clear_bhb_loop+0x60/0xb0 [ 947.905814][T11882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.905830][T11882] RIP: 0033:0x7f8cfa7af749 [ 947.905845][T11882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 947.905860][T11882] RSP: 002b:00007f8cf8a16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 947.905905][T11882] RAX: ffffffffffffffda RBX: 00007f8cfaa05fa0 RCX: 00007f8cfa7af749 [ 947.905922][T11882] RDX: 0000000002000006 RSI: 0000000000fbe000 RDI: 0000200000000000 [ 947.905938][T11882] RBP: 00007f8cf8a16090 R08: ffffffffffffffff R09: 00000000d0fb8000 [ 947.905963][T11882] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001 [ 947.905977][T11882] R13: 00007f8cfaa06038 R14: 00007f8cfaa05fa0 R15: 00007ffe8c8c6958 [ 947.906018][T11882] [ 949.714363][T11891] input: syz1 as /devices/virtual/input/input20 [ 950.152040][T11899] random: crng reseeded on system resumption [ 950.317446][ T38] kauditd_printk_skb: 11 callbacks suppressed [ 950.317492][ T38] audit: type=1326 audit(1766882941.747:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.317789][ T38] audit: type=1326 audit(1766882941.747:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.317923][ T38] audit: type=1326 audit(1766882941.747:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.318154][ T38] audit: type=1326 audit(1766882941.747:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.318364][ T38] audit: type=1326 audit(1766882941.747:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.318570][ T38] audit: type=1326 audit(1766882941.747:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.318785][ T38] audit: type=1326 audit(1766882941.747:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 950.318861][ T38] audit: type=1326 audit(1766882941.747:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11895 comm="syz.1.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab42e1f749 code=0x7ffc0000 [ 952.501210][ T5986] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 952.531342][ T6549] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 952.674297][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 952.674347][ T5986] usb 6-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 952.674374][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.678222][ T5986] usb 6-1: config 0 descriptor?? [ 952.681238][ T6549] usb 2-1: Using ep0 maxpacket: 16 [ 952.720427][ T6549] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 952.720460][ T6549] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 952.720483][ T6549] usb 2-1: Product: syz [ 952.720499][ T6549] usb 2-1: Manufacturer: syz [ 952.720516][ T6549] usb 2-1: SerialNumber: syz [ 952.784576][ T6549] usb 2-1: config 0 descriptor?? [ 952.789003][ T6549] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 953.039392][ T6549] ssu100 2-1:0.0: probe with driver ssu100 failed with error -32 [ 953.098385][ T5986] wacom 0003:056A:5000.000C: item fetching failed at offset 6/7 [ 953.098948][ T5986] wacom 0003:056A:5000.000C: parse failed [ 953.099025][ T5986] wacom 0003:056A:5000.000C: probe with driver wacom failed with error -22 [ 953.264637][ T38] audit: type=1804 audit(1766882944.667:192): pid=11932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.1783" name="file0" dev="ramfs" ino=37420 res=1 errno=0 [ 953.270254][T11932] FAULT_INJECTION: forcing a failure. [ 953.270254][T11932] name failslab, interval 1, probability 0, space 0, times 0 [ 953.270284][T11932] CPU: 0 UID: 0 PID: 11932 Comm: syz.6.1783 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 953.270306][T11932] Tainted: [L]=SOFTLOCKUP [ 953.270312][T11932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 953.270321][T11932] Call Trace: [ 953.270328][T11932] [ 953.270334][T11932] dump_stack_lvl+0xe8/0x150 [ 953.270361][T11932] should_fail_ex+0x46c/0x600 [ 953.270387][T11932] should_failslab+0xa8/0x100 [ 953.270428][T11932] __kmalloc_noprof+0xe0/0x7e0 [ 953.270452][T11932] ? __lock_acquire+0x6b6/0x2cf0 [ 953.270472][T11932] ? alloc_pipe_info+0x1fd/0x4d0 [ 953.270495][T11932] ? alloc_pipe_info+0xe9/0x4d0 [ 953.270521][T11932] alloc_pipe_info+0x1fd/0x4d0 [ 953.270546][T11932] splice_direct_to_actor+0xa6e/0xcd0 [ 953.270569][T11932] ? kstrtouint+0x6e/0xe0 [ 953.270591][T11932] ? get_pid_task+0x20/0x1f0 [ 953.270617][T11932] ? __pfx_direct_splice_actor+0x10/0x10 [ 953.270635][T11932] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 953.270662][T11932] do_splice_direct+0x187/0x270 [ 953.270682][T11932] ? __pfx_do_splice_direct+0x10/0x10 [ 953.270699][T11932] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 953.270724][T11932] ? rw_verify_area+0x25b/0x4e0 [ 953.270748][T11932] do_sendfile+0x4ec/0x7f0 [ 953.270764][T11932] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 953.270786][T11932] ? __pfx_do_sendfile+0x10/0x10 [ 953.270813][T11932] __se_sys_sendfile64+0x13e/0x190 [ 953.270831][T11932] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 953.270856][T11932] do_syscall_64+0xec/0xf80 [ 953.270871][T11932] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.270887][T11932] ? trace_irq_disable+0x37/0x100 [ 953.270904][T11932] ? clear_bhb_loop+0x60/0xb0 [ 953.270924][T11932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.270939][T11932] RIP: 0033:0x7f8cfa7af749 [ 953.270954][T11932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 953.270968][T11932] RSP: 002b:00007f8cf8a16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 953.270985][T11932] RAX: ffffffffffffffda RBX: 00007f8cfaa05fa0 RCX: 00007f8cfa7af749 [ 953.270997][T11932] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 953.271007][T11932] RBP: 00007f8cf8a16090 R08: 0000000000000000 R09: 0000000000000000 [ 953.271017][T11932] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 953.271027][T11932] R13: 00007f8cfaa06038 R14: 00007f8cfaa05fa0 R15: 00007ffe8c8c6958 [ 953.271083][T11932] [ 953.341255][ T5947] usb 6-1: USB disconnect, device number 31 [ 953.947290][T11942] input: syz1 as /devices/virtual/input/input21 [ 955.452153][ T5870] usb 2-1: USB disconnect, device number 37 [ 956.865280][T11972] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 956.865302][T11972] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 956.967008][T11972] vhci_hcd vhci_hcd.0: Device attached [ 956.968917][T11974] vhci_hcd: connection closed [ 957.031420][ T9744] vhci_hcd vhci_hcd.3: stop threads [ 957.034063][ T9744] vhci_hcd vhci_hcd.3: release socket [ 957.034207][ T9744] vhci_hcd vhci_hcd.3: disconnect device [ 959.488738][T11998] input: syz1 as /devices/virtual/input/input22 [ 963.865242][ T61] Bluetooth: hci2: command 0x0406 tx timeout [ 965.506128][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1810'. [ 970.221340][ T5933] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 971.935759][ T6549] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 972.089062][ T5933] usb 7-1: config 0 has an invalid interface number: 133 but max is 0 [ 972.089085][ T5933] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 972.089100][ T5933] usb 7-1: config 0 has no interface number 0 [ 972.089134][ T5933] usb 7-1: config 0 interface 133 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 4 [ 972.089155][ T5933] usb 7-1: config 0 interface 133 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 972.103578][ T6549] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 972.103600][ T6549] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 972.103614][ T6549] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 972.103635][ T6549] usb 4-1: config 220 has no interface number 2 [ 972.103687][ T6549] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 972.103708][ T6549] usb 4-1: config 220 interface 0 has no altsetting 0 [ 972.103722][ T6549] usb 4-1: config 220 interface 76 has no altsetting 0 [ 972.103736][ T6549] usb 4-1: config 220 interface 1 has no altsetting 0 [ 972.167821][ T6549] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 972.167845][ T6549] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 972.167861][ T6549] usb 4-1: Product: syz [ 972.167872][ T6549] usb 4-1: Manufacturer: syz [ 972.167883][ T6549] usb 4-1: SerialNumber: syz [ 972.267622][ T5933] usb 7-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e [ 972.267660][ T5933] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 972.267676][ T5933] usb 7-1: Product: syz [ 972.267686][ T5933] usb 7-1: Manufacturer: syz [ 972.267697][ T5933] usb 7-1: SerialNumber: syz [ 972.324952][ T5933] usb 7-1: config 0 descriptor?? [ 972.512671][T12076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 972.513100][T12076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 972.575654][ T6549] usb 4-1: selecting invalid altsetting 0 [ 972.605160][ T6549] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 972.605197][ T6549] uvcvideo 4-1:220.0: No valid video chain found. [ 972.616186][ T6549] usb 4-1: selecting invalid altsetting 0 [ 972.616226][ T6549] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 972.651765][ T5933] usb 7-1: probing VID:PID(0424:012C) [ 972.654940][ T5933] usb 7-1: vub300 testing UNKNOWN EndPoint(0) 0B [ 972.654966][ T5933] usb 7-1: vub300 ignoring EndPoint(0) 0B [ 972.654988][ T5933] usb 7-1: Could not find two sets of bulk-in/out endpoint pairs [ 972.655081][ T5933] vub300 7-1:0.133: probe with driver vub300 failed with error -22 [ 972.660769][ T6549] usb 4-1: USB disconnect, device number 54 [ 972.712656][ T5933] usb 7-1: USB disconnect, device number 6 [ 972.799519][T12091] configfs: Unknown parameter 'lowerdir' [ 973.032791][T11644] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 974.057538][T12099] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1832'. [ 974.333086][T11644] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 974.333117][T11644] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 974.334377][T11644] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 974.334416][T11644] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 974.334440][T11644] usb 3-1: SerialNumber: syz [ 976.700451][T12113] bond1: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 976.713901][T11644] usb 3-1: 0:2 : does not exist [ 976.808983][T12113] bond1 (unregistering): Released all slaves [ 976.812482][T11644] usb 3-1: USB disconnect, device number 37 [ 980.252603][ T5933] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 980.531884][T12144] random: crng reseeded on system resumption [ 981.558222][T12157] input: syz1 as /devices/virtual/input/input24 [ 986.891202][ T5933] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 987.041152][ T5933] usb 2-1: Using ep0 maxpacket: 32 [ 987.199525][ T5933] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 987.199591][ T5933] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 987.199624][ T5933] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 987.199656][ T5933] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 987.199701][ T5933] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 987.290159][ T5933] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 987.290183][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.290198][ T5933] usb 2-1: Product: syz [ 987.290209][ T5933] usb 2-1: Manufacturer: syz [ 987.290220][ T5933] usb 2-1: SerialNumber: syz [ 987.342945][ T5933] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90) [ 987.343067][ T5933] imon 2-1:155.0: unable to initialize intf0, err -90 [ 987.343084][ T5933] imon:imon_probe: failed to initialize context! [ 987.343099][ T5933] imon 2-1:155.0: unable to register, err -19 [ 987.477626][ T38] audit: type=1326 audit(1766882978.917:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12181 comm="syz.3.1857" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f84f97bf749 code=0x0 [ 990.271441][ T61] Bluetooth: hci4: command 0x1003 tx timeout [ 990.276857][ T5809] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 990.593329][ T8385] usb 2-1: USB disconnect, device number 38 [ 990.937973][T12218] FAULT_INJECTION: forcing a failure. [ 990.937973][T12218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 990.938014][T12218] CPU: 0 UID: 0 PID: 12218 Comm: syz.1.1865 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 990.938047][T12218] Tainted: [L]=SOFTLOCKUP [ 990.938056][T12218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 990.938070][T12218] Call Trace: [ 990.938080][T12218] [ 990.938090][T12218] dump_stack_lvl+0xe8/0x150 [ 990.938128][T12218] should_fail_ex+0x46c/0x600 [ 990.938167][T12218] _copy_from_user+0x2d/0xb0 [ 990.938191][T12218] copy_from_sockptr_offset+0x66/0xa0 [ 990.938230][T12218] tls_setsockopt+0xdc2/0x1600 [ 990.938274][T12218] ? __pfx_tls_setsockopt+0x10/0x10 [ 990.938319][T12218] ? __fget_files+0x2a/0x420 [ 990.938348][T12218] ? sock_common_setsockopt+0x36/0xc0 [ 990.938371][T12218] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 990.938396][T12218] do_sock_setsockopt+0x17c/0x1b0 [ 990.938430][T12218] __x64_sys_setsockopt+0x145/0x1b0 [ 990.938466][T12218] do_syscall_64+0xec/0xf80 [ 990.938489][T12218] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.938513][T12218] ? trace_irq_disable+0x37/0x100 [ 990.938539][T12218] ? clear_bhb_loop+0x60/0xb0 [ 990.938568][T12218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.938591][T12218] RIP: 0033:0x7fab42e1f749 [ 990.938612][T12218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 990.938644][T12218] RSP: 002b:00007fab41086038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 990.938676][T12218] RAX: ffffffffffffffda RBX: 00007fab43075fa0 RCX: 00007fab42e1f749 [ 990.938693][T12218] RDX: 0000000000000002 RSI: 000000000000011a RDI: 0000000000000003 [ 990.938708][T12218] RBP: 00007fab41086090 R08: 0000000000000028 R09: 0000000000000000 [ 990.938722][T12218] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 990.938737][T12218] R13: 00007fab43076038 R14: 00007fab43075fa0 R15: 00007fff505aa258 [ 990.938772][T12218] [ 994.918782][T12253] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1875'. [ 994.918816][T12253] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1875'. [ 995.134777][ T6451] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 995.201962][ T8385] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 995.284188][ T6451] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 995.284247][ T6451] usb 4-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 995.284363][ T6451] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 995.996400][ T8385] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 995.996446][ T8385] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 996.097383][ T6451] usb 4-1: config 0 descriptor?? [ 996.110911][ T8385] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 996.110950][ T8385] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.110965][ T8385] usb 7-1: Product: syz [ 996.110977][ T8385] usb 7-1: Manufacturer: syz [ 996.110988][ T8385] usb 7-1: SerialNumber: syz [ 996.123387][ T8385] usb 7-1: config 0 descriptor?? [ 996.127440][T12253] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 996.127579][T12253] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 996.395222][ T8385] dm9601 7-1:0.0: probe with driver dm9601 failed with error -71 [ 996.454272][ T8385] usb 7-1: USB disconnect, device number 7 [ 996.527257][ T6451] wacom 0003:056A:5000.000D: item fetching failed at offset 6/7 [ 996.527832][ T6451] wacom 0003:056A:5000.000D: parse failed [ 996.527914][ T6451] wacom 0003:056A:5000.000D: probe with driver wacom failed with error -22 [ 998.011221][ T6451] usb 4-1: USB disconnect, device number 55 [ 998.368083][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.368136][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1000.058800][T12288] FAULT_INJECTION: forcing a failure. [ 1000.058800][T12288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1000.058832][T12288] CPU: 0 UID: 0 PID: 12288 Comm: syz.5.1887 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1000.058882][T12288] Tainted: [L]=SOFTLOCKUP [ 1000.058889][T12288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1000.058900][T12288] Call Trace: [ 1000.058907][T12288] [ 1000.058915][T12288] dump_stack_lvl+0xe8/0x150 [ 1000.058941][T12288] should_fail_ex+0x46c/0x600 [ 1000.058972][T12288] _copy_from_user+0x2d/0xb0 [ 1000.058990][T12288] do_sock_getsockopt+0x15c/0x3d0 [ 1000.059013][T12288] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1000.059034][T12288] ? __fget_files+0x3a6/0x420 [ 1000.059052][T12288] ? __fget_files+0x2a/0x420 [ 1000.059075][T12288] __x64_sys_getsockopt+0x1ab/0x250 [ 1000.059101][T12288] do_syscall_64+0xec/0xf80 [ 1000.059118][T12288] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.059134][T12288] ? trace_irq_disable+0x37/0x100 [ 1000.059152][T12288] ? clear_bhb_loop+0x60/0xb0 [ 1000.059172][T12288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.059188][T12288] RIP: 0033:0x7f0acda9f749 [ 1000.059202][T12288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1000.059217][T12288] RSP: 002b:00007f0acbcfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1000.059235][T12288] RAX: ffffffffffffffda RBX: 00007f0acdcf5fa0 RCX: 00007f0acda9f749 [ 1000.059247][T12288] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 1000.059258][T12288] RBP: 00007f0acbcfe090 R08: 0000200000000100 R09: 0000000000000000 [ 1000.059269][T12288] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 1000.059280][T12288] R13: 00007f0acdcf6038 R14: 00007f0acdcf5fa0 R15: 00007fff60d30bc8 [ 1000.059305][T12288] [ 1006.390111][T12313] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1006.846924][T12313] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.524806][T12313] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.895424][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1013.931321][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1013.951248][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1013.953374][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1013.955221][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1014.097051][T12313] bridge0: port 3(netdevsim0) entered disabled state [ 1015.438512][T12313] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 1015.438560][T12313] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 1015.453603][T12313] bridge0: port 3(netdevsim0) entered disabled state [ 1015.635231][T12313] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1015.751382][T12366] netdevsim netdevsim3 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 1016.061334][ T61] Bluetooth: hci4: command tx timeout [ 1018.111356][ T61] Bluetooth: hci4: command tx timeout [ 1020.325485][ T61] Bluetooth: hci4: command tx timeout [ 1020.480804][ T9734] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1022.391168][ T61] Bluetooth: hci4: command tx timeout [ 1023.071289][ T9744] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.449789][ T5809] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1023.490877][ T5809] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1023.508774][ T5809] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1023.542131][ T5809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1023.543647][ T5809] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1023.641217][ T5947] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1023.684552][ T9734] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1023.800201][ T5947] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1023.800241][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1023.800264][ T5947] usb 4-1: Product: syz [ 1023.800280][ T5947] usb 4-1: Manufacturer: syz [ 1023.800296][ T5947] usb 4-1: SerialNumber: syz [ 1023.859193][ T37] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.045910][ T5947] net_ratelimit: 6 callbacks suppressed [ 1024.045941][ T5947] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 1024.046000][ T5947] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 1024.046031][ T5947] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1024.093502][ T5947] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 1024.113258][ T5947] usb 4-1: USB disconnect, device number 56 [ 1024.145578][ T9734] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1024.235611][T12346] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.408393][ T9734] bridge0: port 3(netdevsim0) entered disabled state [ 1024.528846][ T9734] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode [ 1024.551168][ T9734] bridge0: port 3(netdevsim0) entered disabled state [ 1024.625050][ T9734] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1024.717807][T12346] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1025.642533][T11841] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 1026.025889][ T5809] Bluetooth: hci1: command tx timeout [ 1026.042347][T11841] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1026.042385][T11841] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1026.042412][T11841] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1026.042521][T11841] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1026.042549][T11841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.133510][T11841] usb 7-1: config 0 descriptor?? [ 1026.239876][T12356] chnl_net:caif_netlink_parms(): no params data found [ 1026.638892][T11841] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1028.133563][ T5809] Bluetooth: hci1: command tx timeout [ 1028.135132][ T8013] usb 7-1: USB disconnect, device number 8 [ 1028.990081][T12356] bridge0: port 1(bridge_slave_0) entered blocking state [ 1028.990299][T12356] bridge0: port 1(bridge_slave_0) entered disabled state [ 1028.990513][T12356] bridge_slave_0: entered allmulticast mode [ 1029.212617][T12356] bridge_slave_0: entered promiscuous mode [ 1030.191516][ T5809] Bluetooth: hci1: command tx timeout [ 1031.236478][T12450] vhci_hcd vhci_hcd.0: failed to lookup sock [ 1031.479408][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888053af2800: rx timeout, send abort [ 1031.485386][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888053af2800: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session. [ 1032.551750][ T5809] Bluetooth: hci1: command tx timeout [ 1032.612224][T12356] bridge0: port 2(bridge_slave_1) entered blocking state [ 1032.612439][T12356] bridge0: port 2(bridge_slave_1) entered disabled state [ 1032.612700][T12356] bridge_slave_1: entered allmulticast mode [ 1032.629752][T12453] Invalid option length (65058) for dns_resolver key [ 1032.651526][T12356] bridge_slave_1: entered promiscuous mode [ 1032.974593][ T9734] bridge_slave_1: left allmulticast mode [ 1032.974617][ T9734] bridge_slave_1: left promiscuous mode [ 1032.974810][ T9734] bridge0: port 2(bridge_slave_1) entered disabled state [ 1033.011228][ T5944] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1033.481526][ T5944] usb 4-1: Using ep0 maxpacket: 16 [ 1033.958189][ T9734] bridge_slave_0: left allmulticast mode [ 1033.958229][ T9734] bridge_slave_0: left promiscuous mode [ 1033.986780][ T9734] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.987717][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1033.987752][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1033.987779][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1033.987829][ T5944] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1033.987855][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.065829][ T5944] usb 4-1: config 0 descriptor?? [ 1034.883665][ T5944] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000F/input/input25 [ 1034.909537][ T5944] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1035.062464][ T5944] usb 4-1: USB disconnect, device number 57 [ 1039.801468][ T8013] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1039.963495][ T8013] usb 4-1: config 0 has an invalid interface number: 53 but max is 0 [ 1039.963536][ T8013] usb 4-1: config 0 has no interface number 0 [ 1039.963573][ T8013] usb 4-1: config 0 interface 53 has no altsetting 0 [ 1039.963610][ T8013] usb 4-1: New USB device found, idVendor=04e2, idProduct=1422, bcdDevice=d3.78 [ 1039.963638][ T8013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.970140][ T8013] usb 4-1: config 0 descriptor?? [ 1040.259072][ T8013] usb 4-1: USB disconnect, device number 58 [ 1040.683007][ T9734] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1040.726809][ T9734] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1040.743885][ T9734] bond0 (unregistering): Released all slaves [ 1040.784683][T12490] lo speed is unknown, defaulting to 1000 [ 1041.173524][T12490] lo speed is unknown, defaulting to 1000 [ 1041.241172][ T8013] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1041.302635][T12490] lo speed is unknown, defaulting to 1000 [ 1041.492217][T12490] infiniband syz0: set active [ 1041.492233][T12490] infiniband syz0: added lo [ 1041.535458][T12490] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 1041.542101][ T8013] usb 4-1: Using ep0 maxpacket: 32 [ 1041.542472][T12490] infiniband syz0: Couldn't open port 1 [ 1041.544713][ T8013] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 1041.544756][ T8013] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1041.544800][ T8013] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1041.544829][ T8013] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1041.544858][ T8013] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1041.549725][ T8013] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1041.549756][ T8013] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1041.549780][ T8013] usb 4-1: Product: syz [ 1041.549798][ T8013] usb 4-1: Manufacturer: syz [ 1041.549816][ T8013] usb 4-1: SerialNumber: syz [ 1041.687662][ T8013] usb 4-1: config 0 descriptor?? [ 1041.691257][T12490] RDS/IB: syz0: added [ 1041.692918][T12490] smc: adding ib device syz0 with port count 1 [ 1041.693414][T12490] smc: ib device syz0 port 1 has no pnetid [ 1041.726671][ T8013] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1041.745939][T11841] lo speed is unknown, defaulting to 1000 [ 1041.750296][T12490] lo speed is unknown, defaulting to 1000 [ 1041.870573][ T8013] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1041.985986][T12490] lo speed is unknown, defaulting to 1000 [ 1042.200908][T12490] lo speed is unknown, defaulting to 1000 [ 1042.412548][T12490] lo speed is unknown, defaulting to 1000 [ 1042.886376][ T5883] lo speed is unknown, defaulting to 1000 [ 1042.898210][T12356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1042.900154][T12490] lo speed is unknown, defaulting to 1000 [ 1043.157100][T12490] lo speed is unknown, defaulting to 1000 [ 1043.367142][T12490] lo speed is unknown, defaulting to 1000 [ 1043.577737][T12490] lo speed is unknown, defaulting to 1000 [ 1043.852260][T12356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1044.000155][ T5944] usb 4-1: USB disconnect, device number 59 [ 1044.058856][ T5944] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 1044.558423][T12537] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1044.766340][T12356] team0: Port device team_slave_0 added [ 1044.777528][T12400] chnl_net:caif_netlink_parms(): no params data found [ 1044.895667][T12356] team0: Port device team_slave_1 added [ 1044.925043][ T5960] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1045.122144][ T5960] usb 6-1: Using ep0 maxpacket: 8 [ 1045.134085][ T5960] usb 6-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1045.134109][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1045.134125][ T5960] usb 6-1: Product: syz [ 1045.134141][ T5960] usb 6-1: Manufacturer: syz [ 1045.134153][ T5960] usb 6-1: SerialNumber: syz [ 1045.139249][ T5960] usb 6-1: config 0 descriptor?? [ 1045.158326][ T5960] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1046.217475][ T5960] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 1046.217578][ T5960] sq905 6-1:0.0: probe with driver sq905 failed with error -71 [ 1046.262256][ T5960] usb 6-1: USB disconnect, device number 33 [ 1046.394910][T12356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1046.394931][T12356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1046.394962][T12356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1046.552256][T12356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1046.552278][T12356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1046.552310][T12356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1046.986285][ T9734] hsr_slave_0: left promiscuous mode [ 1047.012337][ T9734] hsr_slave_1: left promiscuous mode [ 1047.013078][ T9734] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1047.013098][ T9734] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1047.044484][ T9734] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1047.044513][ T9734] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1047.205774][ T9734] veth1_macvtap: left promiscuous mode [ 1047.205886][ T9734] veth0_macvtap: left promiscuous mode [ 1047.207232][ T9734] veth1_vlan: left promiscuous mode [ 1047.207452][ T9734] veth0_vlan: left promiscuous mode [ 1048.211258][ T5960] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 1048.606737][ T5960] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1048.606770][ T5960] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1048.606832][ T5960] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1048.606859][ T5960] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.614035][ T5960] usb 7-1: config 0 descriptor?? [ 1048.619785][ T5960] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1048.619845][ T5960] dvb-usb: bulk message failed: -22 (3/0) [ 1048.627578][ T5960] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1048.629984][ T5960] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1048.630129][ T5960] usb 7-1: media controller created [ 1048.925615][ T5960] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1048.960228][ T5960] dvb-usb: bulk message failed: -22 (6/0) [ 1048.960318][ T5960] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1049.104304][ T5960] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input26 [ 1049.118656][ T5960] dvb-usb: schedule remote query interval to 150 msecs. [ 1049.118721][ T5960] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1049.279674][ T5960] dvb-usb: bulk message failed: -22 (1/0) [ 1049.279716][ T5960] dvb-usb: error while querying for an remote control event. [ 1049.323234][ T8385] usb 7-1: USB disconnect, device number 9 [ 1049.450958][ T8385] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1053.557161][ T9734] team0 (unregistering): Port device team_slave_1 removed [ 1053.912014][ T9734] team0 (unregistering): Port device team_slave_0 removed [ 1056.724726][T12569] syz_tun: entered allmulticast mode [ 1057.078815][T12400] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.080293][T12400] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.080602][T12400] bridge_slave_0: entered allmulticast mode [ 1057.083800][T12400] bridge_slave_0: entered promiscuous mode [ 1057.915801][T12356] hsr_slave_0: entered promiscuous mode [ 1057.916948][T12356] hsr_slave_1: entered promiscuous mode [ 1057.917718][T12356] debugfs: 'hsr0' already exists in 'hsr' [ 1057.917743][T12356] Cannot create hsr debugfs directory [ 1057.918177][T12400] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.918273][T12400] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.918453][T12400] bridge_slave_1: entered allmulticast mode [ 1057.974509][T12400] bridge_slave_1: entered promiscuous mode [ 1059.896696][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.898254][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.107005][ T5809] block nbd3: Receive control failed (result -32) [ 1060.384954][T12606] block nbd3: shutting down sockets [ 1061.810275][T12621] hpfs: hpfs_map_sector(): read error [ 1062.906611][T12400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1063.094916][T12400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1063.425531][T12635] ptrace attach of "./syz-executor exec"[5800] was attempted by "./syz-executor exec"[12635] [ 1063.544854][ T5809] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 1063.544886][ T5809] CPU: 0 UID: 0 PID: 5809 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1063.544909][ T5809] Tainted: [L]=SOFTLOCKUP [ 1063.544915][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1063.544926][ T5809] Workqueue: hci5 hci_rx_work [ 1063.544946][ T5809] Call Trace: [ 1063.544952][ T5809] [ 1063.544960][ T5809] dump_stack_lvl+0xe8/0x150 [ 1063.544985][ T5809] sysfs_create_dir_ns+0x259/0x280 [ 1063.545010][ T5809] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1063.545034][ T5809] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1063.545060][ T5809] ? rt_spin_unlock+0x161/0x200 [ 1063.545084][ T5809] kobject_add_internal+0x6b1/0xcd0 [ 1063.545109][ T5809] kobject_add+0x155/0x220 [ 1063.545130][ T5809] ? __pfx_kobject_add+0x10/0x10 [ 1063.545154][ T5809] ? get_device_parent+0x370/0x3a0 [ 1063.545175][ T5809] device_add+0x408/0xb80 [ 1063.545194][ T5809] hci_conn_add_sysfs+0xd5/0x210 [ 1063.545221][ T5809] le_conn_complete_evt+0xf1d/0x1420 [ 1063.545248][ T5809] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1063.545269][ T5809] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1063.545285][ T5809] ? lockdep_hardirqs_on+0x7b/0x110 [ 1063.545303][ T5809] ? skb_pull_data+0xfb/0x200 [ 1063.545329][ T5809] hci_le_enh_conn_complete_evt+0x189/0x4a0 [ 1063.545350][ T5809] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 1063.545373][ T5809] hci_event_packet+0x78f/0x1260 [ 1063.545400][ T5809] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1063.545421][ T5809] ? __pfx_hci_event_packet+0x10/0x10 [ 1063.545445][ T5809] ? rt_spin_unlock+0x150/0x200 [ 1063.545473][ T5809] ? hci_send_to_monitor+0xe2/0x590 [ 1063.545497][ T5809] hci_rx_work+0x3ee/0x1060 [ 1063.545517][ T5809] ? process_scheduled_works+0x9ef/0x1770 [ 1063.545538][ T5809] process_scheduled_works+0xad1/0x1770 [ 1063.545577][ T5809] ? __pfx_process_scheduled_works+0x10/0x10 [ 1063.545594][ T5809] ? do_raw_spin_lock+0x121/0x290 [ 1063.545624][ T5809] worker_thread+0x8a0/0xda0 [ 1063.545662][ T5809] kthread+0x711/0x8a0 [ 1063.545687][ T5809] ? __pfx_worker_thread+0x10/0x10 [ 1063.545705][ T5809] ? __pfx_kthread+0x10/0x10 [ 1063.545726][ T5809] ? rt_spin_unlock+0x150/0x200 [ 1063.545750][ T5809] ? rt_spin_unlock+0x161/0x200 [ 1063.545770][ T5809] ? __pfx_kthread+0x10/0x10 [ 1063.545793][ T5809] ret_from_fork+0x510/0xa50 [ 1063.545813][ T5809] ? __pfx_ret_from_fork+0x10/0x10 [ 1063.545828][ T5809] ? __switch_to+0xc9e/0x1480 [ 1063.545861][ T5809] ? __pfx_kthread+0x10/0x10 [ 1063.545885][ T5809] ret_from_fork_asm+0x1a/0x30 [ 1063.545922][ T5809] [ 1063.545942][ T5809] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1063.545973][ T5809] Bluetooth: hci5: failed to register connection device [ 1063.776234][ T5947] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 1063.943081][T12400] team0: Port device team_slave_0 added [ 1063.995246][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1063.995285][ T5947] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1063.995316][ T5947] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1063.995363][ T5947] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1063.995389][ T5947] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.004447][T12400] team0: Port device team_slave_1 added [ 1064.028379][ T5947] usb 7-1: config 0 descriptor?? [ 1064.667092][ T5947] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1064.783172][T12400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1064.783191][T12400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1064.783216][T12400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1065.181816][T12400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1065.181837][T12400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1065.181869][T12400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1065.245030][ T5891] usb 7-1: USB disconnect, device number 10 [ 1065.725754][T12400] hsr_slave_0: entered promiscuous mode [ 1065.735565][T12400] hsr_slave_1: entered promiscuous mode [ 1065.750199][T12400] debugfs: 'hsr0' already exists in 'hsr' [ 1065.750223][T12400] Cannot create hsr debugfs directory [ 1070.767634][T12356] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1071.024643][T12356] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1071.251229][T11644] usb 6-1: new full-speed USB device number 34 using dummy_hcd [ 1071.279404][T12356] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1071.355334][T12356] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1071.405970][T11644] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1071.406610][T11644] usb 6-1: not running at top speed; connect to a high speed hub [ 1071.412073][T11644] usb 6-1: config 5 has an invalid interface number: 246 but max is 0 [ 1071.412146][T11644] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 1071.412205][T11644] usb 6-1: config 5 has no interface number 0 [ 1071.412346][T11644] usb 6-1: config 5 interface 246 altsetting 4 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 1071.412427][T11644] usb 6-1: config 5 interface 246 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1071.412519][T11644] usb 6-1: config 5 interface 246 has no altsetting 0 [ 1071.497366][T11644] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4 [ 1071.497402][T11644] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1071.497425][T11644] usb 6-1: Product: syz [ 1071.497441][T11644] usb 6-1: Manufacturer: syz [ 1071.497458][T11644] usb 6-1: SerialNumber: syz [ 1071.541166][T11841] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 1071.726054][T11841] usb 7-1: config 0 interface 0 altsetting 251 has an invalid descriptor for endpoint zero, skipping [ 1071.726089][T11841] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1071.729145][T11841] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1071.729175][T11841] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1071.729200][T11841] usb 7-1: Product: syz [ 1071.729215][T11841] usb 7-1: Manufacturer: syz [ 1071.729231][T11841] usb 7-1: SerialNumber: syz [ 1071.734211][T11841] usb 7-1: config 0 descriptor?? [ 1071.897219][T11644] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1071.904275][T11644] usb 6-1: USB disconnect, device number 34 [ 1071.942779][T11841] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1071.945303][ T9756] usb 6-1: Failed to submit usb control message: -71 [ 1071.945339][ T9756] usb 6-1: unable to send the bmi data to the device: -71 [ 1071.945359][ T9756] usb 6-1: unable to get target info from device [ 1071.945377][ T9756] usb 6-1: could not get target info (-71) [ 1071.945484][ T9756] usb 6-1: could not probe fw (-71) [ 1072.036295][ T5891] usb 7-1: USB disconnect, device number 11 [ 1072.251748][T12400] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1072.289305][T12400] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1072.308476][T12400] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1072.352502][T12400] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1073.097016][T12356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1073.307115][T12356] 8021q: adding VLAN 0 to HW filter on device team0 [ 1073.616892][ T9734] bridge0: port 1(bridge_slave_0) entered blocking state [ 1073.643614][ T9734] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1074.286928][T12400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1074.390514][T12400] 8021q: adding VLAN 0 to HW filter on device team0 [ 1074.484620][ T9758] bridge0: port 1(bridge_slave_0) entered blocking state [ 1074.484838][ T9758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1074.545040][T12580] bridge0: port 2(bridge_slave_1) entered blocking state [ 1074.545160][T12580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1074.855808][ T5809] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1074.860787][ T5809] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1074.880329][ T5809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1074.910645][ T5809] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1074.927681][ T5809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1075.031303][T11504] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1075.060972][T12734] lo speed is unknown, defaulting to 1000 [ 1075.181241][T11504] usb 4-1: Using ep0 maxpacket: 8 [ 1075.193272][T11504] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1075.193334][T11504] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1075.193361][T11504] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1075.193389][T11504] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1075.193417][T11504] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1075.193460][T11504] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1075.193485][T11504] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.892020][T11504] usb 4-1: usb_control_msg returned -32 [ 1075.892128][T11504] usbtmc 4-1:16.0: can't read capabilities [ 1077.019589][ T61] Bluetooth: hci0: command tx timeout [ 1077.818958][ T6549] usb 4-1: USB disconnect, device number 60 [ 1079.131157][ T61] Bluetooth: hci0: command tx timeout [ 1079.217645][T12400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1080.391313][ T5891] usb 4-1: new full-speed USB device number 61 using dummy_hcd [ 1080.788588][T12783] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1080.788874][T12783] Error validating options; rc = [-22] [ 1080.810399][ T5891] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1080.810429][ T5891] usb 4-1: config 0 has no interfaces? [ 1080.833182][ T5891] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1080.833207][ T5891] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1080.833222][ T5891] usb 4-1: Manufacturer: syz [ 1080.837060][ T5891] usb 4-1: config 0 descriptor?? [ 1081.059991][ T6549] usb 4-1: USB disconnect, device number 61 [ 1081.151303][T11013] Bluetooth: hci0: command 0x040f tx timeout [ 1081.513323][ T5809] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1081.519514][ T5809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1081.541895][ T5809] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1081.543336][ T5809] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1081.544227][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1082.505896][T12803] 9pnet_virtio: no channels available for device syz [ 1082.555763][T12796] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.048290][T12811] overlayfs: overlapping lowerdir path [ 1083.500555][ T5809] Bluetooth: hci0: command 0x040f tx timeout [ 1083.553970][ T5809] Bluetooth: hci4: command tx timeout [ 1084.313251][T12825] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1084.313285][T12825] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 1084.313479][T12825] vhci_hcd vhci_hcd.0: Device attached [ 1084.484518][T12826] vhci_hcd: connection closed [ 1084.517314][ T9789] vhci_hcd vhci_hcd.3: stop threads [ 1084.517352][ T9789] vhci_hcd vhci_hcd.3: release socket [ 1084.519488][ T9789] vhci_hcd vhci_hcd.3: disconnect device [ 1085.348878][T12792] lo speed is unknown, defaulting to 1000 [ 1085.445145][T12825] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1085.445298][T12825] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1085.551159][ T5809] Bluetooth: hci0: command 0x040f tx timeout [ 1085.581289][T12825] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1085.587123][T12825] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1085.666824][ T5809] Bluetooth: hci4: command tx timeout [ 1085.783038][T12825] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1085.920067][T12825] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1085.938689][T12825] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1085.938841][T12825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1086.114045][T12825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1087.076947][T12825] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1087.077084][T12825] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1087.182559][T12825] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1087.204412][T12734] chnl_net:caif_netlink_parms(): no params data found [ 1087.471228][ T5809] Bluetooth: hci3: command 0x0406 tx timeout [ 1087.633983][ T5809] Bluetooth: hci5: command 0x0406 tx timeout [ 1087.983393][ T5809] Bluetooth: hci0: command 0x040f tx timeout [ 1087.983567][ T5809] Bluetooth: hci2: command 0x0c1a tx timeout [ 1088.215141][T12012] bridge_slave_1: left allmulticast mode [ 1088.215175][T12012] bridge_slave_1: left promiscuous mode [ 1088.229088][T12012] bridge0: port 2(bridge_slave_1) entered disabled state [ 1088.566658][T12848] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2046'. [ 1089.197286][T11013] Bluetooth: hci4: command 0x0419 tx timeout [ 1089.555110][T11013] Bluetooth: hci3: command 0x0406 tx timeout [ 1089.753801][T11013] Bluetooth: hci5: command 0x0406 tx timeout [ 1090.031304][T11013] Bluetooth: hci0: command 0x040f tx timeout [ 1090.093442][T12012] bridge_slave_0: left allmulticast mode [ 1090.093477][T12012] bridge_slave_0: left promiscuous mode [ 1090.094491][T12012] bridge0: port 1(bridge_slave_0) entered disabled state [ 1091.231231][T11013] Bluetooth: hci4: command 0x0419 tx timeout [ 1091.801629][T11013] Bluetooth: hci5: command 0x0406 tx timeout [ 1092.111330][T11013] Bluetooth: hci0: command 0x040f tx timeout [ 1093.311198][T11013] Bluetooth: hci4: command 0x0419 tx timeout [ 1093.391237][ T5933] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 1093.541249][ T5933] usb 4-1: Using ep0 maxpacket: 32 [ 1093.576399][ T5933] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 1093.576431][ T5933] usb 4-1: config 0 has no interface number 0 [ 1093.576510][ T5933] usb 4-1: config 0 interface 12 has no altsetting 0 [ 1093.579229][ T5933] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1093.579261][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.579285][ T5933] usb 4-1: Product: syz [ 1093.579302][ T5933] usb 4-1: Manufacturer: syz [ 1093.579320][ T5933] usb 4-1: SerialNumber: syz [ 1093.659696][ T5933] usb 4-1: config 0 descriptor?? [ 1093.914999][ T5933] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 1093.915044][ T5933] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 1093.915058][ T5933] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1093.915126][ T5933] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 1093.971628][ T5933] usb 4-1: USB disconnect, device number 62 [ 1095.561431][T11013] Bluetooth: hci4: command 0x0419 tx timeout [ 1099.054954][ T38] audit: type=1326 audit(1766883089.987:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055020][ T38] audit: type=1326 audit(1766883089.987:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055070][ T38] audit: type=1326 audit(1766883089.987:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055128][ T38] audit: type=1326 audit(1766883089.987:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055182][ T38] audit: type=1326 audit(1766883089.987:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055237][ T38] audit: type=1326 audit(1766883089.987:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055287][ T38] audit: type=1326 audit(1766883089.997:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055392][ T38] audit: type=1326 audit(1766883089.997:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055448][ T38] audit: type=1326 audit(1766883089.997:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.055494][ T38] audit: type=1326 audit(1766883089.997:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.6.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cfa7af749 code=0x7ffc0000 [ 1099.592350][T11013] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 1102.865211][T12012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1103.043897][T12012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1103.139166][T12012] bond0 (unregistering): Released all slaves [ 1103.864463][T12920] Invalid option length (65058) for dns_resolver key [ 1104.270573][T12734] bridge0: port 1(bridge_slave_0) entered blocking state [ 1104.270731][T12734] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.270945][T12734] bridge_slave_0: entered allmulticast mode [ 1104.332154][T12734] bridge_slave_0: entered promiscuous mode [ 1104.392625][T12734] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.392765][T12734] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.393029][T12734] bridge_slave_1: entered allmulticast mode [ 1104.434392][T12734] bridge_slave_1: entered promiscuous mode [ 1105.060103][T12928] smc: removing ib device syz0 [ 1105.423712][T12927] lo speed is unknown, defaulting to 1000 [ 1105.423807][T12927] lo speed is unknown, defaulting to 1000 [ 1105.431791][T12927] lo speed is unknown, defaulting to 1000 [ 1105.441322][T12927] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1105.454931][T12927] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1106.907589][T12928] ------------[ cut here ]------------ [ 1106.907609][T12928] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x4b/0x60, CPU#0: syz.3.2067/12928 [ 1106.907646][T12928] Modules linked in: [ 1106.907665][T12928] CPU: 0 UID: 0 PID: 12928 Comm: syz.3.2067 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1106.907689][T12928] Tainted: [L]=SOFTLOCKUP [ 1106.907695][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1106.907706][T12928] RIP: 0010:rxe_pool_cleanup+0x4b/0x60 [ 1106.907726][T12928] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 dd 78 23 fa 48 83 3b 00 75 0c e8 62 42 c1 f9 5b c3 cc cc cc cc cc e8 56 42 c1 f9 90 <0f> 0b 90 5b e9 cc e7 d6 02 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 1106.907741][T12928] RSP: 0018:ffffc900064ff040 EFLAGS: 00010246 [ 1106.907756][T12928] RAX: ffffffff87fe67ca RBX: ffff88806e5d15f8 RCX: 0000000000080000 [ 1106.907775][T12928] RDX: ffffc90011a85000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1106.907787][T12928] RBP: ffff88806e5d1268 R08: 0000000000000000 R09: 0000000000000000 [ 1106.907798][T12928] R10: dffffc0000000000 R11: ffffffff87fcaa40 R12: dffffc0000000000 [ 1106.907812][T12928] R13: dffffc0000000000 R14: ffffffff87fcaa40 R15: dffffc0000000000 [ 1106.907825][T12928] FS: 00007f84f75b96c0(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 1106.907841][T12928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1106.907853][T12928] CR2: 00007f84f75b8f98 CR3: 000000005b1e0000 CR4: 00000000003526f0 [ 1106.907868][T12928] Call Trace: [ 1106.907875][T12928] [ 1106.907883][T12928] rxe_dealloc+0x25/0xc0 [ 1106.907899][T12928] ib_dealloc_device+0x54/0x200 [ 1106.907925][T12928] __ib_unregister_device+0x393/0x3f0 [ 1106.907951][T12928] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 1106.907979][T12928] ib_unregister_device_and_put+0xb8/0xf0 [ 1106.908006][T12928] nldev_dellink+0x2d1/0x320 [ 1106.908030][T12928] ? __pfx_nldev_dellink+0x10/0x10 [ 1106.908113][T12928] ? rcu_is_watching+0x15/0xb0 [ 1106.908131][T12928] ? cap_capable+0x123/0x440 [ 1106.908155][T12928] ? safesetid_security_capable+0xa9/0x1a0 [ 1106.908181][T12928] ? bpf_lsm_capable+0x9/0x20 [ 1106.908199][T12928] ? security_capable+0x7e/0x2e0 [ 1106.908216][T12928] ? __pfx_nldev_dellink+0x10/0x10 [ 1106.908239][T12928] rdma_nl_rcv+0x6ae/0x980 [ 1106.908325][T12928] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 1106.908363][T12928] ? netlink_deliver_tap+0x2e/0x1b0 [ 1106.908393][T12928] netlink_unicast+0x846/0xa10 [ 1106.908420][T12928] ? __pfx_netlink_unicast+0x10/0x10 [ 1106.908440][T12928] ? __alloc_skb+0x198/0x3a0 [ 1106.908459][T12928] ? netlink_sendmsg+0x642/0xb30 [ 1106.908481][T12928] ? skb_put+0x11b/0x210 [ 1106.908503][T12928] netlink_sendmsg+0x805/0xb30 [ 1106.908534][T12928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1106.908563][T12928] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1106.908586][T12928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1106.908610][T12928] __sock_sendmsg+0x21c/0x270 [ 1106.908640][T12928] ____sys_sendmsg+0x508/0x810 [ 1106.908666][T12928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1106.908695][T12928] ? import_iovec+0x74/0xa0 [ 1106.908714][T12928] ___sys_sendmsg+0x21f/0x2a0 [ 1106.908738][T12928] ? __pfx____sys_sendmsg+0x10/0x10 [ 1106.908765][T12928] ? count_memcg_event_mm+0x21/0x260 [ 1106.908810][T12928] ? __fget_files+0x2a/0x420 [ 1106.908828][T12928] ? __fget_files+0x3a6/0x420 [ 1106.908854][T12928] __x64_sys_sendmsg+0x1a1/0x260 [ 1106.908877][T12928] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1106.908908][T12928] ? do_user_addr_fault+0xc85/0x1380 [ 1106.908936][T12928] do_syscall_64+0xec/0xf80 [ 1106.908954][T12928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.908971][T12928] ? trace_irq_disable+0x37/0x100 [ 1106.908989][T12928] ? clear_bhb_loop+0x60/0xb0 [ 1106.909010][T12928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.909026][T12928] RIP: 0033:0x7f84f97bf749 [ 1106.909043][T12928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.909057][T12928] RSP: 002b:00007f84f75b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1106.909074][T12928] RAX: ffffffffffffffda RBX: 00007f84f9a16270 RCX: 00007f84f97bf749 [ 1106.909087][T12928] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 1106.909098][T12928] RBP: 00007f84f9843f91 R08: 0000000000000000 R09: 0000000000000000 [ 1106.909109][T12928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.909120][T12928] R13: 00007f84f9a16308 R14: 00007f84f9a16270 R15: 00007ffc36fb30b8 [ 1106.909146][T12928] [ 1106.909163][T12928] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1106.909177][T12928] CPU: 0 UID: 0 PID: 12928 Comm: syz.3.2067 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1106.909200][T12928] Tainted: [L]=SOFTLOCKUP [ 1106.909207][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1106.909217][T12928] Call Trace: [ 1106.909223][T12928] [ 1106.909230][T12928] vpanic+0x1e0/0x670 [ 1106.909257][T12928] panic+0xb9/0xc0 [ 1106.909286][T12928] ? __pfx_panic+0x10/0x10 [ 1106.909323][T12928] __warn+0x317/0x4b0 [ 1106.909345][T12928] ? rxe_pool_cleanup+0x4b/0x60 [ 1106.909366][T12928] ? rxe_pool_cleanup+0x4b/0x60 [ 1106.909384][T12928] __report_bug+0x288/0x500 [ 1106.909410][T12928] ? lockdep_hardirqs_on+0x7b/0x110 [ 1106.909426][T12928] ? rxe_pool_cleanup+0x4b/0x60 [ 1106.909448][T12928] ? __pfx___report_bug+0x10/0x10 [ 1106.909482][T12928] ? __flush_workqueue+0x12be/0x14b0 [ 1106.909508][T12928] ? rxe_pool_cleanup+0x4b/0x60 [ 1106.909526][T12928] report_bug+0x16a/0x220 [ 1106.909552][T12928] ? rxe_pool_cleanup+0x4b/0x60 [ 1106.909569][T12928] ? rxe_pool_cleanup+0x4d/0x60 [ 1106.909586][T12928] handle_bug+0x98/0x200 [ 1106.909607][T12928] exc_invalid_op+0x1a/0x50 [ 1106.909626][T12928] asm_exc_invalid_op+0x1a/0x20 [ 1106.909641][T12928] RIP: 0010:rxe_pool_cleanup+0x4b/0x60 [ 1106.909659][T12928] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 dd 78 23 fa 48 83 3b 00 75 0c e8 62 42 c1 f9 5b c3 cc cc cc cc cc e8 56 42 c1 f9 90 <0f> 0b 90 5b e9 cc e7 d6 02 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 1106.909673][T12928] RSP: 0018:ffffc900064ff040 EFLAGS: 00010246 [ 1106.909687][T12928] RAX: ffffffff87fe67ca RBX: ffff88806e5d15f8 RCX: 0000000000080000 [ 1106.909700][T12928] RDX: ffffc90011a85000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1106.909711][T12928] RBP: ffff88806e5d1268 R08: 0000000000000000 R09: 0000000000000000 [ 1106.909723][T12928] R10: dffffc0000000000 R11: ffffffff87fcaa40 R12: dffffc0000000000 [ 1106.909735][T12928] R13: dffffc0000000000 R14: ffffffff87fcaa40 R15: dffffc0000000000 [ 1106.909749][T12928] ? __pfx_rxe_dealloc+0x10/0x10 [ 1106.909766][T12928] ? __pfx_rxe_dealloc+0x10/0x10 [ 1106.909782][T12928] ? rxe_pool_cleanup+0x4a/0x60 [ 1106.909805][T12928] rxe_dealloc+0x25/0xc0 [ 1106.909820][T12928] ib_dealloc_device+0x54/0x200 [ 1106.909844][T12928] __ib_unregister_device+0x393/0x3f0 [ 1106.909870][T12928] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 1106.909898][T12928] ib_unregister_device_and_put+0xb8/0xf0 [ 1106.909924][T12928] nldev_dellink+0x2d1/0x320 [ 1106.909947][T12928] ? __pfx_nldev_dellink+0x10/0x10 [ 1106.910030][T12928] ? rcu_is_watching+0x15/0xb0 [ 1106.910047][T12928] ? cap_capable+0x123/0x440 [ 1106.910069][T12928] ? safesetid_security_capable+0xa9/0x1a0 [ 1106.910095][T12928] ? bpf_lsm_capable+0x9/0x20 [ 1106.910111][T12928] ? security_capable+0x7e/0x2e0 [ 1106.910128][T12928] ? __pfx_nldev_dellink+0x10/0x10 [ 1106.910150][T12928] rdma_nl_rcv+0x6ae/0x980 [ 1106.910181][T12928] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 1106.910219][T12928] ? netlink_deliver_tap+0x2e/0x1b0 [ 1106.910248][T12928] netlink_unicast+0x846/0xa10 [ 1106.910279][T12928] ? __pfx_netlink_unicast+0x10/0x10 [ 1106.910298][T12928] ? __alloc_skb+0x198/0x3a0 [ 1106.910317][T12928] ? netlink_sendmsg+0x642/0xb30 [ 1106.910338][T12928] ? skb_put+0x11b/0x210 [ 1106.910361][T12928] netlink_sendmsg+0x805/0xb30 [ 1106.910391][T12928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1106.910420][T12928] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1106.910443][T12928] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1106.910467][T12928] __sock_sendmsg+0x21c/0x270 [ 1106.910495][T12928] ____sys_sendmsg+0x508/0x810 [ 1106.910521][T12928] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1106.910549][T12928] ? import_iovec+0x74/0xa0 [ 1106.910567][T12928] ___sys_sendmsg+0x21f/0x2a0 [ 1106.910591][T12928] ? __pfx____sys_sendmsg+0x10/0x10 [ 1106.910617][T12928] ? count_memcg_event_mm+0x21/0x260 [ 1106.910661][T12928] ? __fget_files+0x2a/0x420 [ 1106.910678][T12928] ? __fget_files+0x3a6/0x420 [ 1106.910704][T12928] __x64_sys_sendmsg+0x1a1/0x260 [ 1106.910728][T12928] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1106.910759][T12928] ? do_user_addr_fault+0xc85/0x1380 [ 1106.910786][T12928] do_syscall_64+0xec/0xf80 [ 1106.910802][T12928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.910819][T12928] ? trace_irq_disable+0x37/0x100 [ 1106.910837][T12928] ? clear_bhb_loop+0x60/0xb0 [ 1106.910857][T12928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.910874][T12928] RIP: 0033:0x7f84f97bf749 [ 1106.910887][T12928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.910901][T12928] RSP: 002b:00007f84f75b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1106.910917][T12928] RAX: ffffffffffffffda RBX: 00007f84f9a16270 RCX: 00007f84f97bf749 [ 1106.910930][T12928] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 1106.910941][T12928] RBP: 00007f84f9843f91 R08: 0000000000000000 R09: 0000000000000000 [ 1106.910951][T12928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.910961][T12928] R13: 00007f84f9a16308 R14: 00007f84f9a16270 R15: 00007ffc36fb30b8 [ 1106.911024][T12928] [ 1106.911648][T12928] Kernel Offset: disabled